122,045 research outputs found
Determining Training Needs for Cloud Infrastructure Investigations using I-STRIDE
As more businesses and users adopt cloud computing services, security
vulnerabilities will be increasingly found and exploited. There are many
technological and political challenges where investigation of potentially
criminal incidents in the cloud are concerned. Security experts, however, must
still be able to acquire and analyze data in a methodical, rigorous and
forensically sound manner. This work applies the STRIDE asset-based risk
assessment method to cloud computing infrastructure for the purpose of
identifying and assessing an organization's ability to respond to and
investigate breaches in cloud computing environments. An extension to the
STRIDE risk assessment model is proposed to help organizations quickly respond
to incidents while ensuring acquisition and integrity of the largest amount of
digital evidence possible. Further, the proposed model allows organizations to
assess the needs and capacity of their incident responders before an incident
occurs.Comment: 13 pages, 3 figures, 3 tables, 5th International Conference on
Digital Forensics and Cyber Crime; Digital Forensics and Cyber Crime, pp.
223-236, 201
Toward a Risk Assessment Model Based on Multi-Agent System for Cloud Consumer
The cloud computing is an innovative paradigm that introduces several changes in technology that have resulted a new ways for cloud providers to deliver their services to cloud consumers mainly in term of security risk assessment, thus, adapting a current risk assessment tools to cloud computing is a very difficult task due to its several characteristics that challenge the effectiveness of risk assessment approaches. As consequence, there is a need of risk assessment model adapted to cloud computing. This paper requires a new risk assessment model based on multi-agent system and AHP model as fundamental steps towards the development of flexible risk assessment approach regarding cloud consumers
Toward a Risk Assessment Model Based on Multi-Agent System for Cloud Consumer
The cloud computing is an innovative paradigm that introduces several changes in technology that have resulted a new ways for cloud providers to deliver their services to cloud consumers mainly in term of security risk assessment, thus, adapting a current risk assessment tools to cloud computing is a very difficult task due to its several characteristics that challenge the effectiveness of risk assessment approaches. As consequence, there is a need of risk assessment model adapted to cloud computing. This paper requires a new risk assessment model based on multi-agent system and AHP model as fundamental steps towards the development of flexible risk assessment approach regarding cloud consumers
Traditional security risk assessment methods in cloud computing environment: usability analysis
The term "Cloud Computing" has become very common in our daily life. Cloud computing has emerged with promises to decrease the cost of computing implementation and deliver the computing as service, where the clients pay only for what he needed and used. However, due to the new structure of the cloud computing model, several security concerns have been raised and many other security threats have been needed to be reevaluated according to the cloud structure. Besides, the traditional security risk assessment methods become unfit for cloud computing model due to its new distinguished characteristics. In this paper, we analysis the ability to assess the security risks in cloud computing environments
Legal issues in clouds: towards a risk inventory.
Cloud computing technologies have reached a high level of development, yet a number of obstacles still exist that must be overcome before widespread commercial adoption can become a reality. In a cloud environment, end users requesting services and cloud providers negotiate service-level agreements (SLAs) that provide explicit statements of all expectations and obligations of the participants. If cloud computing is to experience widespread commercial adoption, then incorporating risk assessment techniques is essential during SLA negotiation and service operation. This article focuses on the legal issues surrounding risk assessment in cloud computing. Specifically, it analyses risk regarding data protection and security, and presents the requirements of an inherent risk inventory. The usefulness of such a risk inventory is described in the context of the OPTIMIS project
Laypeoples' and experts' risk perception of cloud computing
Cloud computing is revolutionising the way software services are procured and used by Government organizations and SMEs. Quantitative risk assessment of Cloud services is complex and undermined by specific security concerns regarding data confidentiality, integrity and availability. This study explores how the gap between the quantitative risk assessment and the perception of the risk can produce a bias in the decision-making process about Cloud computing adoption. The risk perception of experts in Cloud computing (N=37) and laypeople (N=81) about ten Cloud computing services was investigated using the psychometric paradigm. Results suggest that the risk perception of Cloud services can be represented by two components, called dread risk and unknown risk, which may explain up to 46% of the variance. Other factors influencing the risk perception were perceived benefits, trust in regulatory authorities and technology attitude. This study suggests some implications that could support Government and non-Government organizations in their strategies for Cloud computing adoption
Cyber Supply Chain Risks in Cloud Computing - Bridging the Risk Assessment Gap
Cloud computing represents a significant paradigm shift in the delivery of information technology (IT) services. The rapid growth of the cloud and the increasing security concerns associated with the delivery of cloud services has led many researchers to study cloud risks and risk assessments. Some of these studies highlight the inability of current risk assessments to cope with the dynamic nature of the cloud, a gap we believe is as a result of the lack of consideration for the inherent risk of the supply chain. This paper, therefore, describes the cloud supply chain and investigates the effect of supply chain transparency in conducting a comprehensive risk assessment. We conducted an industry survey to gauge stakeholder awareness of supply chain risks, seeking to find out the risk assessment methods commonly used, factors that hindered a comprehensive evaluation and how the current state-of-the-art can be improved. The analysis of the survey dataset showed the lack of flexibility of the popular qualitative assessment methods in coping with the risks associated with the dynamic supply chain of cloud services, typically made up of an average of eight suppliers. To address these gaps, we propose a Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by decision support analysis and supply chain mapping in the identification, analysis and evaluation of cloud risks
- …