Cloud computing has been one of the major emerging technologies in recent years. However, for cloud computing, the risk assessment becomes more complex since there are several issues that likely emerged. In this paper, we survey the existing work on assessing security risks in cloud computing applications. Existing work does not address the dynamic nature of cloud applications and there is a need for methods that calculate the security risk factor dynamically. In this paper, we use the National Institute of Standards and Technology (NIST) Risk Management Framework and present a dynamic scenario-based methodology for risk assessment. The methodology is based using Bayesian networks to estimate the likelihood of cloud application security failure which enables us to compute the probability distribution of failures over variables of interest given the evidence. We illustrate the methodology using two case studies and highlight the significant risk factors. We also show the effect of using security controls in reducing the risk factors.
A Scenario-Based Methodology for Cloud Computing Security Risk Assessment
