期刊名称:International Journal of Advanced Computer Science and Applications(IJACSA)
印刷版ISSN:2158-107X
电子版ISSN:2156-5570
出版年度:2019
卷号:10
期号:12
页码:1-9
出版社:Science and Information Society (SAI)
摘要:Security is considered one of the top ranked risks
of Cloud Computing (CC) due to the outsourcing of sensitive
data onto a third party. In addition, the complexity of the cloud
model results in a large number of heterogeneous security
controls that must be consistently managed. Hence, no matter
how strongly the cloud model is secured, organizations continue
suffering from lack of trust on CC and remain uncertain about
its security risk consequences. Traditional risk management
frameworks do not consider the impact of CC security risks on
the business objectives of the organizations. In this paper, we
propose a novel Cloud Security Risk Management Framework
(CSRMF) that helps organizations adopting CC identifies,
analyze, evaluate, and mitigate security risks in their Cloud
platforms. Unlike traditional risk management frameworks,
CSRMF is driven by the business objectives of the organizations.
It allows any organization adopting CC to be aware of cloud
security risks and align their low-level management decisions
according to high-level business objectives. In essence, it is
designed to address impacts of cloud-specific security risks into
business objectives in a given organization. Consequently,
organizations are able to conduct a cost-value analysis regarding
the adoption of CC technology and gain an adequate level of
confidence in Cloud technology. On the other hand, Cloud
Service Providers (CSP) is able to improve productivity and
profitability by managing cloud-related risks. The proposed
framework has been validated and evaluated through a use-case
scenario.
关键词:Information security; data privacy; cloud security
risks; risk management; business objectives; cloud computing
