A Review of Security Risk Assessment Methods in Cloud Computing

Alturkistani, Fatimah M.; Emam, Ahmed

doi:10.1007/978-3-319-05951-8_42

Cited by 9 publications

(13 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the cloud computing environment is different from the traditional enterprise environment and the characteristics of the cloud model invalidate this assumption making the traditional methods unfit for cloud environment [6]. In addition, these methods do not readily fit the dynamic nature of clouds, which are characterized by on demand self-service and rapid elasticity [9].…”

Section: Cloud Security Risk Managementmentioning

confidence: 99%

“…Security assessment in cloud is a challenging domain and identifying security risks that may face the cloud customer is a complex task [9]. The cloud customer is not allowed to assess the security risks of the CSP since hackers who claimed to be customers may use the result of the risk assessment to exploit the vulnerability of the CSP [6].…”

Section: Cloud Security Risk Managementmentioning

confidence: 99%

“…The cloud customer is not allowed to assess the security risks of the CSP since hackers who claimed to be customers may use the result of the risk assessment to exploit the vulnerability of the CSP [6]. In addition, revealing the risks will likely lead to reduced confidence of customers on the cloud services and uncertainties on the quality and level of security implemented [9]. On the other hand, the CSP can't exactly calculate the risk since it does not know the real value of the data assets of the customer [6].…”

Section: Cloud Security Risk Managementmentioning

confidence: 99%

“…On the other hand, the CSP can't exactly calculate the risk since it does not know the real value of the data assets of the customer [6]. Lack of cloud security standard also created a challenge in cloud risk assessment [9]. Therefore, an effective cloud security risk management methodology is necessary to adequately assess and mitigate cloud security risks.…”

Section: Cloud Security Risk Managementmentioning

confidence: 99%

“…As a result, researchers proposed different security risk management methods and frameworks. Alturkistani and Emam [9] reviewed cloud risk assessment methods by classifying them into five categories as: assessment as a service, qualitative and quantitative, hierarchical, graph analysis and security matrix assessment [9]. They identified the main processes and components of the methods but they didn't assess the effectiveness of those methods.…”

Section: Frameworkmentioning

confidence: 99%

See 4 more Smart Citations

Cloud Security Risk Management: A Critical Review

Damenu

Balakrishna

2015

2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies

View full text Add to dashboard Cite

Cloud computing has created a remarkable paradigm shift in the IT industry and brought several advantages such as on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. These advantages enabled cloud to have significant impact on different sectors of smart cites. However, cloud adoption has increased the sophistication of the ever changing security risks which frustrate enterprises on expanding their on-premises infrastructure towards cloud horizons. These risks have the potential of being a major concern for smart cities due to the increasing impact of cloud on them. Managing these security risks requires adopting effective risk management method which involve both the cloud service provider and the customer. The risk management frameworks currently applied to manage enterprise IT risks do not readily fit the cloud environment and the dynamic nature of clouds, which are characterized by on demand self-service and rapid elasticity. Therefore, researchers have proposed different cloud security risk management methods and frameworks. This paper critically reviews these risk management methods and frameworks. In addition, it conducts critical analysis on two of them using qualitative content analysis technique, and evaluates their effectiveness for assessing and mitigating cloud security risks. Keywords-cloud security risk management; cloud security risk assessment; security risk management; cloud security riskI.

show abstract

Section: Cloud Security Risk Managementmentioning

confidence: 99%

Section: Cloud Security Risk Managementmentioning

confidence: 99%

Section: Cloud Security Risk Managementmentioning

confidence: 99%

Section: Cloud Security Risk Managementmentioning

confidence: 99%

Section: Frameworkmentioning

confidence: 99%

See 3 more Smart Citations

Cloud Security Risk Management: A Critical Review

Damenu

Balakrishna

2015

2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies

View full text Add to dashboard Cite

show abstract

Cyber Security in Cloud: Risk Assessment Models

Bendicho¹

2021

Lecture Notes in Networks and Systems

View full text Add to dashboard Cite

How IT Infrastructures Break: Better Modeling for Better Risk Management

Somers

Bach

Dagnat

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

IT infrastructures break. Whether it be computer attacks or software, human or hardware failures, IT safety and security risk is present in many technical and organizational domains. Risk management is therefore essential to ensure infrastructure resilience, compliance with legal and contractual requirements and a better knowledge of what causes what. But risk management is hard to automate, sometimes because criteria are subject to human appreciation, sometimes because of an incomplete or wrong knowledge of the infrastructure itself. And this latter factor has become more evident with the advent of modern cloudnative architectures: complex and dynamic infrastructures make risk assessment difficult. In this article, we propose an approach based on infrastructure modeling to help automate the risk assessment process for IT infrastructures. Instead of focusing first on hazard analysis, our approach attempts to consider (most of) such an analysis as a consequence of infrastructure modeling. By deciding to focus on the infrastructure modeling itself and by involving as many of the company's stakeholders as possible in the process, we intend to make risk assessment more collaborative and thorough, by taking advantage of everyone's expertise.

show abstract

A Review of Security Risk Assessment Methods in Cloud Computing

Cited by 9 publications

References 16 publications

Cloud Security Risk Management: A Critical Review

Cloud Security Risk Management: A Critical Review

Cyber Security in Cloud: Risk Assessment Models

How IT Infrastructures Break: Better Modeling for Better Risk Management

Contact Info

Product

Resources

About