Security risk assessment framework for cloud computing environments
Cloud computing has become today's most common technology buzzword. Despite the promises of cloud computing to decrease computing implementation costs and deliver computing as a service, which allows clients to pay only for what they need and use, cloud computing also raises many security conce...
Main Authors: | , , , , |
---|---|
Format: | Article |
Published: |
John Wiley and Sons Inc.
2014
|
Subjects: |
_version_ | 1796861286087131136 |
---|---|
author | Shanmugam, Bharanidharan Narayana Samy, Ganthan Idris, Norbik Bashah Saif Qaid, Samer Hasan Ahmad, Azuan |
author_facet | Shanmugam, Bharanidharan Narayana Samy, Ganthan Idris, Norbik Bashah Saif Qaid, Samer Hasan Ahmad, Azuan |
author_sort | Shanmugam, Bharanidharan |
collection | ePrints |
description | Cloud computing has become today's most common technology buzzword. Despite the promises of cloud computing to decrease computing implementation costs and deliver computing as a service, which allows clients to pay only for what they need and use, cloud computing also raises many security concerns. Most popular risk assessment standards, such as ISO27005, NIST SP800-30, and AS/NZS 4360, assume that an organization's assets are fully managed by the organization itself and that all security management processes are imposed by the organization. These assumptions, however, do not apply to cloud computing environments. Hence, this paper proposes a security risk assessment framework that can enable cloud service providers to assess security risks in the cloud computing environment and allow cloud clients to contribute in risk assessment. The proposed framework provides a more realistic and accurate risk assessment outcome by considering the cloud clients' evaluation of security risk factors and avoiding the complexity that can result from the involvement of clients in whole risk assessment process. |
first_indexed | 2024-03-05T19:54:02Z |
format | Article |
id | utm.eprints-62535 |
institution | Universiti Teknologi Malaysia - ePrints |
last_indexed | 2024-03-05T19:54:02Z |
publishDate | 2014 |
publisher | John Wiley and Sons Inc. |
record_format | dspace |
spelling | utm.eprints-625352017-06-18T06:04:21Z http://eprints.utm.my/62535/ Security risk assessment framework for cloud computing environments Shanmugam, Bharanidharan Narayana Samy, Ganthan Idris, Norbik Bashah Saif Qaid, Samer Hasan Ahmad, Azuan QA75 Electronic computers. Computer science Cloud computing has become today's most common technology buzzword. Despite the promises of cloud computing to decrease computing implementation costs and deliver computing as a service, which allows clients to pay only for what they need and use, cloud computing also raises many security concerns. Most popular risk assessment standards, such as ISO27005, NIST SP800-30, and AS/NZS 4360, assume that an organization's assets are fully managed by the organization itself and that all security management processes are imposed by the organization. These assumptions, however, do not apply to cloud computing environments. Hence, this paper proposes a security risk assessment framework that can enable cloud service providers to assess security risks in the cloud computing environment and allow cloud clients to contribute in risk assessment. The proposed framework provides a more realistic and accurate risk assessment outcome by considering the cloud clients' evaluation of security risk factors and avoiding the complexity that can result from the involvement of clients in whole risk assessment process. John Wiley and Sons Inc. 2014 Article PeerReviewed Shanmugam, Bharanidharan and Narayana Samy, Ganthan and Idris, Norbik Bashah and Saif Qaid, Samer Hasan and Ahmad, Azuan (2014) Security risk assessment framework for cloud computing environments. Security and Communication Networks, 7 (11). p. 2124. ISSN 1939-0114 http://dx.doi.org/10.1002/sec.923 DOI:10.1002/sec.923 |
spellingShingle | QA75 Electronic computers. Computer science Shanmugam, Bharanidharan Narayana Samy, Ganthan Idris, Norbik Bashah Saif Qaid, Samer Hasan Ahmad, Azuan Security risk assessment framework for cloud computing environments |
title | Security risk assessment framework for cloud computing environments |
title_full | Security risk assessment framework for cloud computing environments |
title_fullStr | Security risk assessment framework for cloud computing environments |
title_full_unstemmed | Security risk assessment framework for cloud computing environments |
title_short | Security risk assessment framework for cloud computing environments |
title_sort | security risk assessment framework for cloud computing environments |
topic | QA75 Electronic computers. Computer science |
work_keys_str_mv | AT shanmugambharanidharan securityriskassessmentframeworkforcloudcomputingenvironments AT narayanasamyganthan securityriskassessmentframeworkforcloudcomputingenvironments AT idrisnorbikbashah securityriskassessmentframeworkforcloudcomputingenvironments AT saifqaidsamerhasan securityriskassessmentframeworkforcloudcomputingenvironments AT ahmadazuan securityriskassessmentframeworkforcloudcomputingenvironments |