Toward risk assessment as a service in cloud environments
作者: Wayne Pauley , Burton S. Kaliski
DOI:
关键词:
摘要: Security and privacy assessments are considered a best practice for evaluating system or application potential risks exposures. Cloud computing introduces several characteristics that challenge the effectiveness of current assessment approaches. In particular, on-demand, automated, multi-tenant nature cloud is at odds with static, human process-oriented systems which typical were designed. This paper describes these challenges recommends addressing them by introducing risk as service.
acm.org 参考文章(24)
Shahed Latif, Tim Mather, Subra Kumaraswamy, Cloud security and privacy No Category. ,vol. 338, ,(2009)
Bambang Supradono, MANAJEMEN RISIKO KEAMANAN INFORMASI DENGAN MENGGUNAKAN METODE OCTAVE (OPERATIONALLY CRITICAL THREAT, ASSET, AND VULNERABILITY EVALUATION) MEDIA ELEKTRIKA. ,vol. 2, pp. 149261- ,(2009)
Vijay Machiraju, Mehmet Sayal, Aad van Moorsel, Fabio Casati, Akhil Sahai, Automated SLA Monitoring for Web Services distributed systems operations and management. pp. 28- 41 ,(2002) , 10.1007/3-540-36110-3_6
Carlos Flavián, Miguel Guinalíu, Consumer trust, perceived security and privacy policy Industrial Management & Data Systems. ,vol. 106, pp. 601- 620 ,(2006) , 10.1108/02635570610666403
Bill Tsoumas, Stelios Dritsas, Dimitris Gritzalis, An Ontology-Based Approach to Information Systems Security Management Lecture Notes in Computer Science. pp. 151- 164 ,(2005) , 10.1007/11560326_12
Les Labuschagne, Anita Vorster, A framework for comparing different information security risk analysis methodologies south african institute of computer scientists and information technologists. pp. 95- 103 ,(2005) , 10.5555/1145675.1145686
Jeffrey M. Nick, David Cohen, Burton S. Kaliski, Key Enabling Technologies for Virtual Private Clouds ieee international conference on cloud computing technology and science. pp. 47- 63 ,(2010) , 10.1007/978-1-4419-6524-0_3
Neil F. Doherty, Heather Fulford, Aligning the information security policy with the strategic information systems plan Computers & Security. ,vol. 25, pp. 55- 63 ,(2006) , 10.1016/J.COSE.2005.09.009
J.O. Kephart, D.M. Chess, The vision of autonomic computing IEEE Computer. ,vol. 36, pp. 41- 50 ,(2003) , 10.1109/MC.2003.1160055
Hamid R. Nemati, Thomas Van Dyke, Do Privacy Statements Really Work? The Effect of Privacy Statements and Fair Information Practices on Trust and Perceived Risk in E-Commerce International Journal of Information Security and Privacy. ,vol. 3, pp. 45- 64 ,(2009) , 10.4018/JISP.2009010104