Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

National Security
Reference:

Tsaregorodtsev, A.V., Ermoshkin, G.N. The model for the evaluation of information security risks in the information system based upon the cloud computing.

Abstract: Cloud services, which are currently regarded as one of the most attractive modern infor mation technologies, are capable of both optimizing the information security management processes, and complicating control over critical data and counter-measures for security incidents in an organization. Solution to the problem of timely and goodquality outsourcing and information security risks analysis for the cloud architecture systems shall allow to solve numerous problems related to protection from threats of use of information and telecommunication technology for illegal purposes. The wide spread and application of cloud computing requires the need for adaptation and development of the existing risk evaluation models for information systems. The approach presented in this article may be used for evaluation of risks in information systems, functioning on the basis of cloud computing technology and for the evaluation of efficiency of current security measures. At the same time, risk evaluation includes the stages of analysis and evaluation, and the risk analysis includes identification and quality evaluation of risk. Evaluation guarantees are provided based upon defining the risk context (choice of risk criteria and defining the scope of analysis). The quantity evaluation of risks is understood as a modeling process, including development and analysis of alternative risk scenarios and the formation of risk functions, defining the possibility for the risk situation taking place.


Keywords:

i n for mat ion secu r it y, cloud computing, public cloud, private cloud, hybrid cloud, risk evaluation, risk model, influence matrix, loss matrix, dependency matrix.


This article can be downloaded freely in PDF format for reading. Download article


References
1. Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, Joint Task Force Transformation Initiative, NIST Special Publication 800-37, Revision 1, .
2. Tsaregorodtsev A.V., Kachko A.K. Odin iz podkhodov k upravleniyu informatsionnoy bezopasnost'yu pri razrabotke informatsionnoy infrastruktury organizatsii // Natsional'naya bezopasnost'. – M.: Izd-vo "NB Media", 2012.-№ 1(18). – S. 46-59.
3. Tsaregorodtsev A.V., Kachko A.K. Obespechenie informatsionnoy bezopasnosti na oblachnoy arkhitekture organizatsii // Natsional'naya bezopasnost'. – M.: Izd-vo "NB Media", 2011.-№5. – S. 25-34.
4. Michael Armbrust, Armando Fox,ReanGriffith.Above The Clouds:A Berkeley View of Cloud Computing. 2009, 2. EECS Department University of California, Berkeley Technical Report No. UCB /EECS 200928.http: //www.eecs. erkeley.edu /Pubs /TechRpts/2009/EECS-2009-28.pdf.
5. FENG Deng Guo, ZHANG Min,ZHANGYan,XUZhen.Study on Cloud Computing Security.Journal of Software, 2011, 22(1). – PP. 71-83.
6. Zhang Jian Xun, Gu Zhi Min. Surey of research progress on cloud computing.Application Research of Computers, 2010, 27(2). – PP. 429-433.
7. Steve Elky. An Introduction to Information System Risk Management-SANS Institute, 2007.