Towards Information Security Metrics Framework for Cloud Computing

Cloud computing has recently emerged as new computing paradigm which basically aims to provide customized, reliable, dynamic services over the internet.  Cost and security are influential issues to deploy cloud computing in large enterprise.  Privacy and security are very important issues in terms of user trust and legal compliance. Information Security (IS) metrics are best tool used to measure the efficiency, performance, effectiveness and impact of the security constraints. It is very hard issue to get maximum benefits from Information security metrics in cloud computing. The aim of this paper is to discuss security issues of cloud computing, and propose basic building blocks of information security metrics framework for cloud computing. This framework helps cloud users to create information security metrics, analyze cloud threats, processing on cloud threats to mitigate them and threat assessment

[1]  Rayford B. Vaughn,et al.  Information assurance measures and metrics - state of practice and proposed taxonomy , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[2]  Harit Shah,et al.  Security Issues on Cloud Computing , 2013, ArXiv.

[3]  Hassan Zaki,et al.  SECURITY ISSUES IN CLOUD COMPUTING AND COUNTERMEASURES , 2011 .

[4]  Pardeep Kumar,et al.  Effective Ways of Secure, Private and Trusted Cloud Computing , 2011, ArXiv.

[5]  John C. Grundy,et al.  An Analysis of the Cloud Computing Security Problem , 2016, APSEC 2010.

[6]  Ioannis Lambadaris,et al.  Current Trends and Advances in Information Assurance Metrics , 2004, Conference on Privacy, Security and Trust.

[7]  Reijo Savola,et al.  Towards a Security Metrics Taxonomy for the Information and Communication Technology Industry , 2007, International Conference on Software Engineering Advances (ICSEA 2007).

[8]  Joel Rosenblatt Security Metrics: A Solution in Search of a Problem , 2008 .

[9]  Krishnaveer Abhishek Challa Cloud Computing Security Issues with Possible Solutions , 2012 .

[10]  John T. Michalski,et al.  Cyber Threat Metrics , 2012 .

[11]  Simon N. Foley,et al.  Management of security policy configuration using a Semantic Threat Graph approach , 2011, J. Comput. Secur..

[12]  Christopher J. Alberts,et al.  Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0 , 1999 .

[13]  Reijo Savola A Security Metrics Taxonomization Model for Software-Intensive Systems , 2009, J. Inf. Process. Syst..

[14]  Shirley C. Payne,et al.  A Guide to Security Metrics , 2007 .

[15]  Melanie Viljoen A framework towards effective control in information security governance , 2009 .

[16]  Dalia Attas,et al.  Efficient Integrity Checking Technique for Securing Client Data in Cloud Computing , 2011 .

[17]  Kevin M. Stine,et al.  Performance Measurement Guide for Information Security , 2008 .

[18]  Neeraj Suri,et al.  A security metrics framework for the Cloud , 2011, Proceedings of the International Conference on Security and Cryptography.

[19]  Sam Supakkul,et al.  Security threat modeling and analysis: A goal-oriented approach , 2006, ICSE 2006.

[20]  Mario Macías,et al.  Resource-Level QoS Metric for CPU-Based Guarantees in Cloud Providers , 2010, GECON.

[21]  Aderemi A. Atayero,et al.  Security Issues in Cloud Computing: The Potentials of Homomorphic Encryption , 2011 .

[22]  Shinsaku Kiyomoto,et al.  Towards Secure Cloud Computing Architecture - A Solution Based on Software Protection Mechanism , 2011, J. Internet Serv. Inf. Secur..

[23]  Stewart Kowalski,et al.  Information Security Metrics: State of the Art : State of the art , 2011 .

[24]  Syed M. Rahman,et al.  An Overview of the Security Concerns in Enterprise Cloud Computing , 2011, ArXiv.

[25]  Miles A. McQueen,et al.  Ideal Based Cyber Security Technical Metrics for Control Systems , 2007, CRITIS.

[26]  J. Patrick Ravenel Effective Operational Security Metrics , 2006, Inf. Secur. J. A Glob. Perspect..

[27]  Bhavani Shankar,et al.  Study of security issues in cloud computing , 2011 .