CSCCRA: A novel quantitative risk assessment model for cloud service providers
File version
Accepted Manuscript (AM)
Author(s)
New, S
Martin, A
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
Size
File type(s)
Location
Limassol, Cyprus
License
Abstract
Assessing and managing cloud risks can be a challenge, even for the cloud service providers (CSPs), due to the increased numbers of parties, devices and applications involved in cloud service delivery. The limited visibility of security controls down the supply chain, further exacerbates this risk assessment challenge. As such, we propose the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by cloud supplier security assessment (CSSA) and cloud supply chain mapping (CSCM). Using the CSCCRA model, we assess the risk of a Customer Relationship Management (CRM) application, mapping its supply chain to identify weak links, evaluating its security risks and presenting the risk value in dollar terms, with this, promoting cost-effective risk mitigation and optimal risk prioritisation.
Journal Title
Conference Title
Information Systems
Book Title
Edition
Volume
341
Issue
Thesis Type
Degree Program
School
Publisher link
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement
© Springer Nature Switzerland AG 2019. This is the author-manuscript version of this paper. Reproduced in accordance with the copyright policy of the publisher.The original publication is available at www.springerlink.com
Item Access Status
Note
Access the data
Related item(s)
Subject
Cybersecurity and privacy not elsewhere classified
Persistent link to this record
Citation
Akinrolabu, O; New, S; Martin, A, CSCCRA: A novel quantitative risk assessment model for cloud service providers, Information Systems, 2019, 341, pp. 177-184