Outline
- Abstract
- Keywords
- I. Introduction
- II. Information Security Risk Management Framework
- III. Use of the Framework
- IV. the Delicate Balance Between Risks and Benefits
- V. Conclusion
- References
رئوس مطالب
- چکیده
- کلید واژه ها
- 1.مقدمه
- 2. چارچوب مدیریت ریسک امنیت اطلاعات
- 3. استفاده از چارچوب
- 4. موازنه دقیق بین ریسک ها و منافع
- 5. نتیجه گیری
Abstract
The security risks associated with each cloud delivery model vary and are dependent on a wide range of factors including the sensitivity of information assets, cloud architectures and security controls involved in a particular cloud environment. Over time, organizations tend to relax their security posture. To combat a relaxation of security, the cloud provider should perform regular security assessments. Risk management framework is one of security assessment tool to reduction of threats and vulnerabilities and mitigates security risks. The goal of this paper is to present information risk management framework for better understanding critical areas of focus in cloud computing environment, to identifying a threat and identifying vulnerability. This framework is covering all of cloud service models and cloud deployment models. Cloud provider can be applied this framework to organizations to do risk mitigation.
Keywords: Cloud computing - risk management frameworkConclusions
Cloud computing provides an efficient, scalable, and cost-effective way for today’s organizations to deliver business or consumer IT services over the Internet. A variety of different cloud computing models are available, providing both solid support for core business functions and the flexibility to deliver new services.
However, the flexibility and openness of cloud computing models have created a number of security concerns. Massive amounts of IT resources are shared among many users, and security processes are often hidden behind layers of abstraction. More to the point, cloud computing is often provided as a service, so control over data and operations is shifted to third-party service providers, requiring their clients to establish trust relationships with their providers and develop security solutions that take this relationship into account [1]. In this paper we provide a risk management framework for better understanding enterprise security. This framework is covering all of cloud service models and cloud deployment models. Cloud provider can be applied this framework to organizations to do risk analysis, risk assessment, and risk mitigation.
Key to the successful adoption and transition of information systems to a cloud computing environment is the implementation or modification of a strategic proactive information security risk management framework for cloud computing environment. We developed a framework that implemented in logistics Software as a Service (SaaS) project of E-commerce Technology Laboratory at Yunnan University, China. Then we will apply this framework to Infrastructure as a Service (IaaS) environment and Platform as a Service (IaaS) to testing this framework.