Systematic Risk Assessment of Cloud Computing Systems using a Combined Model-based Approach

Nazila Mohammadi, Ludger Goeke, Maritta Heisel, Mike Surridge

Abstract

Data protection and a proper risk assessment are success factors for providing high-quality cloud computing systems. Currently, the identification of the relevant context and possible threats and controls requires high expertise in the security engineering domain. However, consideration of experts’ opinions during the development life-cycle often lacks a systematic approach. This may result in overlooking of relevant assets or missing relevant domain knowledge, etc. Our aim is to bring context analysis and risk assessment together in a systematic way. In this paper, we propose a systematic, tool-assisted, and model-based methodology to scope the context and risk assessment for a specific cloud system. Our methodology consists of two parts: First, we enhance the initial context analysis necessary for defining the scope for risk assessment, and second we identify relevant threats and controls during design- and deployment-time. Using the context model, and design-time system model, we further refine the gathered information into a deployment model. All steps of our methodology are tool supported and in a semi-automatic manner.

Download


Paper Citation


in Harvard Style

Mohammadi N., Goeke L., Heisel M. and Surridge M. (2020). Systematic Risk Assessment of Cloud Computing Systems using a Combined Model-based Approach.In Proceedings of the 22nd International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-423-7, pages 53-66. DOI: 10.5220/0009342700530066


in Bibtex Style

@conference{iceis20,
author={Nazila Mohammadi and Ludger Goeke and Maritta Heisel and Mike Surridge},
title={Systematic Risk Assessment of Cloud Computing Systems using a Combined Model-based Approach},
booktitle={Proceedings of the 22nd International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2020},
pages={53-66},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009342700530066},
isbn={978-989-758-423-7},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - Systematic Risk Assessment of Cloud Computing Systems using a Combined Model-based Approach
SN - 978-989-758-423-7
AU - Mohammadi N.
AU - Goeke L.
AU - Heisel M.
AU - Surridge M.
PY - 2020
SP - 53
EP - 66
DO - 10.5220/0009342700530066