research-article

Prioritizing Cloud Security Controls

Author:

Mohammed M. AlaniAuthors Info & Claims

AWICT 2017: Proceedings of the Second International Conference on Advanced Wireless Information, Data, and Communication Technologies

Article No.: 1, Pages 1 - 6

https://doi.org/10.1145/3231830.3231831

Published: 13 November 2017 Publication History

Abstract

As more and more organization move to the cloud, security remains a major concern. Given the unique nature of a cloud computing system, security threats take a different form in the cloud. These unique threats require unique security measures and security management.

This paper introduces a simplified method to calculate the effect of adding different security controls to the cloud system and prioritize security management in limited budget situations. These calculations help in prioritizing security controls and security spending to get an optimal security for a given limited budget.

To clarify the proposed method, a case study is considered for a University that have shifted its systems to the cloud and needs to prioritize its security spending.

References

[1]

Mohammed M Alani. 2014. Securing the Cloud: Threats, Attacks and Mitigation Techniques. Journal of Advanced Computer Science & Technology 3, 2 (2014), 202.

[2]

Mohammed M. Alani. 2016. Elements of Cloud Computing Security: A Survey of Key Practicalities. Springer, London, UK.

Digital Library

[3]

Mohammed M Alani. 2017. Cloud Security: A Security Management Perspective. In Strategic Engineering for Cloud Computing and Big Data Analytics. Springer, 169--187.

[4]

Victor Chang, Yen-Hung Kuo, and Muthu Ramachandran. 2016. Cloud computing adoption framework: A security framework for business clouds. Future Generation Computer Systems 57 (apr 2016), 24--41.

Digital Library

[5]

Adam Gordon. 2015. Official (ISC) 2 Guide to the CISSP CBK. CRC Press.

Digital Library

[6]

George Grispos, Tim Storer, and William Bradley Glisson. 2013. Calm before the storm: the challenges of cloud. Emerging digital forensics applications for crime detection, prevention, and security 4, 1 (2013), 28--48.

[7]

Top Threats Working Group et al. 2013. The notorious nine: cloud computing top threats in 2013. Cloud Security Alliance (2013).

[8]

Richard Hill, Laurie Hirsch, Peter Lake, and Siavash Moshiri. 2012. Guide to cloud computing: principles and practice. Springer Science & Business Media.

Digital Library

[9]

Joseph Idziorek, Mark Tannian, and Doug Jacobson. 2012. Attribution of fraudulent resource consumption in the cloud. In Cloud Computing (CLOUD), 2012 IEEE 5th International Conference on. IEEE, 99--106.

Digital Library

[10]

Muhammad Kazim and Shao Ying Zhu. 2015. A survey on top security threats in cloud computing. Int J Adv Comput Sci Appl (IJACSA) 6, 3 (2015), 109--113.

[11]

Issa M Khalil, Abdallah Khreishah, and Muhammad Azeem. 2014. Cloud computing security: a survey. Computers 3, 1 (2014), 1--35.

[12]

Aarthi Nagarajan and Vijay Varadharajan. 2011. Dynamic trust enhanced security model for trusted platform based services. Future Generation Computer Systems 27, 5 (2011), 564--573.

Digital Library

[13]

European Network and Information Security Agency. 2009. Cloud Computing: Benefits, risks and recommendations for information security. ENISA.

[14]

Joseph Galante Pavel Alpeyev and Mariko Yasu. 2011. Amazon.com Server Said to Have Been Used in Sony Attack. http://www.bloomberg.com/news/articles/2011-05-13/sony-network-said-to-have-been-invaded-by-hackers-using-amazon-com-server. (2011). Accessed: 2016-9-28.

[15]

Edward Ray and Eugene Schultz. 2009. Virtualization security. In Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies. ACM, 42.

Digital Library

[16]

John W Rittinghouse and James F Ransome. 2016. Cloud computing: Implementation, Management, and Security. CRC press.

Digital Library

[17]

Ronald S Ross. 2011. Guide for conducting risk assessments. NIST Special Publication (2011), 800--30.

[18]

Robert Shirey. 2000. RFC 2828: Internet security glossary. The Internet Society (2000), 13.

Digital Library

[19]

Symantec. 2016. 2016 Internet Security Threat Report. Technical Report. Symantec.

[20]

Veriato. 2016. Insider Threat Spotlight Report. http://goo.gl/rcGKcQ. (2016). Accessed: 2016-03-30.

[21]

CERT Vulnerability Note VU. 2012. Vulnerability Note VU No 649219. (2012).

Cited By

Onukrane ASkrodelis HMerkurjeva GRomanovs A(2023)Navigating Web Application Security: A Survey of Vulnerabilities and Detection Solutions2023 IEEE 64th International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS)10.1109/ITMS59786.2023.10317708(1-6)Online publication date: 5-Oct-2023
https://doi.org/10.1109/ITMS59786.2023.10317708

Index Terms

Prioritizing Cloud Security Controls
1. Computer systems organization
  1. Dependable and fault-tolerant systems and networks
    1. Redundancy
  2. Embedded and cyber-physical systems
    1. Embedded systems
    2. Robotics
2. Networks
  1. Network properties
    1. Network reliability

Recommendations

IoT Cloud Security Review: A Case Study Approach Using Emerging Consumer-oriented Applications

Recent years have seen the rapid development and integration of the Internet of Things (IoT) and cloud computing. The market is providing various consumer-oriented smart IoT devices; the mainstream cloud service providers are building their software ...
Cloud security certifications: a comparison to improve cloud service provider security
ICC '17: Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing

The great diffusion of cloud computing applications and services in the last years has brought new threats to security of information. ¹ IT Certification and authorization mechanisms try to provide assurance against those threats by leveraging high ...
Towards an Importance of Security for Cyber-Physical Systems/Internet-of-Things
ICSIE '19: Proceedings of the 8th International Conference on Software and Information Engineering

Cyber-Physical Systems (CPS) and Internet-of-Things (IoT) are rising in an importance for the modern world, security is a significant requirement in the development process. This paper presents an overview of how these systems generally work and why ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

AWICT 2017: Proceedings of the Second International Conference on Advanced Wireless Information, Data, and Communication Technologies

November 2017

116 pages

ISBN:9781450353106

DOI:10.1145/3231830

Editor:
Hani Hamdan

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

CNRS: Centre National De La Rechercue Scientifique

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

AWICT 2017

AWICT 2017: Second International Conference on Advanced Wireless Information, Data, and Communication Technologies

November 13 - 14, 2017

Paris, France

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
548
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Onukrane ASkrodelis HMerkurjeva GRomanovs A(2023)Navigating Web Application Security: A Survey of Vulnerabilities and Detection Solutions2023 IEEE 64th International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS)10.1109/ITMS59786.2023.10317708(1-6)Online publication date: 5-Oct-2023
https://doi.org/10.1109/ITMS59786.2023.10317708

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents