A Quantitative Methodology for Cloud Security Risk Assessment

被引:4
|
作者
Basu, Srijita [1 ]
Sengupta, Anirban [1 ]
Mazumdar, Chandan [2 ]
机构
[1] Jadavpur Univ, Ctr Distributed Comp, 188 Raja SC Mullick Rd, Kolkata, India
[2] Jadavpur Univ, Dept Comp Sci & Engn, 188 Raja SC Mullick Rd, Kolkata, India
来源
CLOSER: PROCEEDINGS OF THE 7TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING AND SERVICES SCIENCE | 2017年
关键词
Asset Dependency; Cloud Security; Cloud Service Provider; Risk Assessment; Security Concern;
D O I
10.5220/0006294401200131
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Assets of Cloud stakeholders (Service Providers, Consumers and Third Parties) are the essential elements required to carry out necessary functions / services of the cloud system. Assets usually contain vulnerabilities that may be exploited by threats to jeopardize the functioning of the cloud system. Therefore a proper risk assessment methodology is required to determine the asset-specific and stakeholder-specific risks so as to be able to control them. Existing methodologies fail to comprehensively evaluate various risk elements like asset value, vulnerabilities and threats. This paper is an attempt to quantitatively model all risk elements and devise a methodology to assess risks to assets and stakeholders of a cloud system.
引用
收藏
页码:92 / 103
页数:12
相关论文
共 50 条
  • [1] Methodology of quantitative risk assessment for information system security
    Lin, MQ
    Wang, QM
    Li, JH
    COMPUTATIONAL INTELLIGENCE AND SECURITY, PT 2, PROCEEDINGS, 2005, 3802 : 526 - 531
  • [2] Security and Risk Assessment in the Cloud
    Madria, Sanjay K.
    COMPUTER, 2016, 49 (09) : 110 - 113
  • [3] The Security Risk Assessment Methodology
    Liu, Chunlin
    Tan, Chong-Kuan
    Fang, Yea-Saen
    Lok, Tat-Seng
    INTERNATIONAL SYMPOSIUM ON SAFETY SCIENCE AND ENGINEERING IN CHINA, 2012, 2012, 43 : 600 - 609
  • [4] A Quantitative CVSS-Based Cyber Security Risk Assessment Methodology For IT Systems
    Aksu, M. Ugur
    Dilek, M. Hadi
    Tatli, E. Islam
    Bicakci, Kemal
    Dirik, H. Ibrahim
    Demirezen, M. Umut
    Aykir, Tayfun
    2017 INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST), 2017,
  • [5] Security Risk Assessment of Cloud Carrier
    Lenkala, Swetha Reddy
    Shetty, Sachin
    Xiong, Kaiqi
    PROCEEDINGS OF THE 2013 13TH IEEE/ACM INTERNATIONAL SYMPOSIUM ON CLUSTER, CLOUD AND GRID COMPUTING (CCGRID 2013), 2013, : 442 - 449
  • [6] The methodology of quantitative risk assessment studies
    Rigaud, Maxime
    Buekers, Jurgen
    Bessems, Jos
    Basagana, Xavier
    Mathy, Sandrine
    Nieuwenhuijsen, Mark
    Slama, Remy
    ENVIRONMENTAL HEALTH, 2024, 23 (01)
  • [7] The methodology of quantitative risk assessment studies
    Maxime Rigaud
    Jurgen Buekers
    Jos Bessems
    Xavier Basagaña
    Sandrine Mathy
    Mark Nieuwenhuijsen
    Rémy Slama
    Environmental Health, 23
  • [8] Security Risk Assessment-based Cloud Migration Methodology for Smart Grid OT Services
    Jelacic, Bojan
    Lendak, Imre
    Stoja, Sebastijan
    Stanojevic, Marina
    Rosic, Daniela
    ACTA POLYTECHNICA HUNGARICA, 2020, 17 (05) : 113 - 134
  • [9] A Continuous Risk Assessment Methodology for Cloud Infrastructures
    Kunz, Immanuel
    Schneider, Angelika
    Banse, Christian
    2022 22ND IEEE/ACM INTERNATIONAL SYMPOSIUM ON CLUSTER, CLOUD AND INTERNET COMPUTING (CCGRID 2022), 2022, : 1042 - 1051
  • [10] A research for cloud computing security risk assessment
    Tang H.
    Yang J.
    Wang X.
    Zhou Q.
    Open Cybernetics and Systemics Journal, 2016, 10 : 210 - 217
12345