A risk assessment model for selecting cloud service providers

Security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. While cloud adoption mitigates some of the existing information technology (IT) risks, research shows that it introduces a new set of security risks linked to multi-tenancy, supply chain and system complexity. Assessing and managing cloud risks can be a challenge, even for cloud service providers (CSPs), due to the increased numbers of parties, devices and applications involved in cloud service delivery. The limited visibility of security controls down the supply chain, further exacerbates this risk assessment challenge. As such, we propose the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by supplier security posture assessment and supply chain mapping. Using the CSCCRA model, we assess the risk of a SaaS application, mapping its supply chain, identifying weak links in the chain, evaluating its security risks and presenting the risk value in monetary terms (£), with this, promoting cost-effective risk mitigation and optimal risk prioritisation. We later apply the Core Unified Risk Framework (CURF) in comparing the CSCCRA model with already established methods, as part of evaluating its completeness.

Download Full-text

Enhanced Grey Risk Assessment Model for Support of Cloud Service Provider

IEEE Access ◽

10.1109/access.2020.2987735 ◽

2020 ◽

Vol 8 ◽

pp. 80812-80826

Author(s):

Abdul Razaque ◽

Fathi Amsaad ◽

Salim Hariri ◽

Marwah Almasri ◽

Syed S. Rizvi ◽

...

Keyword(s):

Risk Assessment ◽

Service Provider ◽

Cloud Service ◽

Assessment Model ◽

Risk Assessment Model ◽

Cloud Service Provider

Download Full-text

Analysis of a cloud migration framework for offline risk assessment of cloud service providers

Software Practice and Experience ◽

10.1002/spe.2809 ◽

2020 ◽

Vol 50 (6) ◽

pp. 998-1021

Author(s):

Amartya Sen ◽

Sanjay Madria

Keyword(s):

Risk Assessment ◽

Service Providers ◽

Cloud Service ◽

Cloud Migration ◽

Cloud Service Providers

Download Full-text

Cross-Border Risk Factors of Cloud Services: Risk Assessment of IS Outsourcing to Foreign Cloud Service Providers

2013 IEEE 5th International Conference on Cloud Computing Technology and Science ◽

10.1109/cloudcom.2013.81 ◽

2013 ◽

Cited By ~ 1

Author(s):

Patrick Lubbecke ◽

Tobias Anton ◽

Richard Lackes

Keyword(s):

Risk Factors ◽

Risk Assessment ◽

Service Providers ◽

Cloud Service ◽

Cloud Services ◽

Cross Border ◽

Cloud Service Providers ◽

Is Outsourcing

Download Full-text

Development of risk assessment model for civil aviation service providers

2019 5th International Conference on Transportation Information and Safety (ICTIS) ◽

10.1109/ictis.2019.8883728 ◽

2019 ◽

Author(s):

Mingliang Chen ◽

Yuan Zhang ◽

Yanqiu Chen

Keyword(s):

Risk Assessment ◽

Service Providers ◽

Assessment Model ◽

Civil Aviation ◽

Risk Assessment Model

Download Full-text

Data security and risk assessment in cloud computing

ITM Web of Conferences ◽

10.1051/itmconf/20181703028 ◽

2018 ◽

Vol 17 ◽

pp. 03028 ◽

Cited By ~ 1

Author(s):

Jing Li ◽

Qinyuan Li

Keyword(s):

Risk Assessment ◽

Cloud Computing ◽

Data Security ◽

Service Providers ◽

Personal Information ◽

Cloud Service ◽

Cloud Services ◽

Management Framework ◽

Security Controls ◽

Cloud Service Providers

Cloud computing has attracted more and more attention as it reduces the cost of IT infrastructure of organizations. In our country, business Cloud services, such as Alibaba Cloud, Huawei Cloud, QingCloud, UCloud and so on are gaining more and more uses, especially small or median organizations. In the cloud service scenario, the program and data are migrating into cloud, resulting the lack of trust between customers and cloud service providers. However, the recent study on Cloud computing is mainly focused on the service side, while the data security and trust have not been sufficiently studied yet. This paper investigates into the data security issues from data life cycle which includes five steps when an organization uses Cloud computing. A data management framework is given out, including not only the data classification but also the risk management framework. Concretely, the data is divided into two varieties, business and personal information. And then, four classification levels (high, medium, low, normal) according to the different extent of the potential adverse effect is introduced. With the help of classification, the administrators can identify the application or data to implement corresponding security controls. At last, the administrators conduct the risk assessment to alleviate the risk of data security. The trust between customers and cloud service providers will be strengthen through this way.

Download Full-text

Offline Risk Assessment of Cloud Service Providers

IEEE Cloud Computing ◽

10.1109/mcc.2015.63 ◽

2015 ◽

Vol 2 (3) ◽

pp. 50-57 ◽

Cited By ~ 6

Author(s):

Sanjay Madria ◽

Amartya Sen

Keyword(s):

Risk Assessment ◽

Service Providers ◽

Cloud Service ◽

Cloud Service Providers

Download Full-text

Risk assessment model for venous thromboembolism in hospitalized surgical and non-surgical patients in the 4th Hungarian Antithrombotic Guidelines entitled “Diminution and Treatment of Venous Thromboembolism”

Orvosi Hetilap ◽

10.1556/oh.2010.28944 ◽

2010 ◽

Vol 151 (34) ◽

pp. 1365-1374 ◽

Cited By ~ 1

Author(s):

Marianna Dávid ◽

Hajna Losonczy ◽

Miklós Udvardy ◽

Zoltán Boda ◽

György Blaskó ◽

...

Keyword(s):

Risk Assessment ◽

Venous Thromboembolism ◽

Assessment Model ◽

Surgical Patients ◽

Risk Assessment Model

A kórházban kezelt sebészeti és belgyógyászati betegekben jelentős a vénásthromboembolia-rizikó. Profilaxis nélkül, a műtét típusától függően, a sebészeti beavatkozások kapcsán a betegek 15–60%-ában alakul ki mélyvénás trombózis vagy tüdőembólia, és az utóbbi ma is vezető kórházi halálok. Bár a vénás thromboemboliát leggyakrabban a közelmúltban végzett műtéttel vagy traumával hozzák kapcsolatba, a szimptómás thromboemboliás események 50–70%-a és a fatális tüdőembóliák 70–80%-a nem a sebészeti betegekben alakul ki. Nemzetközi és hazai felmérések alapján a nagy kockázattal rendelkező sebészeti betegek többsége megkapja a szükséges trombózisprofilaxist. Azonban profilaxis nélkül marad a rizikóval rendelkező belgyógyászati betegek jelentős része, a konszenzuson alapuló nemzetközi és hazai irányelvi ajánlások ellenére. A belgyógyászati betegek körében növelni kell a profilaxisban részesülők arányát és el kell érni, hogy trombózisrizikó esetén a betegek megkapják a hatásos megelőzést. A beteg trombóziskockázatának felmérése fontos eszköze a vénás thromboembolia által veszélyeztetett betegek felderítésének, megkönnyíti a döntést a profilaxis elrendeléséről és javítja az irányelvi ajánlások betartását. A trombózisveszély megállapításakor, ha nem ellenjavallt, profilaxist kell alkalmazni. „A thromboemboliák kockázatának csökkentése és kezelése” című, 4. magyar antithromboticus irányelv felhívja a figyelmet a vénástrombózis-rizikó felmérésének szükségességére, és elsőként tartalmazza a kórházban fekvő belgyógyászati és sebészeti betegek kockázati kérdőívét. Ismertetjük a kockázatbecslő kérdőíveket és áttekintjük a kérdőívekben szereplő rizikófaktorokra vonatkozó bizonyítékokon alapuló adatokat.

Download Full-text

Signature Analysis: Statistical Models and Their Application to FA

ISTFA 1996: Conference Proceedings from the 22nd International Symposium for Testing and Failure Analysis ◽

10.31399/asm.cp.istfa1996p0183 ◽

1996 ◽

Author(s):

C.K. Lakshminarayan ◽

S. Pabbisetty ◽

O. Adams ◽

F. Pires ◽

M. Thomas ◽

...

Keyword(s):

Risk Assessment ◽

Failure Analysis ◽

Statistical Models ◽

Essential Elements ◽

Assessment Model ◽

Signature Analysis ◽

Risk Assessment Model ◽

Sample Sizes ◽

Reliability Engineering ◽

Semiconductor Chips

Abstract This paper deals with the basic concepts of Signature Analysis and the application of statistical models for its implementation. It develops a scheme for computing sample sizes when the failures are random. It also introduces statistical models that comprehend correlations among failures that fail due to the same failure mechanism. The idea of correlation is important because semiconductor chips are processed in batches. Also any risk assessment model should comprehend correlations over time. The statistical models developed will provide the required sample sizes for the Failure Analysis lab to state "We are A% confident that B% of future parts will fail due to the same signature." The paper provides tables and graphs for the evaluation of such a risk assessment. The implementation of Signature Analysis will achieve the dual objective of improved customer satisfaction and reduced cycle time. This paper will also highlight it's applicability as well as the essential elements that need to be in place for it to be effective. Different examples have been illustrated of how the concept is being used by Failure Analysis Operations (FA) and Customer Quality and Reliability Engineering groups.

Download Full-text