TY - JOUR
T1 - Security risk assessment framework for cloud computing environments
AU - Albakri, S.H.
AU - Shanmugam, B.
AU - Samy, Ganthan Narayana
AU - Idris, N.B.
AU - Ahmed, A.
PY - 2014/11/1
Y1 - 2014/11/1
N2 - Cloud computing has become today's most common technology buzzword. Despite the promises of cloud computing to decrease computing implementation costs and deliver computing as a service, which allows clients to pay only for what they need and use, cloud computing also raises many security concerns. Most popular risk assessment standards, such as ISO27005, NIST SP800-30, and AS/NZS 4360, assume that an organization's assets are fully managed by the organization itself and that all security management processes are imposed by the organization. These assumptions, however, do not apply to cloud computing environments. Hence, this paper proposes a security risk assessment framework that can enable cloud service providers to assess security risks in the cloud computing environment and allow cloud clients to contribute in risk assessment. The proposed framework provides a more realistic and accurate risk assessment outcome by considering the cloud clients' evaluation of security risk factors and avoiding the complexity that can result from the involvement of clients in whole risk assessment process.
AB - Cloud computing has become today's most common technology buzzword. Despite the promises of cloud computing to decrease computing implementation costs and deliver computing as a service, which allows clients to pay only for what they need and use, cloud computing also raises many security concerns. Most popular risk assessment standards, such as ISO27005, NIST SP800-30, and AS/NZS 4360, assume that an organization's assets are fully managed by the organization itself and that all security management processes are imposed by the organization. These assumptions, however, do not apply to cloud computing environments. Hence, this paper proposes a security risk assessment framework that can enable cloud service providers to assess security risks in the cloud computing environment and allow cloud clients to contribute in risk assessment. The proposed framework provides a more realistic and accurate risk assessment outcome by considering the cloud clients' evaluation of security risk factors and avoiding the complexity that can result from the involvement of clients in whole risk assessment process.
KW - Cloud computing
KW - Cloud computing security
KW - Information security risk assessment framework
KW - Risk perception
KW - Security of data
KW - Assessment process
KW - Cloud computing environments
KW - Cloud computing securities
KW - Cloud service providers
KW - Implementation cost
KW - Information security risk assessment
KW - Security management process
KW - Security risk assessments
KW - Risk assessment
UR - https://www.scopus.com/record/display.uri?eid=2-s2.0-84910613242&doi=10.1002%2fsec.923&origin=inward&txGid=da6167b5ea17e34eea6c5d511f1b1491
U2 - 10.1002/sec.923
DO - 10.1002/sec.923
M3 - Article
SN - 1939-0114
VL - 7
SP - 2114
EP - 2124
JO - Security and Communication Networks
JF - Security and Communication Networks
IS - 11
ER -