Risk Based NIST Effectiveness Analysis for Cloud Security

Cloud computing has brought new innovations in the paradigm of IT industry through virtualization and by offering low price services on pay-as-per-use basis. Since the development of cloud computing, several issues like security, privacy, cost, load balancing, power consumption, scheduling algorithms are still under research also the advent of newer technologies announces new-fangled risks and vulnerabilities. Although the cloud has a very advanced structures and expansion of services, security and privacy concerns have been creating obstacles for the enterprise to entirely shift to the cloud. A Threat Agent is an attacker, intruder, employee that takes the benefits of the vulnerabilities and risks in the system. Failure to ensure appropriate security protection when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of cloud computing. There are different Information Security standards, governance and security frameworks, and guides to protect the organizations to protect from threat agents. In this research, cloud vulnerabilities and risks have been identified that can be exploited by the threat agent and mapped into renowned information security standard by National Institute of Standards and Technology NIST SP 800-53 Rev.3 to check whether the standard provides claim security to cloud users.

[1]  Ali Alharbi,et al.  Security Threats and Challenges in Cloud Computing , 2017, 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud).

[2]  Ali Reza Honarvar Developing an Elastic Cloud Computing Application through Multi-Agent Systems , 2013, Int. J. Cloud Appl. Comput..

[3]  Asish Aich,et al.  A Survey on Cloud Environment Security Risk and Remedy , 2015, 2015 International Conference on Computational Intelligence and Networks.

[4]  Zhang Min,et al.  Study on Cloud Computing Security , 2011 .

[5]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[6]  Kamal Dahbur,et al.  A survey of risks, threats and vulnerabilities in cloud computing , 2011, ISWSA '11.

[7]  Yong Yu,et al.  Cloud computing security and privacy: Standards and regulations , 2017, Comput. Stand. Interfaces.

[8]  Muhammad Imran Tariq Providing Assurance to Cloud Computing through ISO 27001 Certification: How Much Cloud is Secured After Implementing Information Security Standards , 2015 .

[9]  Farzad Sabahi,et al.  Cloud computing security threats and responses , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.