Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
5.8
3.1
Journals
Information
Special Issues
Cloud Security Risk Management
share announcement

Cloud Security Risk Management

A special issue of Information (ISSN 2078-2489). This special issue belongs to the section "Information Applications".

Deadline for manuscript submissions: closed (1 April 2020) | Viewed by 4775

Special Issue Editor

Dr. Marco Cremonini

E-Mail Website
Guest Editor
Department of Social and Political Sciences, University of Milan, 7, 20122 Milano MI, Italy
Interests: co-evolving diffusion-behavioral models; social network analysis; risk analysis; cybersecurity

Special Issue Information

Dear Colleagues,

“Information security is Information Risk Management”, proclaimed Dan Geer at the beginning of the century. After almost two decades, the design and development of effective risk-based management strategies for modern information systems, in particular with regard to cybersecurity threats, has proven to be still ridden with difficult technical and nontechnical challenges, like the insufficient adoption of quantitative risk assessment approaches, integration of security risk monitoring features with development and operation functions, or understanding of human errors leading to security incidents. The advent of cloud computing and its “as-a-Service” centralized nature has changed the scenario of modern information systems and applications, for both organizations and end-users, sometimes in unforeseen ways, for example with respect to data management and protection, the availability and accountability of online services, and even the advertising-based revenue model playing a key role in the current digital society. This evolution has also changed the risk landscape, introducing new threats, threat agents, and vectors. Cloud-based systems also introduced different, more complex, cause–effect relations between risks and the subjects possibly affected by their consequences. Similarly, risk mitigation solutions, for example, with respect to the role of assurance and certifications, are subject to changes in a cloud-based context. Overall, cloud security risk management needs innovative approaches (e.g., analysis methodologies, models, simulations) to take into account risks resulting from the technical infrastructure and risks emerging from the complex network of relations between services, data, and stakeholders. The typical dynamic nature of cloud infrastructures adds an additional layer of complexity to security risk management, in terms of monitoring of dynamic systems and networks. Recent important advances, like the integration between edge and cloud computing, are going to raise further the degree of complexity. Regulatory compliance, contractual obligations, and accountability are also important aspects to be considered. Authors are invited to submit papers tackling the technical or nontechnical problems and challenges posed by cloud security risk management.

Dr. Marco Cremonini
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Risk assessment of cloud security risks
  • Cloud security vulnerabilities and risk-based prioritization
  • Risk in edge/cloud computing
  • Systemic risk to cloud infrastructures
  • Risk scenarios analyses and simulations
  • Cloud security risk assurance
  • Human and organizational errors
  • Economics of cloud security risk management
  • Legal and regulatory compliance challenges

Published Papers (1 paper)

Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

27 pages, 1482 KiB  
Article
Selecting a Secure Cloud Provider—An Empirical Study and Multi Criteria Approach
by Sebastian Pape, Federica Paci, Jan Jürjens and Fabio Massacci
Information 2020, 11(5), 261; https://doi.org/10.3390/info11050261 - 11 May 2020
Cited by 5 | Viewed by 4377
Abstract
Security has become one of the primary factors that cloud customers consider when they select a cloud provider for migrating their data and applications into the Cloud. To this end, the Cloud Security Alliance (CSA) has provided the Consensus Assessment Questionnaire (CAIQ), which [...] Read more.
Security has become one of the primary factors that cloud customers consider when they select a cloud provider for migrating their data and applications into the Cloud. To this end, the Cloud Security Alliance (CSA) has provided the Consensus Assessment Questionnaire (CAIQ), which consists of a set of questions that providers should answer to document which security controls their cloud offerings support. In this paper, we adopted an empirical approach to investigate whether the CAIQ facilitates the comparison and ranking of the security offered by competitive cloud providers. We conducted an empirical study to investigate if comparing and ranking the security posture of a cloud provider based on CAIQ’s answers is feasible in practice. Since the study revealed that manually comparing and ranking cloud providers based on the CAIQ is too time-consuming, we designed an approach that semi-automates the selection of cloud providers based on CAIQ. The approach uses the providers’ answers to the CAIQ to assign a value to the different security capabilities of cloud providers. Tenants have to prioritize their security requirements. With that input, our approach uses an Analytical Hierarchy Process (AHP) to rank the providers’ security based on their capabilities and the tenants’ requirements. Our implementation shows that this approach is computationally feasible and once the providers’ answers to the CAIQ are assessed, they can be used for multiple CSP selections. To the best of our knowledge this is the first approach for cloud provider selection that provides a way to assess the security posture of a cloud provider in practice. Full article
(This article belongs to the Special Issue Cloud Security Risk Management)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-1
Back to TopTop