Cyber risk assessment in cloud provider environments: Current models and future needs

No Thumbnail Available
File version
Author(s)
Akinrolabu, O
Nurse, JRC
Martin, A
New, S
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
2019
Size
File type(s)
Location
License
Abstract

Traditional frameworks for risk assessment do not work well for cloud computing. While recent work has often focussed on the risks faced by firms adopting or selecting cloud services, there has been little research on how cloud providers might assess their own services. In this paper, we use an in-depth review of the extant literature to highlight the weaknesses of traditional risk assessment frameworks for this task. Using examples, we then describe a new risk assessment model (CSCCRA) and compare this against three established approaches. For each approach, we consider its goals, the risk assessment process, decisions, the scope of the assessment and the way in which risk is conceptualised. This evaluation points to the need for dynamic models specifically designed to evaluate cloud risk. Our suggestions for future research are aimed at improving the identification, assessment, and mitigation of inter-dependent cloud risks inherent in a defined supply chain.

Journal Title

Computers and Security

Conference Title
Book Title
Edition
Volume

87

Issue
Thesis Type
Degree Program
School
Publisher link
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement
Item Access Status
Note
Access the data
Related item(s)
Subject

Information and computing sciences

Cybersecurity and privacy

Persistent link to this record
Citation

Akinrolabu, O; Nurse, JRC; Martin, A; New, S, Cyber risk assessment in cloud provider environments: Current models and future needs, Computers and Security, 2019, 87

Collections