Risk Assessment for Cloud Computing

Sivasubramanian, Yogeshwaran; Ahmed, Syed Zubair; Mishra, Ved Prakash

doi:10.24178/irjece.2017.3.2.07

Cited by 8 publications

(6 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Also, with 1.8 billion vulnerable open source components downloaded in 2015 and at least 26% of the most common open-source component having high-risk vulnerabilities, the risks of multicloud systems would seem to be on an ever-increasing trajectory. In an attempt to address the challenges of assessing cloud risks, numerous scholars have developed conceptual models [7][8][9][10][11]. While some of these studies have concentrated on cloud adoption risk assessment, others have followed the traditional route to security risk assessment, adapting the traditional risk frameworks, for example, ISO/IEC 27005, ISO/IEC 31000 and NIST 800-30v1.…”

Section: Introductionmentioning

confidence: 99%

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

2019

View full text Add to dashboard Cite

Security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. While cloud adoption mitigates some of the existing information technology (IT) risks, research shows that it introduces a new set of security risks linked to multi-tenancy, supply chain and system complexity. Assessing and managing cloud risks can be a challenge, even for cloud service providers (CSPs), due to the increased numbers of parties, devices and applications involved in cloud service delivery. The limited visibility of security controls down the supply chain, further exacerbates this risk assessment challenge. As such, we propose the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by supplier security posture assessment and supply chain mapping. Using the CSCCRA model, we assess the risk of a SaaS application, mapping its supply chain, identifying weak links in the chain, evaluating its security risks and presenting the risk value in monetary terms (£), with this, promoting cost-effective risk mitigation and optimal risk prioritisation. We later apply the Core Unified Risk Framework (CURF) in comparing the CSCCRA model with already established methods, as part of evaluating its completeness.

show abstract

Section: Introductionmentioning

confidence: 99%

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

2019

View full text Add to dashboard Cite

show abstract

“…QUIRC defines risk as a product of the Probability (P e) of a security compromise, i.e. a threat event, e, occurring, and its potential Impact Ie, where Ie is assigned a value on a numerical scale based on the Federal Information Processing Standards (FIPS) model [73] of Low (1-5), Moderate (6-10) or High (11)(12)(13)(14)(15). The calculation of the risk of an application based on a single security objective is represented by Rs, which is the average over the cumulative weighted sum of n threats which map to a particular SO category.…”

Section: Quircmentioning

confidence: 99%

“…The work of Fito et al [43] stands out as another suitable alternative, except for their concentration on business level objectives and the lack of emphasis on security risks in the application of the SEmi-quantitative BLO-driven Cloud Risk Assessment (SEBCRA) model in a CSP environment. Some of the excluded papers did not give a practical example of the model's application [50,51], while others did not explicitly consider the supply chain [10,11] in their risk assessment process.…”

Section: Reflecting On Current Modelsmentioning

confidence: 99%

“…In multicloud systems (MCS), where cloud architectures use services from more than one cloud service provider (CSP), the challenge of risk assessment is evident. While many of the recent research efforts (e.g., Busby et al [7], Cayirci et al [8], and Islam et al [9]) have concentrated on cloud adoption risk assessment, others (e.g., Sendi & Cheriet [10] and Sivasubramanian et al [11]) have followed the traditional route to security risk assessment, concentrating on the focal organisation, their critical assets, threats, and likelihood of impact, without paying attention to the supplier network nor fully understanding its interrelated consequences. This problem has also been highlighted and evidenced in the works of Johnson [12], Bartol [13], Boyens et al [14], Lewis et al [15] and Motta et al [16].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cyber risk assessment in cloud provider environments: Current models and future needs

Akinrolabu

Nurse

Martin

et al. 2019

Computers & Security

View full text Add to dashboard Cite

show abstract

“…Numerous scholars have developed conceptual models [6], [7], [17] to assess cloud risk. While some of these have concentrated on cloud adoption risk assessment, others have followed the traditional route to security assessment, adapting the traditional frameworks, e.g.…”

Section: Background and Related Workmentioning

confidence: 99%

Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study

Akinrolabu

New

Martin

2019

2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference

View full text Add to dashboard Cite

Cloud computing is widely believed to be the future of computing. It has grown from being a promising idea to one of the fastest research and development paradigms of the computing industry. However, security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. Likewise, the attributes of the cloud such as multi-tenancy, dynamic supply chain, limited visibility of security controls and system complexity, have exacerbated the challenge of assessing cloud risks. In this paper, we conduct a real-world case study to validate the use of a supply chaininclusive risk assessment model in assessing the risks of a multicloud SaaS application. Using the components of the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, we show how the model enables cloud service providers (CSPs) to identify critical suppliers, map their supply chain, identify weak security spots within the chain, and analyse the risk of the SaaS application, while also presenting the value of the risk in monetary terms. A key novelty of the CSCCRA model is that it caters for the complexities involved in the delivery of SaaS applications and adapts to the dynamic nature of the cloud, enabling CSPs to conduct risk assessments at a higher frequency, in response to a change in the supply chain.

show abstract

Risk Assessment for Cloud Computing

Cited by 8 publications

References 1 publication

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

Cyber risk assessment in cloud provider environments: Current models and future needs

Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study

Contact Info

Product

Resources

About