Skip to main content
SpringerLink
Log in

Cyber Security in Cloud: Risk Assessment Models

  • Conference paper
  • First Online:
Intelligent Computing

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 283))

Abstract

The present paper shows a proposal of the characteristics Cloud Risk Assessment Models should have and presents the review of the literature considering those characteristics in order to identify current gaps. This work shows a ranking of Cloud RA models and their degree of compliance with the theoretical reference Cloud Risk Assessment model. The review of literature shows that RA approaches leveraging CSA (Cloud Security Alliance) STAR Registry that have into account organization’s security requirements present higher degree of compliance but they still lack risk economic quantification. The myriad of conceptual models, methodologies and frameworks although based on current NIST SP 800:30, ISO 27001, ISO 27005, ISO 30001, ENISA standards could be enhanced by the use of techno-economic models like UTEM, created by the author, in order to conceive more simplified models for effective Risk Assessment and Mitigation closer to the theoretical reference model for Cloud Risk Assessment, available for all cloud models (IaaS, PaaS, SaaS) and easy to use for all stakeholders.

Dr. Carlos Bendicho holds M.Sc. and Ph.D. degrees in Telecommunications Engineering (EECS) from Bilbao School of Engineering, University of the Basque Country, Spain. He is also MBA from Technical University of Madrid and MIT Sloan Executive Program in Artificial Intelligence and Strategy, Massachusetts Institute of Technology. He is ACM Member and IEEE Communications Society Member.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Nhlabatsi, A., Hong, J.B., Kim, D.S., Fernandez, R., Fetais, N., Khan, K.M.: Spiral^SRA: a threat-specific security risk assessment framework for the cloud. In: 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS), Lisbon, pp. 367–374 (2018). https://doi.org/10.1109/QRS.2018.00049

  2. Swiderski, F., Snyder, W.: Threat Modeling. Microsoft Press, Redmond (2004)

    Google Scholar 

  3. Djemame, K., Armstrong, D., Guitart, J., Macias, M.: A risk assessment framework for cloud computing. IEEE Trans. Cloud Comput. 4(3), 265–278 (2016). https://doi.org/10.1109/TCC.2014.2344653.

  4. Ferrer, A.J., Hernandez, F., Tordsson, J., Elmroth, E., Ali-Eldin, A., Zsigri, C., Sirvent, R., Guitart, J., Badia, R.M., Djemame, K., Ziegler, W., Dimitrakos, T., Nair, S.K., Kousiouris, G., Konstanteli, K., Varvarigou, T., Hudzia, B., Kipp, A., Wesner, S., Corrales, M., Forgo, N., Sharif, T., Sheridan, C.: Optimis: a holistic approach to cloud service provisioning. Future Generation Comput. Syst. 28(1), 66–77 (2012)

    Google Scholar 

  5. Optimis toolkit (2013). http://optimistoolkit.com/

  6. Tanimoto, S., et al.: A study of risk assessment quantification in cloud computing. In: 2014 17th International Conference on Network-Based Information Systems, Salerno, pp. 426–431 (2014). https://doi.org/10.1109/NBiS.2014.11

  7. Albakri, S.H., Shanmugam, B., Samy, G.N., Idris, N.B., Ahmed, A.: Security risk assessment framework for cloud computing environments. Secur. Commun. Netw. 7(11), 2114–2124 (2014)

    Article  Google Scholar 

  8. Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security. In: 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD). IEEE, pp. 280–288 (2010)

    Google Scholar 

  9. Linstone, H.A.: The Delphi Method: Techniques and Applications. Addison-Wesley (1975)

    Google Scholar 

  10. RAND Corporation: A collection of RAND publications on the Delphi method (2007). http://www.rand.org/pardee/pubs/methodologies.html#delphi

  11. Stuter, L.M.: The delphi technique: what is it? Lynn's Educ. Res. Netw. (1996). http://www.learnusa.com/transformation_process/acf001.htm

  12. Microsoft: Microsoft threat modeling tool – threats - stride model. Accessed 14 Nov 2020. https://docs.microsoft.com/es-es/azure/security/develop/threat-modeling-tool-threats

  13. Federal Information Processing Standards Pub 199: Standards for Security Categorization of Federal Information and Information Systems. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf

  14. Akinrolabu, O., Nurse, J.R.C., Martin, A., New, S.: Cyber risk assessment in cloud provider environments: Current models and future needs. Comput. Secur. 87 (2019). https://doi.org/10.1016/j.cose.2019.101600

  15. Cayirci, E., Garaga, A., Santana de Oliveira, A., Roudier, Y.: A risk assessment model for selecting cloud service providers. J. Cloud Comput. 5(1), 1–12 (2016). https://doi.org/10.1186/s13677-016-0064-x

    Article  Google Scholar 

  16. Catteddu, D., Hogben, G.: Cloud computing. Benefits, risks and recommendations for information security. Technical report. ENISA (2009). Accessed http://www.enisa.europa.eu/activities/risk-management/files/ deliverables/cloud-computing-risk-assessment/at_download/fullReport

  17. The Notorious Nine Cloud Computing Top Threats in 2013 Technical report. Cloud Security Alliance (2013). https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf

  18. Cloud Security Alliance: Consensus Assessment Initiative Questionnaire (CAIQ). Accessed https://cloudsecurityalliance.org/research/cai

  19. Cloud Security Alliance: Cloud Control Matrix (CCM). Accessed https://cloudsecurityalliance.org/research/ccm/

  20. Luna, J., Langenberg, R., Suri, N.: Benchmarking cloud security level agreements using quantitative policy trees. In: Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop – CCSW 2012, p. 103. ACM Press, New York (2012). https://doi.org/10.1145/2381913.2381932. Accessed http://dl.acm.org/citation.cfm?doid=2381913.2381932

  21. Alturkistani, F.M., Emam, A.Z.: A review of security risk assessment methods in cloud computing. In: Rocha, Á., Correia, A.M., Tan, F.B., Stroetmann, K.A. (eds.) New Perspectives in Information Systems and Technologies, Volume 1. AISC, vol. 275, pp. 443–453. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-05951-8_42

    Chapter  Google Scholar 

  22. Drissi, S., Benhadou, S., Medromi, H.: Evaluation of risk assessment methods regarding cloud computing. In: The 5th Conference on Multidisciplinary Design Optimization and Applicaton (2016)

    Google Scholar 

  23. Tang, H., Yang, J., Wang, X., Zhou, Q.: A research for cloud computing security risk assessment. Open Cybern. Systemics J. 10, 210–217 (2016). http://benthamopen.com/ABSTRACT/TOCSJ-10-210

  24. Bendicho, C.: Techno-economic assessment in communications: models for access network technologies, arXiv (2020). https://arxiv.org/abs/2006.07720

  25. Bendicho, C.: Model for techno-economic assessment of access technologies. Doctoral dissertation for Ph.D., Telecommunications Engineering, University of the Basque Country, 2016, arXiv (2020). https://arxiv.org/abs/2008.07286

  26. Ribbeck, B.: Cloud service provider risk assessment (2014). Accessed https://events.educause.edu/annual-conference/2014/proceedings/cloud-service-provider-risk-assessment

  27. Macdonald, D.: Practical Machinery Safety. Newnes (2004)

    Google Scholar 

  28. Fito, J.O., Macias, M., Guitart, J.: Toward business-driven risk management for cloud computing. In: 2010 International Conference on Network and Service Management (CNSM), October 25–29, pp. 238–241 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Bilbao, Spain

    Carlos Bendicho

Authors
  1. Carlos Bendicho
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bendicho, C. (2022). Cyber Security in Cloud: Risk Assessment Models. In: Arai, K. (eds) Intelligent Computing. Lecture Notes in Networks and Systems, vol 283. Springer, Cham. https://doi.org/10.1007/978-3-030-80119-9_28

Download citation

Publish with us

Policies and ethics

Search

Navigation