Risk Assessment Methods for Cloud Computing Platforms

@article{Weil2019RiskAM,
  title={Risk Assessment Methods for Cloud Computing Platforms},
  author={Timothy R. Weil},
  journal={2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)},
  year={2019},
  volume={1},
  pages={545-547}
}
  • Timothy R. Weil
  • Published 1 July 2019
  • Computer Science
  • 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)
Risk assessment (RA) use cases for cloud computing platforms are presented in the context of an ISO 27001 Information Security Management System (ISMS) developed for Alcohol Monitoring Systems (AMS) across a portfolio of products and services. 

Tables from this paper

Standards for Cloud Risk Assessments—What's Missing?
TLDR
The context and methods for conducting cloud RA are examined across representative national and international standards and guidelines.
Standards for Cloud Risk Assessments - What's Missing?
TLDR
The context and methods for conducting cloud risk assessment are examined across representative national and international standards and guidelines and recommendations for standardization are suggested based on industry best practices.
Collaborative Global Impact Cloud Computing Risk Assessment Framework
TLDR
This work offers a practical risk assessment implementation for cloud networks where disparate network owners can directly measure network risks in an objective, uniform and repeatable manner across networks by allowing the network owners to collaboratively agree on risk metrics and continuously monitor their cloud networks with the same tool, which employs these agreed upon metrics.
A Novel Approach to Load Balancing and Cloud Computing Security using SSL in IaaS Environment
  • Bholanath Mukhopadhyay
  • Computer Science
    International Journal of Advanced Trends in Computer Science and Engineering
  • 2020
TLDR
A proposed solution that is novel in its approach as it considers an existing commercial offering from F5, Inc., a renowned network equipment manufacturer, and incorporates its product – BIG-IP, into an experimental framework that promises to offer high availability, redundancy, load balancing and secure data channel simultaneously.
Cybersecurity Threat Modelling: A Case Study of An Ecommerce Platform Migration to the Public Cloud
TLDR
Different threat modelling techniques are applied to decompose the migration of an on-premise hosted ecommerce system to the public cloud and also evaluate these threat modelling Techniques.

References

SHOWING 1-10 OF 10 REFERENCES
A Scenario-Based Methodology for Cloud Computing Security Risk Assessment
TLDR
This paper uses the National Institute of Standards and Technology (NIST) Risk Management Framework and presents a dynamic scenario-based methodology for risk assessment based using Bayesian networks to estimate the likelihood of cloud application security failure.
Cloud Attack and Risk Assessment Taxonomy
TLDR
A conceptual cloud attack and risk assessment taxonomy is presented, suggesting that to mitigate risks to the confidentiality, integrity, and availability of assets, as well as to minimize losses to cloud service providers and users, particularly organizational users, the attack risk elements must be identified, classified, quantified, and prioritized.
Taking Compliance to the Cloud—Using ISO Standards (Tools and Techniques)
TLDR
A risk-assessment approach for cloud computing software as a service applications derived from the ISO 27001 Information Security Management System standard and complemented by ISO practices for Cloud Security and Protecting Personal Information in the Cloud are presented.
Information Security Risk Assessment: A Method Comparison
TLDR
The author evaluates the practical application of three ISRA methods in terms of tasks required, user experience, and results.
Managing Risk in a Cloud Ecosystem
TLDR
This article focuses on security risks related to the operation and use of cloud-based information systems.
Understanding Cloud Computing Vulnerabilities
TLDR
Four indicators of cloud-specific vulnerabilities are defined, a security-specific cloud reference architecture is introduced, and examples of cloud -specific vulnerabilities for each architectural component are provided.
Alliance -The Dirty Dozen: 12 top cloud security threats
  • 2018
He is a Senior Member of the IEEE and has served in several IEEE positions -Chair of the Denver Section
  • 2009
 Soft Layer ISO 27001 certifcation
    Weil , " Taking Compliance to the Cloud — Using ISO Standards ( Tools and Techniques )
    • , " Managing Risk in a Cloud Ecosystem , " in IEEE Cloud Computing