Security risk assessment framework for cloud computing environments

Cloud computing has become today's most common technology buzzword. Despite the promises of cloud computing to decrease computing implementation costs and deliver computing as a service, which allows clients to pay only for what they need and use, cloud computing also raises many security conce...

Full description

Bibliographic Details
Main Authors: Shanmugam, Bharanidharan, Narayana Samy, Ganthan, Idris, Norbik Bashah, Saif Qaid, Samer Hasan, Ahmad, Azuan
Format: Article
Published: John Wiley and Sons Inc. 2014
Subjects:
_version_ 1796861286087131136
author Shanmugam, Bharanidharan
Narayana Samy, Ganthan
Idris, Norbik Bashah
Saif Qaid, Samer Hasan
Ahmad, Azuan
author_facet Shanmugam, Bharanidharan
Narayana Samy, Ganthan
Idris, Norbik Bashah
Saif Qaid, Samer Hasan
Ahmad, Azuan
author_sort Shanmugam, Bharanidharan
collection ePrints
description Cloud computing has become today's most common technology buzzword. Despite the promises of cloud computing to decrease computing implementation costs and deliver computing as a service, which allows clients to pay only for what they need and use, cloud computing also raises many security concerns. Most popular risk assessment standards, such as ISO27005, NIST SP800-30, and AS/NZS 4360, assume that an organization's assets are fully managed by the organization itself and that all security management processes are imposed by the organization. These assumptions, however, do not apply to cloud computing environments. Hence, this paper proposes a security risk assessment framework that can enable cloud service providers to assess security risks in the cloud computing environment and allow cloud clients to contribute in risk assessment. The proposed framework provides a more realistic and accurate risk assessment outcome by considering the cloud clients' evaluation of security risk factors and avoiding the complexity that can result from the involvement of clients in whole risk assessment process.
first_indexed 2024-03-05T19:54:02Z
format Article
id utm.eprints-62535
institution Universiti Teknologi Malaysia - ePrints
last_indexed 2024-03-05T19:54:02Z
publishDate 2014
publisher John Wiley and Sons Inc.
record_format dspace
spelling utm.eprints-625352017-06-18T06:04:21Z http://eprints.utm.my/62535/ Security risk assessment framework for cloud computing environments Shanmugam, Bharanidharan Narayana Samy, Ganthan Idris, Norbik Bashah Saif Qaid, Samer Hasan Ahmad, Azuan QA75 Electronic computers. Computer science Cloud computing has become today's most common technology buzzword. Despite the promises of cloud computing to decrease computing implementation costs and deliver computing as a service, which allows clients to pay only for what they need and use, cloud computing also raises many security concerns. Most popular risk assessment standards, such as ISO27005, NIST SP800-30, and AS/NZS 4360, assume that an organization's assets are fully managed by the organization itself and that all security management processes are imposed by the organization. These assumptions, however, do not apply to cloud computing environments. Hence, this paper proposes a security risk assessment framework that can enable cloud service providers to assess security risks in the cloud computing environment and allow cloud clients to contribute in risk assessment. The proposed framework provides a more realistic and accurate risk assessment outcome by considering the cloud clients' evaluation of security risk factors and avoiding the complexity that can result from the involvement of clients in whole risk assessment process. John Wiley and Sons Inc. 2014 Article PeerReviewed Shanmugam, Bharanidharan and Narayana Samy, Ganthan and Idris, Norbik Bashah and Saif Qaid, Samer Hasan and Ahmad, Azuan (2014) Security risk assessment framework for cloud computing environments. Security and Communication Networks, 7 (11). p. 2124. ISSN 1939-0114 http://dx.doi.org/10.1002/sec.923 DOI:10.1002/sec.923
spellingShingle QA75 Electronic computers. Computer science
Shanmugam, Bharanidharan
Narayana Samy, Ganthan
Idris, Norbik Bashah
Saif Qaid, Samer Hasan
Ahmad, Azuan
Security risk assessment framework for cloud computing environments
title Security risk assessment framework for cloud computing environments
title_full Security risk assessment framework for cloud computing environments
title_fullStr Security risk assessment framework for cloud computing environments
title_full_unstemmed Security risk assessment framework for cloud computing environments
title_short Security risk assessment framework for cloud computing environments
title_sort security risk assessment framework for cloud computing environments
topic QA75 Electronic computers. Computer science
work_keys_str_mv AT shanmugambharanidharan securityriskassessmentframeworkforcloudcomputingenvironments
AT narayanasamyganthan securityriskassessmentframeworkforcloudcomputingenvironments
AT idrisnorbikbashah securityriskassessmentframeworkforcloudcomputingenvironments
AT saifqaidsamerhasan securityriskassessmentframeworkforcloudcomputingenvironments
AT ahmadazuan securityriskassessmentframeworkforcloudcomputingenvironments