Title :
QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security
Author :
Saripalli, Prasad ; Walters, Ben
Author_Institution :
Runaware Inc., Coral Springs, FL, USA
Abstract :
A quantitative risk and impact assessment framework (QUIRC) is presented, to assess the security risks associated with cloud computing platforms. This framework, called QUIRC, defines risk as a combination of the Probability of a security threat event and it´s Severity, measured as its Impact. Six key Security Objectives (SO) are identified for cloud platforms, and it is proposed that most of the typical attack vectors and events map to one of these six categories. Wide-band Delphi method is proposed as a scientific means to collect the information necessary for assessing security risks. Risk assessment knowledgebases could be developed specific to each industry vertical, which then serve as inputs for security risk assessment of cloud computing platforms. QUIRC´s key advantage is its fully quantitative and iterative convergence approach, which enables stakeholders to comparatively assess the relative robustness of different cloud vendor offerings and approaches in a defensible manner.
Keywords :
Internet; risk management; security of data; QUIRC; cloud computing platforms; cloud security; quantitative impact; risk assessment framework; security objectives; wide-band Delphi method; Availability; Cloud computing; Clouds; Organizations; Risk management; Security; CIAMAU; Cloud Computing; Delphi Method; Impact; Risk; Risk Asessment; STRIDE; Security;
Conference_Titel :
Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on
Conference_Location :
Miami, FL
Print_ISBN :
978-1-4244-8207-8
Electronic_ISBN :
978-0-7695-4130-3
DOI :
10.1109/CLOUD.2010.22
