Risk Assessment for Cloud-Based IT Systems

被引：7

作者：

Chou, Yuyu ^{[1
]}

Oetting, Jan ^{[2
]}

机构：

[1] Berlin Inst Technol, Berlin, Germany

[2] Consileon Business Consultancy GmbH, Karlsruhe, Germany

来源：

INTERNATIONAL JOURNAL OF GRID AND HIGH PERFORMANCE COMPUTING | 2011年 / 3卷 / 02期

关键词：

Cloud Computing; Google App Engine; ISO/IEC; 2700x; OWASP; Risk Management;

D O I：

10.4018/jghpc.2011040101

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

The use of Cloud Computing services is an attractive option to improve IT systems to achieve rapidly and elastically provisioned capability, and also to offer economic benefits. However, companies see security as a major concern in migrating to the Cloud. To bring clarity in Cloud security, this paper presents a systematic approach to manage the risks and analyzes the full range of risk in Cloud Computing solutions. Furthermore, as a study case, Google App Engine Platform is assessed based on ISO/ IEC 27002 and OWASP Top 10 Risk List in this paper. Knowing the risks of Cloud solutions, companies can execute well-informed decisions on going into the Cloud and build their Cloud solutions in a secure way, relying on a robust e-trust relationship.

引用

页码：1 / 13

页数：13

共 23 条

[1]

[Anonymous], 2009, INTR CLOUD COMP ARCH

[2]

Bain S. A., 2009, ADVANTAGES DYNAMIC I

[3]

Buyya R., 2009, FUTURE GENERATION CO

[4]

Catteddu D., 2009, CLOUD COMPUTING BENE

[5]

Cloud Security Alliance, 2010, TOP THREATS CLOUD CO

[6] Design science in Information Systems research [J].

Hevner, AR ;

March, ST ;

Park, J ;

Ram, S .

MIS QUARTERLY, 2004, 28 (01) :75-105

[7]

International Organization for Standardization, 2007, ISO IEC 27002 INF TE

[8]

International Organization for Standardization, 2008, ISO IEC 27005 INF TE

[9]

International Organization for Standardization, 2005, ISO IEC 27001 INF TE

[10] Outlook: Cloudy with a Chance of Security Challenges and Improvements [J].

Jaeger, Trent ;

Schiffman, Joshua .

IEEE SECURITY & PRIVACY, 2010, 8 (01) :77-80

← 1 2 3 →