Traditional Security Risk Assessment Methods in Cloud Computing Environment: Usability Analysis

The term “Cloud Computing” has become very common in our daily life. Cloud computing has emerged with promises to decrease the cost of computing implementation and deliver the computing as service, where the clients pay only for what he needed and used. However, due to the new structure of the cloud computing model, several security concerns have been raised and many other security threats have been needed to be reevaluated according to the cloud structure. Besides, the traditional security risk assessment methods become unfit for cloud computing model due to its new distinguished characteristics. In this paper, we analysis the traditional information security risk assessment methods’ ability to assess the security risks in cloud computing environments.

[1]  C. Hou,et al.  What’s New? , 1991, EcoHealth.

[2]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[3]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[4]  Nirwan Ansari,et al.  Anti-virus in-the-cloud service: are we ready for the security evolution? , 2012, Secur. Commun. Networks.

[5]  Soo-Hyun Park,et al.  Modeling and Simulation for Security Risk Propagation in Critical Information Systems , 2006, CIS.

[6]  Karim Djemame,et al.  A Risk Assessment Framework and Software Toolkit for Cloud Service Ecosystems , 2011, CLOUD 2011.

[7]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[8]  Duncan S. Wong,et al.  Secure Mobile User Authentication and Key Agreement Protocol with Privacy Protection in Global Mobility Networks , 2013, 2013 International Symposium on Biometrics and Security Technologies.

[9]  John Grundy,et al.  TOSSMA: A Tenant-Oriented SaaS Security Management Architecture , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[10]  Ibrahim Sogukpinar,et al.  ISRAM: information security risk analysis method , 2005, Comput. Secur..

[11]  Nur Izura Udzir,et al.  Hierarchical secure virtualization model for cloud , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[12]  Ben Walters,et al.  QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[13]  Bo Gao,et al.  A Framework for Native Multi-Tenancy Application Development and Management , 2007, The 9th IEEE International Conference on E-Commerce Technology and The 4th IEEE International Conference on Enterprise Computing, E-Commerce and E-Services (CEC-EEE 2007).

[14]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[15]  Daniel E. Geer,et al.  Information security is information risk management , 2001, NSPW '01.

[16]  Adil M. Hammadi,et al.  A Framework for SLA Assurance in Cloud Computing , 2012, 2012 26th International Conference on Advanced Information Networking and Applications Workshops.

[17]  Lin Yang,et al.  Virtualization Security Risks and Solutions of Cloud Computing via Divide-Conquer Strategy , 2011, 2011 Third International Conference on Multimedia Information Networking and Security.

[18]  Young-Koo Lee,et al.  Multi-Tenant, Secure, Load Disseminated SaaS Architecture , 2010, 2010 The 12th International Conference on Advanced Communication Technology (ICACT).

[19]  Xuejie Zhang,et al.  Information Security Risk Management Framework for the Cloud Computing Environments , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[20]  Liu Dong,et al.  The New Risk Assessment Model for Information System in Cloud Computing Environment , 2011 .

[21]  J. R. Vic Winkler Securing the Cloud: Cloud Computer Security Techniques and Tactics , 2011 .

[22]  Yen-Chieh Ouyang,et al.  Secure data transmission with cloud computing in heterogeneous wireless networks , 2012, Secur. Commun. Networks.

[23]  Daniele Catteddu,et al.  Cloud Computing: Benefits, Risks and Recommendations for Information Security , 2009 .

[24]  Hiroyuki Sato,et al.  Risk Management on the Security Problem in Cloud Computing , 2011, 2011 First ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering.

[25]  A B M Shawkat Ali,et al.  Classifying different denial-of-service attacks in cloud computing using rule-based learning , 2012, Secur. Commun. Networks.

[26]  Katina Michael Securing the Cloud: Cloud Computer Security Techniques and Tactics , 2012, Comput. Secur..

[27]  Stuart E. Schechter Toward econometric models of the security risk from remote attacks , 2005, IEEE Security & Privacy.

[28]  GeorgeA. Silver Switzerland , 1989, The Lancet.

[29]  Youakim Badr,et al.  Security And Risk Management in Supply Chains , 2007 .

[30]  Thomas Peltier,et al.  Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[31]  A. Volokyta,et al.  Secure virtualization in cloud computing , 2012, Proceedings of International Conference on Modern Problem of Radio Engineering, Telecommunications and Computer Science.

[32]  Ganthan Narayana Samy,et al.  Adopting and Adapting Medical Approach in Risk Management Process for Analysing Information Security Risk , 2012 .

[33]  Gang Zhao Holistic framework of security management for cloud service providers , 2012, IEEE 10th International Conference on Industrial Informatics.

[34]  Jordi Guitart,et al.  Business-driven management of infrastructure-level risks in Cloud providers , 2014, Future Gener. Comput. Syst..

[35]  Ke Zhang,et al.  An End-to-End Methodology and Toolkit for Fine Granularity SaaS-ization , 2009, 2009 IEEE International Conference on Cloud Computing.

[36]  Mario Macías,et al.  Toward business-driven risk management for Cloud computing , 2010, 2010 International Conference on Network and Service Management.

[37]  Wang Bin,et al.  Open Identity Management Framework for SaaS Ecosystem , 2009, 2009 IEEE International Conference on e-Business Engineering.

[38]  Ronald L. Krutz,et al.  Cloud Security: A Comprehensive Guide to Secure Cloud Computing , 2010 .

[39]  Judith Hurwitz,et al.  Cloud Computing for Dummies , 2009 .

[40]  Jean-Henry Morin,et al.  Towards Cloud Computing SLA Risk Management: Issues and Challenges , 2012, 2012 45th Hawaii International Conference on System Sciences.

[41]  Anthony D. Miyazaki,et al.  Consumer Perceptions of Privacy and Security Risks for Online Shopping , 2001 .

[42]  Ning Wang,et al.  A Transparent Approach of Enabling SaaS Multi-tenancy in the Cloud , 2010, 2010 6th World Congress on Services.

[43]  Jong Hyuk Park,et al.  A Virtualization Security Framework for Public Cloud Computing , 2012 .

[44]  S. Sharma Embedded Systems -- A Security Paradigm for Pervasive Computing , 2013, 2013 International Conference on Communication Systems and Network Technologies.

[45]  Amani S. Ibrahim,et al.  Collaboration-Based Cloud Computing Security Management Framework , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[46]  Erland Jonsson,et al.  A Cause and Effect Approach towards Risk Analysis , 2011, 2011 Third International Workshop on Security Measurements and Metrics.