Abstract
Cloud computing model brought many technical and economic benefits, however, there are many security issues. Most of the common traditional information security risk assessment methods such as ISO27005, NIST SP800-30 and AS/NZS 4360 are not fit for the cloud computing environment. Therefore, this study applies medical research approach to assess the information security threats in the cloud computing environment. This study has been conducted as a retrospective cohort study and the collected data has been analyzed by using the survival analysis method. The study has been conducted on the software as a service (SaaS) environment that has more than one thousand and seven hundred cloud customers. The survival analysis method is used to measure the significance of the risk factor level. The information security threats have been categorized into twenty-two categories. This study has proven that the medical research approach can be used to assess the security risk assessment in cloud computing environment to overcome the weaknesses that accompany the usage of the traditional information security risk assessment methods in cloud computing environment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amini, A., et al.: A fuzzy logic based risk assessment approach for evaluating and prioritizing risks in cloud computing environment. In: International Conference of Reliable Information and Communication Technology. Springer (2017)
Li, J., Li, Q.: Data security and risk assessment in cloud computing. In: ITM Web of Conferences. EDP Sciences (2018)
Ali, K.E., Mazen, S.A., Hassanein, E.E.: Assessment of cloud computing adoption models in e-government environment. Int. J. Comput. Intell. Stud. 7(1), 67–92 (2018)
Bakkers, J.H., Eibisch, J.: Cloud Connectivity Services in Europe in Industry Developments and Models. International Data Corporation IDC (2015)
Xuan, Z., et al.: Information security risk management framework for the cloud computing environments. In: 10th IEEE International Conference on Computer and Information Technology (CIT 2010), Bradford (2010)
Fito, J.O., Macias, M., Guitart, J.: Toward business-driven risk management for cloud computing. In: 2010 International Conference on Network and Service Management (CNSM), Niagara Falls. IEEE (2010)
Tanimoto, S., et al.: A study of risk assessment quantification in cloud computing. In: 2014 International Conference on Network-Based Information Systems, Salerno (2014)
Mell, P., Grance, T.: The NIST definition of cloud computing. NIST Spec. Publ. 800(145), 7 (2011)
Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)
Munir, K., Palaniappan, S.: Framework for secure cloud computing. Int. J. Cloud Comput. Serv. Archit. 3(2), 21–35 (2013)
Alruwaili, F.F., Gulliver, T.A.: Safeguarding the cloud an effective risk management framework for cloud computing services. Int. J. Comput. Commun. Netw. (IJCCN) 4(3), 6–16 (2014)
Al-Anzi, F.S., Yadav, S.K., Soni, J.: Cloud computing: security model comprising governance, risk management and compliance. In: International Conference on Data Mining and Intelligent Computing (ICDMIC), New Delhi (2014)
Jafarpour, S., Yousefi, A.: Security Risks in Cloud Computing: A Review (2016)
Almorsy, M., Grundy, J., Ibrahim, A.S.: Collaboration-based cloud computing security management framework. In: 2011 IEEE International Conference on Cloud Computing (CLOUD), Washington, DC (2011)
Zhao, G.: Holistic framework of security management for cloud service providers. In: 2012 10th IEEE International Conference on Industrial Informatics (INDIN), Beijing. IEEE (2012)
Samy, G.N.: Analysing information security threats in healthcare information systems using survival analysis method. Faculty of Computer Science and Information Systems Universiti Teknologi Malaysia (2012)
Ma, Z., Krings, A.W.: Competing risks analysis of reliability, survivability, and prognostics and health management (PHM). In: 2008 IEEE Aerospace Conference. IEEE (2008)
Röhrig, B., et al.: Types of study in medical research: part 3 of a series on evaluation of scientific publications. Deutsches Arzteblatt Int. 106(15), 262–268 (2009)
Allen, L.A., Horney, J.A.: Methods: study designs in disaster epidemiology. In: Disaster Epidemiology, pp. 65–74. Elsevier (2018)
Bhopal, R.S.: Concepts of Epidemiology an Integrated Introduction to the Ideas, Theories, Principles and Methods of Epidemiology, vol. 38, 1st edn. Oxford University Press, New York (2002)
Kleinbaum, D.G., Klein, M.: Survival Analysis: A Self-Learning Text, 3rd edn. Springer, Cham (2012)
Van Stralen, K.J., et al.: Case-control studies—an efficient observational study design. Nephron Clin. Pract. 114(1), c1–c4 (2009)
Cox, D.R.: Analysis of Survival Data. Routledge, Abingdon (2018)
Albakri, S.H., et al.: Security risk assessment framework for cloud computing environments. Secur. Commun. Netw. (2014)
BS.ISO/IEC27005:2011: Information Technology-Security Techniques-Information Security Risk Management: The British Standards Institution (2011)
Owasp, T.: The Ten Most Critical Web Application Security Risks (2013)
ENISA: Cloud computing: benefits, risks and recommendations for information security. The European Network and Information Security Agency (ENISA) (2009)
Acknowledgements
The authors would like to thank Universiti Teknologi Malaysia (UTM) for supporting this work through the Tier 1 GUP Grant Scheme under Grant vote number Q.K130000.2538.14H18.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Narayana Samy, G. et al. (2019). Novel Risk Assessment Method to Identify Information Security Threats in Cloud Computing Environment. In: Saeed, F., Gazem, N., Mohammed, F., Busalim, A. (eds) Recent Trends in Data Science and Soft Computing. IRICT 2018. Advances in Intelligent Systems and Computing, vol 843. Springer, Cham. https://doi.org/10.1007/978-3-319-99007-1_53
Download citation
DOI: https://doi.org/10.1007/978-3-319-99007-1_53
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99006-4
Online ISBN: 978-3-319-99007-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)