Cyber risk assessment in cloud provider environments: Current models and future needs

Cyber risk assessment in cloud provider environments: Current models and future needs

Traditional frameworks for risk assessment do not work well for cloud computing. While recent work has often focussed on the risks faced by firms adopting or selecting cloud services, there has been little research on how cloud providers might assess their own services. In this paper, we use an in-d...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2019-11, Vol.87, p.101600, Article 101600
Hauptverfasser: Akinrolabu, Olusola, Nurse, Jason R.C., Martin, Andrew, New, Steve
Format: Artikel
Sprache:eng
Schlagworte:
Cloud computing
Cloud risks
Conceptual model
Cybersecurity
Dynamic models
Evaluation
Literature reviews
Quantitative and qualitative assessment
Risk assessment
Supply chain
Supply chains
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page 101600
container_title Computers & security
container_volume 87
creator Akinrolabu, Olusola
Nurse, Jason R.C.
Martin, Andrew
New, Steve
description Traditional frameworks for risk assessment do not work well for cloud computing. While recent work has often focussed on the risks faced by firms adopting or selecting cloud services, there has been little research on how cloud providers might assess their own services. In this paper, we use an in-depth review of the extant literature to highlight the weaknesses of traditional risk assessment frameworks for this task. Using examples, we then describe a new risk assessment model (CSCCRA) and compare this against three established approaches. For each approach, we consider its goals, the risk assessment process, decisions, the scope of the assessment and the way in which risk is conceptualised. This evaluation points to the need for dynamic models specifically designed to evaluate cloud risk. Our suggestions for future research are aimed at improving the identification, assessment, and mitigation of inter-dependent cloud risks inherent in a defined supply chain.
doi_str_mv 10.1016/j.cose.2019.101600
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2315505317</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404819301543</els_id><sourcerecordid>2315505317</sourcerecordid><originalsourceid>FETCH-LOGICAL-c425t-5a67bed1809db4751ed158be753b196d748773e9be3b0a880e9951fec7b17d723</originalsourceid><addsrcrecordid>eNp9kE1LxDAQhoMouK7-AU8Bz12TtmlS8SLFL1jw4p5Dm0wh626yZtqF_fem1rOnGWbedz4eQm45W3HGq_vtygSEVc54_Vtg7IwsuJJ5VuVMnZNFqsmsZKW6JFeIW8a4rJRakE1z6iDS6PCLtoiAuAc_UOep2YXR0kMMR2eTAvzRxeCnLj7QZoxx0u2DhR3S1lvaj8MYgXoAi9fkom93CDd_cUk2L8-fzVu2_nh9b57WmSlzMWSirWQHlitW266UgqdcqA6kKDpeV1aWSsoC6g6KjrVKMahrwXswsuPSyrxYkrt5bjrzewQc9DaM0aeVOi-4EEwUXCZVPqtMDIgRen2Ibt_Gk-ZMT7T0Vk_49IRPz_iS6XE2pf_g6CBqNA68AesimEHb4P6z_wAUY3kP</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2315505317</pqid></control><display><type>article</type><title>Cyber risk assessment in cloud provider environments: Current models and future needs</title><source>Access via ScienceDirect (Elsevier)</source><creator>Akinrolabu, Olusola ; Nurse, Jason R.C. ; Martin, Andrew ; New, Steve</creator><creatorcontrib>Akinrolabu, Olusola ; Nurse, Jason R.C. ; Martin, Andrew ; New, Steve</creatorcontrib><description>Traditional frameworks for risk assessment do not work well for cloud computing. While recent work has often focussed on the risks faced by firms adopting or selecting cloud services, there has been little research on how cloud providers might assess their own services. In this paper, we use an in-depth review of the extant literature to highlight the weaknesses of traditional risk assessment frameworks for this task. Using examples, we then describe a new risk assessment model (CSCCRA) and compare this against three established approaches. For each approach, we consider its goals, the risk assessment process, decisions, the scope of the assessment and the way in which risk is conceptualised. This evaluation points to the need for dynamic models specifically designed to evaluate cloud risk. Our suggestions for future research are aimed at improving the identification, assessment, and mitigation of inter-dependent cloud risks inherent in a defined supply chain.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2019.101600</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Cloud computing ; Cloud risks ; Conceptual model ; Cybersecurity ; Dynamic models ; Evaluation ; Literature reviews ; Quantitative and qualitative assessment ; Risk assessment ; Supply chain ; Supply chains</subject><ispartof>Computers &amp; security, 2019-11, Vol.87, p.101600, Article 101600</ispartof><rights>2019 Elsevier Ltd</rights><rights>Copyright Elsevier Sequoia S.A. Nov 2019</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c425t-5a67bed1809db4751ed158be753b196d748773e9be3b0a880e9951fec7b17d723</citedby><cites>FETCH-LOGICAL-c425t-5a67bed1809db4751ed158be753b196d748773e9be3b0a880e9951fec7b17d723</cites><orcidid>0000-0002-2248-7900</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.cose.2019.101600$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>315,782,786,3552,27931,27932,46002</link.rule.ids></links><search><creatorcontrib>Akinrolabu, Olusola</creatorcontrib><creatorcontrib>Nurse, Jason R.C.</creatorcontrib><creatorcontrib>Martin, Andrew</creatorcontrib><creatorcontrib>New, Steve</creatorcontrib><title>Cyber risk assessment in cloud provider environments: Current models and future needs</title><title>Computers &amp; security</title><description>Traditional frameworks for risk assessment do not work well for cloud computing. While recent work has often focussed on the risks faced by firms adopting or selecting cloud services, there has been little research on how cloud providers might assess their own services. In this paper, we use an in-depth review of the extant literature to highlight the weaknesses of traditional risk assessment frameworks for this task. Using examples, we then describe a new risk assessment model (CSCCRA) and compare this against three established approaches. For each approach, we consider its goals, the risk assessment process, decisions, the scope of the assessment and the way in which risk is conceptualised. This evaluation points to the need for dynamic models specifically designed to evaluate cloud risk. Our suggestions for future research are aimed at improving the identification, assessment, and mitigation of inter-dependent cloud risks inherent in a defined supply chain.</description><subject>Cloud computing</subject><subject>Cloud risks</subject><subject>Conceptual model</subject><subject>Cybersecurity</subject><subject>Dynamic models</subject><subject>Evaluation</subject><subject>Literature reviews</subject><subject>Quantitative and qualitative assessment</subject><subject>Risk assessment</subject><subject>Supply chain</subject><subject>Supply chains</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><recordid>eNp9kE1LxDAQhoMouK7-AU8Bz12TtmlS8SLFL1jw4p5Dm0wh626yZtqF_fem1rOnGWbedz4eQm45W3HGq_vtygSEVc54_Vtg7IwsuJJ5VuVMnZNFqsmsZKW6JFeIW8a4rJRakE1z6iDS6PCLtoiAuAc_UOep2YXR0kMMR2eTAvzRxeCnLj7QZoxx0u2DhR3S1lvaj8MYgXoAi9fkom93CDd_cUk2L8-fzVu2_nh9b57WmSlzMWSirWQHlitW266UgqdcqA6kKDpeV1aWSsoC6g6KjrVKMahrwXswsuPSyrxYkrt5bjrzewQc9DaM0aeVOi-4EEwUXCZVPqtMDIgRen2Ibt_Gk-ZMT7T0Vk_49IRPz_iS6XE2pf_g6CBqNA68AesimEHb4P6z_wAUY3kP</recordid><startdate>20191101</startdate><enddate>20191101</enddate><creator>Akinrolabu, Olusola</creator><creator>Nurse, Jason R.C.</creator><creator>Martin, Andrew</creator><creator>New, Steve</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0002-2248-7900</orcidid></search><sort><creationdate>20191101</creationdate><title>Cyber risk assessment in cloud provider environments: Current models and future needs</title><author>Akinrolabu, Olusola ; Nurse, Jason R.C. ; Martin, Andrew ; New, Steve</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c425t-5a67bed1809db4751ed158be753b196d748773e9be3b0a880e9951fec7b17d723</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Cloud computing</topic><topic>Cloud risks</topic><topic>Conceptual model</topic><topic>Cybersecurity</topic><topic>Dynamic models</topic><topic>Evaluation</topic><topic>Literature reviews</topic><topic>Quantitative and qualitative assessment</topic><topic>Risk assessment</topic><topic>Supply chain</topic><topic>Supply chains</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Akinrolabu, Olusola</creatorcontrib><creatorcontrib>Nurse, Jason R.C.</creatorcontrib><creatorcontrib>Martin, Andrew</creatorcontrib><creatorcontrib>New, Steve</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers &amp; security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Akinrolabu, Olusola</au><au>Nurse, Jason R.C.</au><au>Martin, Andrew</au><au>New, Steve</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Cyber risk assessment in cloud provider environments: Current models and future needs</atitle><jtitle>Computers &amp; security</jtitle><date>2019-11-01</date><risdate>2019</risdate><volume>87</volume><spage>101600</spage><pages>101600-</pages><artnum>101600</artnum><issn>0167-4048</issn><eissn>1872-6208</eissn><abstract>Traditional frameworks for risk assessment do not work well for cloud computing. While recent work has often focussed on the risks faced by firms adopting or selecting cloud services, there has been little research on how cloud providers might assess their own services. In this paper, we use an in-depth review of the extant literature to highlight the weaknesses of traditional risk assessment frameworks for this task. Using examples, we then describe a new risk assessment model (CSCCRA) and compare this against three established approaches. For each approach, we consider its goals, the risk assessment process, decisions, the scope of the assessment and the way in which risk is conceptualised. This evaluation points to the need for dynamic models specifically designed to evaluate cloud risk. Our suggestions for future research are aimed at improving the identification, assessment, and mitigation of inter-dependent cloud risks inherent in a defined supply chain.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2019.101600</doi><orcidid>https://orcid.org/0000-0002-2248-7900</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0167-4048
ispartof Computers & security, 2019-11, Vol.87, p.101600, Article 101600
issn 0167-4048
1872-6208
language eng
recordid cdi_proquest_journals_2315505317
source Access via ScienceDirect (Elsevier)
subjects Cloud computing
Cloud risks
Conceptual model
Cybersecurity
Dynamic models
Evaluation
Literature reviews
Quantitative and qualitative assessment
Risk assessment
Supply chain
Supply chains
title Cyber risk assessment in cloud provider environments: Current models and future needs
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-04T07%3A52%3A10IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Cyber%20risk%20assessment%20in%20cloud%20provider%20environments:%20Current%20models%20and%20future%20needs&rft.jtitle=Computers%20&%20security&rft.au=Akinrolabu,%20Olusola&rft.date=2019-11-01&rft.volume=87&rft.spage=101600&rft.pages=101600-&rft.artnum=101600&rft.issn=0167-4048&rft.eissn=1872-6208&rft_id=info:doi/10.1016/j.cose.2019.101600&rft_dat=%3Cproquest_cross%3E2315505317%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2315505317&rft_id=info:pmid/&rft_els_id=S0167404819301543&rfr_iscdi=true