A Risk Assessment Study: Encircling Docker Container Assets on IaaS Cloud Computing Topology

The articulate utilization of docker container assets in Cloud Computing is one strategic pivotal aspect of the underlying rationale for customers to conjecture on their ventures. It can be standardized under the organization's viewpoints toward its purposes and objectives, given the facilities provided by a cloud service provider. IaaS (Infrastructure-as-a-Service) topology offers many opportunities, including serverless capability in a docker container through software abstraction, and magnifying customization. Techniques such as intensifying the quality of streamlined services, and uplifts productivity, become sufficient evidence of underlying equal responsibilities between provider and customer, which need to be evaluated its risks periodically to improve the resilience of containerized objects. This study contributes alternate insight concerning risk assessment methodology in a docker container environment to mitigate the risk rating and propose risk treatment recommendations for cloud providers and customers. To grasp unified security perception in analyzing assets, threats, and vulnerabilities, harnessing several methods and international standards such as the Analytical Hierarchy process, Partial Dependency, ISO 27K Family, MITRE ATT&CK, EBIOS Risk Manager, and NIST 800-30. The experiment uses a real-world threat group from MITRE ATT&CK called TeamTNT.