Reference:
Tsaregorodtsev, A.V., Ermoshkin, G.N..
The model for the evaluation of information
security risks in the information system
based upon the cloud computing.
// National Security / nota bene. – 2013. – ¹ 6.
– P. 46-54.
DOI: 10.7256/2073-8560.2013.6.9585.
rubric Ôàêòîð íàäåæíîñòè â ñèñòåìàõ áåçîïàñíîñòè
DOI: 10.7256/2073-8560.2013.6.9585
Read the article
Abstract: Cloud services, which are currently
regarded as one of the most attractive modern
infor mation technologies, are capable of both optimizing the information security
management processes, and complicating
control over critical data and counter-measures
for security incidents in an organization.
Solution to the problem of timely and goodquality
outsourcing and information security
risks analysis for the cloud architecture systems
shall allow to solve numerous problems related
to protection from threats of use of information
and telecommunication technology for illegal
purposes. The wide spread and application
of cloud computing requires the need for
adaptation and development of the existing risk
evaluation models for information systems. The
approach presented in this article may be used
for evaluation of risks in information systems,
functioning on the basis of cloud computing
technology and for the evaluation of efficiency
of current security measures. At the same time,
risk evaluation includes the stages of analysis
and evaluation, and the risk analysis includes
identification and quality evaluation of risk.
Evaluation guarantees are provided based upon
defining the risk context (choice of risk criteria
and defining the scope of analysis). The quantity
evaluation of risks is understood as a modeling
process, including development and analysis of
alternative risk scenarios and the formation of
risk functions, defining the possibility for the
risk situation taking place.
Keywords: i n for mat ion secu r it y, cloud computing, public cloud, private cloud, hybrid cloud, risk evaluation, risk model, influence matrix, loss matrix, dependency matrix.
Contact information: Tsaregorodtsev, Anatoliy Valerievich, 125993, Russia, Moskva, Leningradskiy prospect, 49.
References:
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, Joint Task Force Transformation Initiative, NIST Special Publication 800-37, Revision 1, .
Tsaregorodtsev A.V., Kachko A.K. Odin iz podkhodov k upravleniyu informatsionnoy bezopasnost'yu pri razrabotke informatsionnoy infrastruktury organizatsii // Natsional'naya bezopasnost'. – M.: Izd-vo "NB Media", 2012.-¹ 1(18). – S. 46-59.
Tsaregorodtsev A.V., Kachko A.K. Obespechenie informatsionnoy bezopasnosti na oblachnoy arkhitekture organizatsii // Natsional'naya bezopasnost'. – M.: Izd-vo "NB Media", 2011.-¹5. – S. 25-34.
Michael Armbrust, Armando Fox,ReanGriffith.Above The Clouds:A Berkeley View of Cloud Computing. 2009, 2. EECS Department University of California, Berkeley Technical Report No. UCB /EECS 200928.http: //www.eecs. erkeley.edu /Pubs /TechRpts/2009/EECS-2009-28.pdf.
FENG Deng Guo, ZHANG Min,ZHANGYan,XUZhen.Study on Cloud Computing Security.Journal of Software, 2011, 22(1). – PP. 71-83.
Zhang Jian Xun, Gu Zhi Min. Surey of research progress on cloud computing.Application Research of Computers, 2010, 27(2). – PP. 429-433.
Steve Elky. An Introduction to Information System Risk Management-SANS Institute, 2007.
References (transliteration):
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, Joint Task Force Transformation Initiative, NIST Special Publication 800-37, Revision 1, .
Tsaregorodtsev A.V., Kachko A.K. Odin iz podkhodov k upravleniyu informatsionnoy bezopasnost'yu pri razrabotke informatsionnoy infrastruktury organizatsii // Natsional'naya bezopasnost'. – M.: Izd-vo "NB Media", 2012.-¹ 1(18). – S. 46-59.
Tsaregorodtsev A.V., Kachko A.K. Obespechenie informatsionnoy bezopasnosti na oblachnoy arkhitekture organizatsii // Natsional'naya bezopasnost'. – M.: Izd-vo "NB Media", 2011.-¹5. – S. 25-34.
Michael Armbrust, Armando Fox,ReanGriffith.Above The Clouds:A Berkeley View of Cloud Computing. 2009, 2. EECS Department University of California, Berkeley Technical Report No. UCB /EECS 200928.http: //www.eecs. erkeley.edu /Pubs /TechRpts/2009/EECS-2009-28.pdf.
FENG Deng Guo, ZHANG Min,ZHANGYan,XUZhen.Study on Cloud Computing Security.Journal of Software, 2011, 22(1). – PP. 71-83.
Zhang Jian Xun, Gu Zhi Min. Surey of research progress on cloud computing.Application Research of Computers, 2010, 27(2). – PP. 429-433.
Steve Elky. An Introduction to Information System Risk Management-SANS Institute, 2007.