In Cloud We Trust: Risk-Assessment-as-a-Service

Theoharidou, Marianthi; Tsalis, Nikolaos; Gritzalis, Dimitris

doi:10.1007/978-3-642-38323-6_7

Cited by 20 publications

(10 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It hopes to achieve this by showing how a holistic quantitative risk assessment and decision analysis model provides a unique capability for capturing the dynamic behaviour of risks within a cloud supply chain and measuring the overall risk behaviour. While numerous scholars have openly questioned the subjectivity of expert's estimate in quantitative analysis [12,18], our implementation of CSCCRA aims to prove that despite the lack of historical data, cloud risk assessments can achieve increased objectivity through the use of controlled experimentation, clearly defined model, peer reviews and calibration of the expert judges [19,55].…”

Section: The Csccra Modelmentioning

confidence: 99%

“…While some of these studies have concentrated on cloud adoption risk assessment, others have followed the traditional route to security risk assessment, adapting the traditional risk frameworks, for example, ISO/IEC 27005, ISO/IEC 31000 and NIST 800-30v1. Being predominantly qualitative or at best semi-quantitative, the prevalent use of these traditional methodologies in assessing cloud risks presents a wide range of limitations including the subjectivity of risk evaluation and the inability to cope with the dynamic cloud infrastructure [12,13].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

2019

View full text Add to dashboard Cite

Security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. While cloud adoption mitigates some of the existing information technology (IT) risks, research shows that it introduces a new set of security risks linked to multi-tenancy, supply chain and system complexity. Assessing and managing cloud risks can be a challenge, even for cloud service providers (CSPs), due to the increased numbers of parties, devices and applications involved in cloud service delivery. The limited visibility of security controls down the supply chain, further exacerbates this risk assessment challenge. As such, we propose the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by supplier security posture assessment and supply chain mapping. Using the CSCCRA model, we assess the risk of a SaaS application, mapping its supply chain, identifying weak links in the chain, evaluating its security risks and presenting the risk value in monetary terms (£), with this, promoting cost-effective risk mitigation and optimal risk prioritisation. We later apply the Core Unified Risk Framework (CURF) in comparing the CSCCRA model with already established methods, as part of evaluating its completeness.

show abstract

Section: The Csccra Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

2019

View full text Add to dashboard Cite

show abstract

“…Industrial Car Company uses this interface to manage and interact with cloud services. Table VIII illustrates unique vulnerabilities in the cloud respect to the cloud assets [9]. Each vulnerability is mapped to an asset.…”

Section: B Resultsmentioning

confidence: 99%

Cloud Computing: A Risk Assessment Model

Sendi

Cheriet

2014

2014 IEEE International Conference on Cloud Engineering

View full text Add to dashboard Cite

Cloud computing has recently emerged compelling paradigm by introducing several characteristics such as ondemand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Despite the fact that cloud computing offers huge cost benefits for companies, the unique security challenges have been introduced in a cloud environment that make risk assessment challenging. Cloud consumers need a protection to their cloud applications against cyber attacks. Although some security controls and policies are devised for each element of cloud computing, we need a framework with overall quantitative risk assessment model.The aim of this paper is to propose a framework for assessing the security risks associated with cloud computing platforms. The fully quantitative, iterative, and incremental approach enables cloud customer/provider to assess and manage cloud security risks. A proper result of risk assessment leads to have appropriate risk management mechanism for mitigating risks and reach to an acceptance security level.

show abstract

“…ISO 27005, ISO 31000 and NIST 800-30v1. Being predominantly qualitative or at best semi-quantitative, these exhibit serious limitations, including the subjectivity of risk evaluation and the inability to cope with the dynamic cloud infrastructure [18], [19]. We have argued elsewhere that the lack of CSP transparency is also perceived to be a contributing factor to the use of qualitative methods in assessing cloud risks [20].…”

Section: Background and Related Workmentioning

confidence: 99%

Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study

Akinrolabu

New

Martin

2019

2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference

View full text Add to dashboard Cite

Cloud computing is widely believed to be the future of computing. It has grown from being a promising idea to one of the fastest research and development paradigms of the computing industry. However, security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. Likewise, the attributes of the cloud such as multi-tenancy, dynamic supply chain, limited visibility of security controls and system complexity, have exacerbated the challenge of assessing cloud risks. In this paper, we conduct a real-world case study to validate the use of a supply chaininclusive risk assessment model in assessing the risks of a multicloud SaaS application. Using the components of the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, we show how the model enables cloud service providers (CSPs) to identify critical suppliers, map their supply chain, identify weak security spots within the chain, and analyse the risk of the SaaS application, while also presenting the value of the risk in monetary terms. A key novelty of the CSCCRA model is that it caters for the complexities involved in the delivery of SaaS applications and adapts to the dynamic nature of the cloud, enabling CSPs to conduct risk assessments at a higher frequency, in response to a change in the supply chain.

show abstract

In Cloud We Trust: Risk-Assessment-as-a-Service

Cited by 20 publications

References 29 publications

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

Cloud Computing: A Risk Assessment Model

Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study

Contact Info

Product

Resources

About