A Security Risk Management Metric for Cloud Computing Systems

A Security Risk Management Metric for Cloud Computing Systems

Mouna Jouini (Department of Computer Science, ISG, Tunis, Tunisia) and Latifa Ben Arfa Rabai (Department of Computer Science, ISG, Tunis, Tunisia)
DOI: 10.4018/ijoci.2014070101
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Cloud computing is a growing technology used by several organizations because it presents a cost effective policy to manage and control Information Technology (IT). It delivers computing services as a public utility rather than a personal one. However, despite these benefits, it presents many challenges including access control and security problems. In order to assess security risks, the paper gives an overview of security risk management metrics. Then, it illustrates the use of a cyber security measure to describe an economic security model for cloud computing system. Moreover, it proposes a cloud provider business model for security issues. Finally, the paper shows a solution related to the vulnerabilities in cloud systems using a new quantitative metric to reduce the probability that an architectural components fails. The main aim of this article is to quantify security threats in cloud computing environments due to security breaches using a new security metric.
Article Preview

2. Information Security Risks Management

Individual or enterprise users rely on information systems to be secured and able to predict their risk and their strategies in reducing these risks. Thus, it is an investment to be measured in dollars saved as a result of reduced losses from security breaches, or in profits from new ventures that would be too risky to undertake without investments in security (Schechter, 2004). It represents, for instance, an essential business function that allows organizations to perform with some difficulties their operations and deliver services to the public (Chew et al., 2009).

The drive to secure organizational information has initiated the need to develop better measures for understanding the situation of the organization’s security attitude (Bryant, 2009). For more explanation, Wang states in Wang et al. (2009) that is widely acknowledged that metrics are essential to information security because they can be an efficient tool to measure the security strength and levels of their systems, products, processes, and readiness to address security concerns that they are face.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing