Skip to main content
SpringerLink
Log in

Assessing Cloud Computing Security Threats in Malaysian Organization Using Fuzzy Delphi Method

  • Conference paper
  • First Online:
Recent Advances in Soft Computing and Data Mining (SCDM 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 457))

Included in the following conference series:

  • 253 Accesses

Abstract

The growth of cloud computing become one of the fastest technologies adopted in the industry. Nevertheless, cloud computing security issues are still debated and organizations are struggling in safeguarding the security of cloud computing. Moreover, challenges in identifying and evaluating risks in cloud computing are add-on factors. In this study, we identified threats in cloud computing using judgment-based assessment. Twenty experts were selected to assess the likelihood of threats. The fuzzy Delphi method was used to analyze the assessment results and the list of threats was ranked and discussed in the results. The findings show that security risks are highlighted as the top-ranked compared to organizational or non-cloud-related threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 299.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Hong, J.B., Nhlabatsi, A., Kim, D.S., Hussein, A., Fetais, N., Khan, K.M.: Systematic identification of threats in the cloud: a survey. Comput. Netw. 150, 46–69 (2019). https://doi.org/10.1016/j.comnet.2018.12.009

    Article  Google Scholar 

  2. Khajeh-Hosseini, A., Sommerville, I., Bogaerts, J., Teregowda, P.: Decision support tools for cloud migration in the enterprise. In: 2011 IEEE 4th International Conference on Cloud Computing, pp. 541–548, July 2011. https://doi.org/10.1109/CLOUD.2011.59

  3. Aleem, A., Ryan Sprott, C.: Let me in the cloud: analysis of the benefit and risk assessment of cloud platform. J. Financ. Crime (2012). https://doi.org/10.1108/13590791311287337

  4. Singh, A., Chatterjee, K.: Cloud security issues and challenges: a survey. J. Netw. Comput. Appl. 79, 88–115 (2017). https://doi.org/10.1016/j.jnca.2016.11.027

    Article  Google Scholar 

  5. Ackermann, T.: IT Security Risk Management. Springer Fachmedien Wiesbaden, Wiesbaden (2013)

    Book  Google Scholar 

  6. Hussain, S.A., Fatima, M., Saeed, A., Raza, I., Shahzad, R.K.: Multilevel classification of security concerns in cloud computing. Appl. Comput. Inform. 13, 57–65 (2017). https://doi.org/10.1016/j.aci.2016.03.001

    Article  Google Scholar 

  7. Drissi, S., Houmani, H., Medromi, H.: Survey: risk assessment for cloud computing. Int. J. Adv. Comput. Sci. Appl. 4(12), 143–148 (2013). https://doi.org/10.14569/IJACSA.2013.041221

    Article  Google Scholar 

  8. Cayirci, E., Garaga, A., Santana de Oliveira, A., Roudier, Y.: A risk assessment model for selecting cloud service providers. J. Cloud Comput. 5(1), 1–12 (2016). https://doi.org/10.1186/s13677-016-0064-x

    Article  Google Scholar 

  9. Sen, A., Madria, S.: Risk assessment in a sensor cloud framework using attack graphs. IEEE Trans. Serv. Comput. 10(6), 942–955 (2017). https://doi.org/10.1109/TSC.2016.2544307

    Article  Google Scholar 

  10. Catteddu, D., Hogben, G.: Cloud computing - benefits, risks and recommendations for information security, pp. 1–2 (2012)

    Google Scholar 

  11. Michael, J., Field, S.: The Treacherous 12 Cloud Computing Top Threats in 2016, Security, pp. 1–34 (2016). http://www.cloudsecurityalliance.org/topthreats

  12. Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security (2010). https://doi.org/10.1109/CLOUD.2010.22

  13. Tanimoto, S., Hiramoto, M., Iwashita, M., Sato, H., Kanai, A.: Risk management on the security problem in cloud computing. In: Proceedings of the - 1st ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering, CNSI 2011, pp. 147–152 (2011). https://doi.org/10.1109/CNSI.2011.82

  14. Albakri, S.H., Shanmgam, B., Samy, G.N., Idris, N.B., Ahmed, A.: A case study for the cloud computing security threats in a governmental organization. In: 1st International Conference on Computer, Communications, and Control Technology, I4CT 2014, no. I4ct, pp. 452–457 (2014). https://doi.org/10.1109/I4CT.2014.6914225

  15. Drissi, S., Benhadou, S., Medromi, H.: A new shared and comprehensive tool of cloud computing security risk assessment. In: Sabir, E., Medromi, H., Sadik, M. (eds.) Advances in Ubiquitous Networking: Proceedings of the UNet’15, pp. 155–167. Springer, Singapore (2016). https://doi.org/10.1007/978-981-287-990-5_13

    Chapter  Google Scholar 

  16. Akinrolabu, O., New, S., Martin, A.: CSCCRA: a novel quantitative risk assessment model for saas cloud service providers. Computers 8(3), 1–17 (2019). https://doi.org/10.3390/computers8030066

    Article  Google Scholar 

  17. Theoharidou, M., Tsalis, N., Gritzalis, D.: In cloud we trust: risk-assessment-as-a-service. In: Fernández-Gago, C., Martinelli, F., Pearson, S., Agudo, I. (eds.) Trust Management VII, pp. 100–110. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38323-6_7

    Chapter  Google Scholar 

  18. Youssef, B.C., Nada, M., Elmehdi, B., Boubker, R.: Intrusion detection in cloud computing based attacks patterns and risk assessment. In: Proceedings of the 2016 3rd International Conference on Systems of Collaboration, SysCo 2016 (2017). https://doi.org/10.1109/SYSCO.2016.7831341

  19. Stergiopoulos, G., Gritzalis, D., Kouktzoglou, V.: Using formal distributions for threat likelihood estimation in cloud-enabled IT risk assessment. Comput. Netw. 134, 23–45 (2018). https://doi.org/10.1016/j.comnet.2018.01.033

    Article  Google Scholar 

  20. Houmb, S.H.: Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD) Framework (2007)

    Google Scholar 

  21. Zadeh, L.A.: Fuzzy sets and systems. In: Fox, J. (ed.) System Theory. Microwave Research Institute Symposia Series XV, pp. 29–37. Polytechnic Press, Brooklyn (1965). Reprinted in Int. J. Gen. Syst. 17, 129–138 (1990)

    Google Scholar 

  22. Garatti, M., Costa, R., Reghizzi, S.C., Rohou, E.: The impact of alias analysis on VLIW scheduling. In: Zima, H.P., Joe, K., Sato, M., Seo, Y., Shimasaki, M. (eds.) ISHPC 2002. LNCS, vol. 2327, pp. 93–105. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-47847-7_10

    Chapter  Google Scholar 

  23. Samantra, C., Datta, S., Shankar Mahapatra, S.: Risk assessment in IT outsourcing using fuzzy decision-making approach: an Indian perspective. Expert Syst. Appl. (2014). https://doi.org/10.1016/j.eswa.2013.12.024

  24. Xia, H.C., Li, D.F., Zhou, J.Y., Wang, J.M.: Fuzzy LINMAP method for multiattribute decision making under fuzzy environments. J. Comput. Syst. Sci. 72(4), 741–759 (2006). https://doi.org/10.1016/j.jcss.2005.11.001

    Article  MathSciNet  MATH  Google Scholar 

  25. Catteddu, D.: Cloud computing: benefits, risks and recommendations for information security. In: Serrão, C., Aguilera Díaz, V., Cerullo, F. (eds.) IBWAS 2009. CCIS, vol. 72, p. 17. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16120-9_9

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Advanced Informatics, Razak Faculty of Technology and Informatics, Universiti Teknologi Malaysia (UTM), Jalan Sultan Yahya Petra, 54100, Kuala Lumpur, Malaysia

    Nurbaini Zainuddin, Rasimah Che Mohd Yusuff & Ganthan Narayana Samy

Authors
  1. Nurbaini Zainuddin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rasimah Che Mohd Yusuff
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ganthan Narayana Samy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nurbaini Zainuddin .

Editor information

Editors and Affiliations

  1. Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia

    Rozaida Ghazali

  2. Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia

    Nazri Mohd Nawi

  3. Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia

    Mustafa Mat Deris

  4. School of Information Technology Faculty of Science, Engineering and Built Environment, Deakin University, Geelong, VIC, Australia

    Jemal H. Abawajy

  5. Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia

    Nureize Arbaiy

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zainuddin, N., Yusuff, R.C.M., Samy, G.N. (2022). Assessing Cloud Computing Security Threats in Malaysian Organization Using Fuzzy Delphi Method. In: Ghazali, R., Mohd Nawi, N., Deris, M.M., Abawajy, J.H., Arbaiy, N. (eds) Recent Advances in Soft Computing and Data Mining. SCDM 2022. Lecture Notes in Networks and Systems, vol 457. Springer, Cham. https://doi.org/10.1007/978-3-031-00828-3_25

Download citation

Publish with us

Policies and ethics

Search

Navigation