e-space
Manchester Metropolitan University's Research Repository

    Information Security Risk Assessment Methods in Cloud Computing: Comprehensive Review

    Ali, T, Al-Khalidi, M ORCID logoORCID: https://orcid.org/0000-0002-1655-8514 and Al-Zaidi, R (2024) Information Security Risk Assessment Methods in Cloud Computing: Comprehensive Review. Journal of Computer Information Systems. pp. 1-28. ISSN 0887-4417

    [img]
    Preview
    Published Version
    Available under License Creative Commons Attribution.

    Download (6MB) | Preview

    Abstract

    Cloud computing faces more security threats, requiring better security measures. This paper examines the various classification and categorization schemes for cloud computing security issues, including the widely known CIA trinity (confidentiality, integrity, and availability), by considering critical aspects of the cloud, such as service models, deployment models, and involved parties. A comprehensive comparison of cloud security classifications constructs an exhaustive taxonomy. ISO27005, NIST SP 800–30, CRAMM, CORAS, OCTAVE Allegro, and COBIT 5 are rigorously compared based on their applicability, adaptability, and suitability within a cloud-based hosting methodology. The findings of this research recommend OCTAVE Allegro as the preferred cloud hosting paradigm. With many security models available in management studies, it is imperative to identify those suitable for the rapidly expanding and dynamically evolving cloud environment. This study underscores the significant methods for securing data on cloud-hosting platforms, thereby contributing to establishing a robust cloud security taxonomy and hosting methodology.

    Impact and Reach

    Statistics

    Activity Overview
    6 month trend
    209Downloads
    6 month trend
    160Hits

    Additional statistics for this dataset are available via IRStats2.

    Altmetric

    Repository staff only

    Edit record Edit record