The article gives insight into the quantitative framework for risks analysis to the security of software deployments that are cloud-based. For cloud security considerations on cloud platforms, the use of FIPS approach has always been the quantitative basis of security risks assessments and an approach that gives room to security risks categorization. It also assesses impacts considering ability terms of organization in the accomplishment of the mission assigned thus maintaining daily functions and protecting individuals. According to Chen et al study, it proved issues on cloud platforms security to be linked to considerations on multi-party trust and auditability. The research thus proposed more security objectives which were Mutual auditability, Usability and multi-party trust.
Threat Modeling
For cloud platforms, the model would identify threats thus help in the assessment of impacts as well as mitigation measures. The popular threat modelling approach has always been Microsoft's STRIDE. However, a framework as CIAMAU works best for cloud security risk assessment as it majorly includes security objectives that are cloud-specific.
On Security risk assessment the Cloud Cube Model happened to be the proposed framework. Alternatively, according to ENISA the effective approach tend to be based on risk levels estimates. Also considering the FIPS model; therefore definitions of impacts of cloud platforms would be proposed. Cloud platforms require impact assessment that establishes SO appropriate for threat event requiring determination of potential impact. In the process impact tables' presentation can be made displaying threat events in assessing security risks.
Probability Assessment
It involves threat probabilities calculations that give a comprehensive dataset and internet security vulnerabilities analysis covering present threats or those coming up to risk networks. However much focus tends to be on threats with great potential to impact an enterprise negatively. On impacts evaluation, the most used method has been Wide-Band Delphi. It is a method that makes use of rankings on the basis of opinions of expertise on the probability of threats consequences. The data got is input to QUIRC risk calculations thus has SO and Net Risk assess risks.
With all frameworks in place to the assessment of risks and impacts to the security of cloud platforms, risk mitigation and preventions strategies are also of significance. Preventive measures may entail passwords, firewalls or badges. Cloud platforms should be designed for assuring pedigree tracking, provision of tracking of entities of cloud and also non-repudiation as that goes a long way to preventing security compromises and early detections as well. From such methodology it would work best for decision makers, security architects giving ease in the evaluation of measures of security at various platforms.
Conclusion
QUIRC framework proves to be the effective quantitative method of risk assessment for projects in cloud computing. It is efficient as it makes use of risk definitions together with security threat event likelihood and how severe it is to give measure on impact. The Wideband Delphi is more modified to make a collection of data needed to assess security risks. QUIRC is advantageous as it goes further to alleviate cloud platform issues on security pertaining Fear, Uncertainty and Doubt (FUD).Despite the more advantages, it is also an approach with limitations as it needs a meticulous input of data collection or events likelihood and that calls for collective inputs. So far the industries that have implemented the QUIRC approach include, nuclear industries, Seismology and environmental.
Request Removal
If you are the original author of this essay and no longer wish to have it published on the thesishelpers.org website, please click below to request its removal:
- Essay Sample: Hacking Cybersecurity
- Accessing the Databases: Lab Report Example
- Hash-Based Tag Mutual Authentication Protocol - Coursework Example
- Summary of the Articles on Information Literacy
- Choosing an Internet Service Provider
- Security Policies and Security Design Project for World-Wide Trading Companys
- The Role and Attributes of Quality Information Systems - Paper Example