论文信息 - Threat Modeling the Cloud Computing, Mobile Device Toting, Consumerized Enterprise - an overview of considerations

Threat Modeling the Cloud Computing, Mobile Device Toting, Consumerized Enterprise - an overview of considerations

A megatrend triad comprised of cloud computing, converged mobile devices, and consumerization presents complex challenges to organizations trying to identify, assess, and mitigate risk. Cloud computing offers elastic just-in-time services without infrastructure overhead. However, visibility and control are compromised. Converged mobile devices offer integrated computing power and connectivity. However, end point control and security are compromised. Consumerization offers productivity gains and reduction in support costs. However, end point control and the organization’s perimeter are compromised. This paper presents an overview of considerations for organizations impacted by the megatrend triad and, subsequently, shows how threat modeling techniques can be used to identify, assess, and mitigate the attendant risks.

Jeffrey A. Ingalsbe | Nancy R. Mead | Daniel Shoemaker | D. Shoemaker | N. Mead

[1] Frank Swiderski,et al. Threat Modeling , 2018, Hacking Connected Cars.

[2] Marianne M. Swanson,et al. Recommended Security Controls for Federal Information Systems , 2005 .

[3] Jeffrey A. Ingalsbe,et al. Threat Modeling: Diving into the Deep End , 2008, IEEE Software.

[4] Roger Clarke,et al. Privacy and consumer risks in cloud computing , 2010, Comput. Law Secur. Rev..