Traditional Security Risk Assessment Methods in Cloud Computing Environment: Usability Analysis

Authors

  • Sameer Hasan Albakri Advanced Informatics School (AIS), Universiti Teknologi Malaysia, Malaysia
  • Bharanidharan Shanmugam Advanced Informatics School (AIS), Universiti Teknologi Malaysia, Malaysia
  • Ganthan Narayana Samy Advanced Informatics School (AIS), Universiti Teknologi Malaysia, Malaysia
  • Norbik Bashah Idris Advanced Informatics School (AIS), Universiti Teknologi Malaysia, Malaysia
  • Azuan Ahmed Advanced Informatics School (AIS), Universiti Teknologi Malaysia, Malaysia

DOI:

https://doi.org/10.11113/jt.v73.4197

Keywords:

Security risk assessment, cloud computing, security risk assessment in cloud computing

Abstract

The term “Cloud Computing†has become very common in our daily life. Cloud computing has emerged with promises to decrease the cost of computing implementation and deliver the computing as service, where the clients pay only for what he needed and used. However, due to the new structure of the cloud computing model, several security concerns have been raised and many other security threats have been needed to be reevaluated according to the cloud structure. Besides, the traditional security risk assessment methods become unfit for cloud computing model due to its new distinguished characteristics. In this paper, we analysis the traditional information security risk assessment methods’ ability to assess the security risks in cloud computing environments.  

References

Peiyu, L. I. U. and L. I. U. Dong. 2011. The New Risk Assessment Model for Information System in Cloud Computing Environment. Procedia Engineering. 15(0): 3200–3204.

Buyya, R., J. Broberg, and A. G. s. nski. 2011. Cloud Computing. Wiley Online Library.

Mell, P. and T. Grance. 2011. The NIST Definition of Cloud Computing. NIST Special Publication. 800: 145.

Mays, K. Most Analysts Predict SMB Cloud Adoption to Continue Skyward Growth. 2013; Available from: http://www.itbusinessedge.com/blogs/smb-tech/most-analysts-predict-smb-cloud-adoption-to-continue-skyward-growth.html.

British.Standard. 2009. Information Security Management-Overview and Vocabulary. British Standard: Switzerland.

Peltier, T. R. 2005. Information Security Risk Analysis. CRC Press.

Djemame, K., et al. 2011. A Risk Assessment Framework and Software Toolkit for Cloud Service Ecosystems. In Cloud Computing 2011, The Second International Conference on Cloud Computing, GRIDs, and Virtualization. 119–126.

Hurwitz, J. et al. 2009. Cloud Computing for Dummies. 1. For Dummies.

Hong, C., W. Ning, and Z. Ming Jun. 2010. A Transparent Approach of Enabling SaaS Multi-tenancy in the Cloud. In Services (SERVICES-1), 2010 6th World Congress on.

Hong, C. et al. 2009. An End-to-End Methodology and Toolkit for Fine Granularity SaaS-ization. in Cloud Computing, 2009. CLOUD '09. IEEE International Conference on.

Chang Jie, G., et al. 2007. A Framework for Native Multi-Tenancy Application Development and Management. in E-Commerce Technology and the 4th IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services, 2007. CEC/EEE 2007. The 9th IEEE International Conference on.

Pervez, Z., L. Sungyoung, and L. Young-Koo. 2010. Multi-Tenant, Secure, Load Disseminated SaaS Architecture. in Advanced Communication Technology (ICACT), 2010 The 12th International Conference on.

Almorsy, M., J. Grundy, and A. S. Ibrahim. 2012. TOSSMA: A Tenant-Oriented SaaS Security Management Architecture. In Cloud Computing (CLOUD), 2012 IEEE 5th International Conference on.

British.Standard. 2011. Information Technology–Security Techniques–Information Security Risk Management. British Standard: Switzerland.

Chen, Y., V. Paxson, and R. H. Katz. 2010. What’s New About Cloud Computing Security? University of California, Berkeley Report No. UCB/EECS-2010-5 January, 2010. 20: 2010–5.

Zissis, D. and D. Lekkas. 2012. Addressing Cloud Computing Security Issues. Future Generation Computer Systems. 28(3): 583–592.

Krutz, R. L. and R. D. Vines. 2010. Cloud Security: A Comprehensive Guide to Secure Cloud Computing. Wiley.

Procopio, M. 2011. Cloud Computing Does Not Require Virtualization. 02-10-2012]; Available from: http://www.enterprisecioforum.com/en/blogs/michaelprocopio/cloud-computing-does-not-require-virtual.

Speake, G. and V. J. R. Winkler. 2011. Securing the Cloud: Cloud Computer Security Techniques and Tactics. Elsevier.

Brodkin, J., Gartner. 2008. Seven Cloud-computing Security Risks. Infoworld. 1–3.

Saripalli, P. and B. Walters. 2010. QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference. 280–288.

Tanimoto, S., et al. 2011. Risk Management on the Security Problem in Cloud Computing. In Computers, Networks, Systems and Industrial Engineering (CNSI), 2011 First ACIS/JNU International Conference on.

ENISA. 2009. Cloud Computing: Benefits, Risks and Recommendations for Information Security. The European Network and Information Security Agency (ENISA).

Manavi, S., et al. 2012. Hierarchical Secure Virtualization Model for cloud. In Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on. IEEE.

Park, J. H., A. 2012. Virtualization Security Framework for Public Cloud Computing. Computer Science and its Applications. 203: 421–428.

Luo, X., et al. 2011. Virtualization Security Risks and Solutions of Cloud Computing via Divide-Conquer Strategy. In Multimedia Information Networking and Security (MINES), 2011 Third International Conference on. IEEE.

Lombardi, F. and R. Di Pietro. 2011. Secure Virtualization for Cloud Computing. Journal of Network and Computer Applications. 34(4): 1113–1122.

Chu, C. H., Y. C. Ouyang, and C. B. Jang. 2012. Secure Data Transmission with Cloud Computing in Heterogeneous Wireless Networks. Security and Communication Networks. 5(12): 1325–1336.

Morin, J., J. Aubert, and B. Gateau. 2012. Towards Cloud Computing SLA Risk Management: Issues and Challenges. in System Science (HICSS), 2012 45th Hawaii International Conference on. IEEE.

Hammadi, A. M. and O. Hussain. 2012. A Framework for SLA Assurance in Cloud Computing. in Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on. IEEE.

Yan, W. and N. Ansari. 2011. Antiâ€virus inâ€theâ€cloud Service: Are We Ready for the Security Evolution? Security and Communication Networks. 5(6): 572–582.

Khorshed, M.T., A. Ali, and S.A. Wasimi. 2012.Classifying Different Denialâ€ofâ€Service Attacks in Cloud Computing Using Ruleâ€based Learning. Security and Communication Networks.

Wang, B., et al. 2009. Open Identity Management Framework for SaaS Ecosystem. In e-Business Engineering, 2009. ICEBE '09. IEEE International Conference on.

Xuan, Z., et al. 2010. Information Security Risk Management Framework for the Cloud Computing Environments. In Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on.

Fito, J. O. and J. Guitart. 2012. Business-driven Management of Infrastructure-level Risks in Cloud Providers. Future Generation Computer Systems.

Fito, J.O., M. Macias, and J. Guitart. 2010. Toward Business-driven Risk Management for Cloud computing. In Network and Service Management (CNSM), 2010 International Conference on.

Sharma, S. 2013. Embedded Systems–A Security Paradigm for Pervasive Computing. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on.

Almorsy, M., J. Grundy, and A.S. Ibrahim. 2011. Collaboration-based Cloud Computing Security Management Framework. In Cloud Computing (CLOUD), 2011 IEEE International Conference on.

Zhao, G. 2012. Holistic Framework of Security Management for Cloud Service Providers. In Industrial Informatics (INDIN), 2012 10th IEEE International Conference on. IEEE.

Karabacak, B. and I. Sogukpinar. 2005. ISRAM: Information Security Risk Analysis Method. Computers & Security. 24(2): 147–159.

Pirzadeh, L. and E. Jonsson. 2011. A Cause and Effect Approach Towards Risk Analysis.

Blakley, B., E. McDermott, and D. Geer. 2001. Information Security Is Information Risk Management. In Proceedings of the 2001 Workshop on New Security Paradigms. ACM.

Schechter, S. E. 2005. Toward Econometric Models of the Security Risk From Remote Attacks. Security & Privacy, IEEE. 3(1): 40–44.

Xie, Q., et al. 2013. Secure Mobile User Authentication and Key Agreement Protocol with Privacy Protection in Global Mobility Networks. in Biometrics and Security Technologies (ISBAST), 2013 International Symposium on. IEEE.

Miyazaki, A. D. and A. Fernandez. 2001. Consumer Perceptions of Privacy and Security Risks for Online Shopping. Journal of Consumer Affairs. 35(1): 27–44.

Samy, G. N., R. Ahmad, and Z. Ismail, Adopting and Adapting Medical Approach in Risk Management Process for Analysing Information Security Risk, in Risk Management for the Future–Theory and Cases, J. Emblemsvåg, Editor. InTech.

Badr, Y. and J. Stephan. 2007. Security and Risk Management in Supply Chains. Journal of Information Assurance and Security. 2(4): 288–296.

Kim, Y.-G., et al. 2007. Modeling and Simulation for Security Risk Propagation in Critical Information Systems. In Computational Intelligence and Security. Springer. 858–868.

Downloads

Published

2014-03-09

Issue

Vol. 73 No. 2: Special Issue on International Conference of Recent Trends in Information and Communication Technology (IRICT 2014)

Section

Science and Engineering

License

Copyright of articles that appear in Jurnal Teknologi belongs exclusively to Penerbit Universiti Teknologi Malaysia (Penerbit UTM Press). This copyright covers the rights to reproduce the article, including reprints, electronic reproductions, or any other reproductions of similar nature.

How to Cite

Traditional Security Risk Assessment Methods in Cloud Computing Environment: Usability Analysis. (2014). Jurnal Teknologi, 73(2). https://doi.org/10.11113/jt.v73.4197