A risk model for cloud processes

نویسندگان

چکیده مقاله:

Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification of "typical" threats and attack vectors. Also, the dynamic, multi-party nature of cloud-based processes makes severity assessment very dependent on the particular set of stakeholders involved in each process execution. In this paper, we tackle these problems by presenting a novel, process-oriented quantitative risk assessment methodology aimed at disclosure risks on cloud computing platforms. Key advantages of our methodology include (i) a fully quantitative and iterative approach, which enables stakeholders to compare alternative versions of cloud-based processes (e.g., with and without security controls) (ii) non-frequency-based probability estimates, which allow analyzing threats for which a detailed history is not available (iii) support for quick visual comparisons of risk profiles of alternative processes even when impact cannot be exactly quantified.

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A FUZZY MODEL FOR ASSESSMENT PROCESSES

The methods of assessing the individuals’ performance usually applied in practice are based on principles of the bivalent logic (yes-no). However, fuzzy logic, due to its nature of including multiple values, offers a wider and richer field of resources for this purpose. In this paper we use principles of fuzzy logic in developing a new method for assessing the performance of groups of individua...

متن کامل

a fuzzy model for assessment processes

the methods of assessing the individuals’ performance usually applied in practice are based on principles of the bivalent logic (yes-no). however, fuzzy logic, due to its nature of including multiple values, offers a wider and richer field of resources for this purpose. in this paper we use principles of fuzzy logic in developing a new method for assessing the performance of groups of individua...

متن کامل

investigating the feasibility of a proposed model for geometric design of deployable arch structures

deployable scissor type structures are composed of the so-called scissor-like elements (sles), which are connected to each other at an intermediate point through a pivotal connection and allow them to be folded into a compact bundle for storage or transport. several sles are connected to each other in order to form units with regular polygonal plan views. the sides and radii of the polygons are...

Leveraged BMIS Model for Cloud Risk Control

Cloud computing has increasingly been drawing attention these days. Each big company in IT hurries to get a chunk of meat that promises to be a whopping market in the future. At the same time, information is always associated with security and risk problems. Nowadays, the handling of these risks is no longer just a technology problem, with a good deal of literature focusing on risk or security ...

متن کامل

Fuzzy model for risk analysis

The goal of this paper is to show how the concept of fuzzy logic can be used to establish a degree to which an investment project belongs to a class of risk. Also, the probability of the fuzzy event is presented and is ap-plied to calculate the probability of the fuzzy event “the project X is a good investment”. This process has to enable the decision maker to compare several alternative invest...

متن کامل

CSRA Model - A Cloud Service Risk Assessment Model

International Journal Web Applications Volume 7 Number 2 June 2015 ABSTRACT: Cloud computing is considered a paradigm both technology and business. Its widespread adoption is an increasingly effective trend. However, the lack of quality metrics and audit of services offered in the cloud slows its use, and it stimulates the increase in focused discussions with the adaptation of existing standard...

متن کامل

منابع من

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


عنوان ژورنال

دوره 6  شماره 2

صفحات  99- 123

تاریخ انتشار 2014-07-01

با دنبال کردن یک ژورنال هنگامی که شماره جدید این ژورنال منتشر می شود به شما از طریق ایمیل اطلاع داده می شود.

میزبانی شده توسط پلتفرم ابری doprax.com

copyright © 2015-2023