A risk assessment model for selecting cloud service providers

The Cloud Adoption Risk Assessment Model is designed to help cloud customers in assessing the risks that they face by selecting a specific cloud service provider. It evaluates background information obtained from cloud customers and cloud service providers to analyze various risk scenarios. This facilitates decision making an selecting the cloud service provider with the most preferable risk profile based on aggregated risks to security, privacy, and service delivery. Based on this model we developed a prototype using machine learning to automatically analyze the risks of representative cloud service providers from the Cloud Security Alliance Security, Trust & Assurance Registry.

[1]  Max Mühlhäuser,et al.  A Trust-Aware Framework for Evaluating Security Controls of Service Providers in Cloud Marketplaces , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[2]  S. Kaplan,et al.  On The Quantitative Definition of Risk , 1981 .

[3]  John A. Sokolowski,et al.  Probabilistic Risk Analysis and Terrorism Risk , 2010, Risk analysis : an official publication of the Society for Risk Analysis.

[4]  Max Mühlhäuser,et al.  Towards a Trust Management System for Cloud Computing , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[5]  Neeraj Suri,et al.  Benchmarking cloud security level agreements using quantitative policy trees , 2012, CCSW '12.

[6]  Neeraj Suri,et al.  Quantitative Assessment of Cloud Security Level Agreements - A Case Study , 2012, SECRYPT.

[7]  Neeraj Suri,et al.  Quantitative Reasoning about Cloud Security Using Service Level Agreements , 2017, IEEE Transactions on Cloud Computing.

[8]  Anderson Santana de Oliveira,et al.  D:C-6.2 Prototype for the data protection impact assessment tool , 2014 .

[9]  Frank Gens,et al.  Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[10]  Anderson Santana de Oliveira,et al.  A Cloud Adoption Risk Assessment Model , 2014, 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing.

[11]  Erdal Cayirci,et al.  A joint trust and risk model for MSaaS mashups , 2013, 2013 Winter Simulations Conference (WSC).

[12]  Joint Task Force Transformation Initiative Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach , 2014 .

[13]  Joint Task Force Transformation Initiative Guide for Conducting Risk Assessments , 2012 .

[14]  Stephen N. Luko,et al.  Risk Management Principles and Guidelines , 2013 .