Security risk assessment framework for cloud computing environments

Cloud computing has become today's most common technology buzzword. Despite the promises of cloud computing to decrease computing implementation costs and deliver computing as a service, which allows clients to pay only for what they need and use, cloud computing also raises many security concerns. Most popular risk assessment standards, such as ISO27005, NIST SP800-30, and AS/NZS 4360, assume that an organization's assets are fully managed by the organization itself and that all security management processes are imposed by the organization. These assumptions, however, do not apply to cloud computing environments. Hence, this paper proposes a security risk assessment framework that can enable cloud service providers to assess security risks in the cloud computing environment and allow cloud clients to contribute in risk assessment. The proposed framework provides a more realistic and accurate risk assessment outcome by considering the cloud clients' evaluation of security risk factors and avoiding the complexity that can result from the involvement of clients in whole risk assessment process. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Mario Macías,et al.  Toward business-driven risk management for Cloud computing , 2010, 2010 International Conference on Network and Service Management.

[2]  Adil M. Hammadi,et al.  A Framework for SLA Assurance in Cloud Computing , 2012, 2012 26th International Conference on Advanced Information Networking and Applications Workshops.

[3]  Jong Hyuk Park,et al.  A Virtualization Security Framework for Public Cloud Computing , 2012 .

[4]  Jean-Henry Morin,et al.  Towards Cloud Computing SLA Risk Management: Issues and Challenges , 2012, 2012 45th Hawaii International Conference on System Sciences.

[5]  Karim Djemame,et al.  A Risk Assessment Framework and Software Toolkit for Cloud Service Ecosystems , 2011, CLOUD 2011.

[6]  D. M. Hutton,et al.  Securing the Cloud: Cloud Computer Security Techniques and Tactics , 2012 .

[7]  Yen-Chieh Ouyang,et al.  Secure data transmission with cloud computing in heterogeneous wireless networks , 2012, Secur. Commun. Networks.

[8]  Nur Izura Udzir,et al.  Hierarchical secure virtualization model for cloud , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[9]  Amani S. Ibrahim,et al.  Collaboration-Based Cloud Computing Security Management Framework , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[10]  Daniele Catteddu,et al.  Cloud Computing: Benefits, Risks and Recommendations for Information Security , 2009 .

[11]  P. Mell,et al.  SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[12]  Wang Bin,et al.  Open Identity Management Framework for SaaS Ecosystem , 2009, 2009 IEEE International Conference on e-Business Engineering.

[13]  Douglas J. Landoll,et al.  The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments , 2005 .

[14]  Nirwan Ansari,et al.  Anti-virus in-the-cloud service: are we ready for the security evolution? , 2012, Secur. Commun. Networks.

[15]  A B M Shawkat Ali,et al.  Classifying different denial-of-service attacks in cloud computing using rule-based learning , 2012, Secur. Commun. Networks.

[16]  Gang Zhao Holistic framework of security management for cloud service providers , 2012, IEEE 10th International Conference on Industrial Informatics.

[17]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[18]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[19]  Roberto Di Pietro,et al.  Secure virtualization for cloud computing , 2011, J. Netw. Comput. Appl..

[20]  Frank Gens,et al.  Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[21]  J. R. Vic Winkler Securing the Cloud: Cloud Computer Security Techniques and Tactics , 2011 .

[22]  Xuejie Zhang,et al.  Information Security Risk Management Framework for the Cloud Computing Environments , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[23]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[24]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[25]  Liu Dong,et al.  The New Risk Assessment Model for Information System in Cloud Computing Environment , 2011 .

[26]  Lin Yang,et al.  Virtualization Security Risks and Solutions of Cloud Computing via Divide-Conquer Strategy , 2011, 2011 Third International Conference on Multimedia Information Networking and Security.

[27]  Hiroyuki Sato,et al.  Risk Management on the Security Problem in Cloud Computing , 2011, 2011 First ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering.

[28]  Ben Walters,et al.  QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[29]  Jordi Guitart,et al.  Business-driven management of infrastructure-level risks in Cloud providers , 2014, Future Gener. Comput. Syst..