Standards for Cloud Risk Assessments - What's Missing?
Timothy R. Weil
Abstract
Conducting a risk assessment (RA) for cloud computing platforms presents new challenges in the space of Information Security Management Systems (ISMS). ISO 27001 RA methods have been used for the Alcohol Monitoring Systems (AMS) ISMS across a portfolio of products and services. Scaling these localized techniques to national and international cloud security standards shows that a `one size fits all' risk assessment approach does not exist in the industry today. The context and methods for conducting cloud risk assessment are examined across representative national and international standards and guidelines. Recommendations for standardizing the RA methods for cloud computing are suggested based on industry best practices.
Topics & Concepts
Cloud computingComputer scienceRisk managementContext (archaeology)Risk analysis (engineering)Risk assessmentInformation securityPortfolioComputer securityIT risk managementInformation systems securityInformation systemBusinessManagement information systemsEngineeringBiologyOperating systemFinanceElectrical engineeringPaleontologyCloud Data Security SolutionsSecurity and Verification in ComputingInformation and Cyber Security