Information Security Risk Management Framework for the Cloud Computing Environments

Author

Zhang, Xuan ; Wuwong, Nattapong ; Li, Hao ; Zhang, Xuejie

Author_Institution

Sch. of Software, Yunnan Univ., Kunming, China

fYear

2010

fDate

June 29 2010-July 1 2010

Firstpage

1328

Lastpage

1334

Abstract

The security risks associated with each cloud delivery model vary and are dependent on a wide range of factors including the sensitivity of information assets, cloud architectures and security controls involved in a particular cloud environment. Over time, organizations tend to relax their security posture. To combat a relaxation of security, the cloud provider should perform regular security assessments. Risk management framework is one of security assessment tool to reduction of threats and vulnerabilities and mitigates security risks. The goal of this paper is to present information risk management framework for better understanding critical areas of focus in cloud computing environment, to identifying a threat and identifying vulnerability. This framework is covering all of cloud service models and cloud deployment models. Cloud provider can be applied this framework to organizations to do risk mitigation.

Keywords

Internet; computer network security; risk analysis; cloud architectures; cloud computing environments; cloud delivery model; cloud deployment models; cloud provider; cloud service models; information assets; information security risk management; risk mitigation; security assessment tool; security controls; security risks; Book reviews; Cloud computing; Clouds; Monitoring; Risk management; Security; cloud computing; risk management framwork;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on

Conference_Location

Bradford

Print_ISBN

978-1-4244-7547-6

Type

conf

DOI

10.1109/CIT.2010.501

Filename

5577860