{"title":"QUIRC:云安全的定量影响和风险评估框架","authors":"P. Saripalli, Ben Walters","doi":"10.1109/CLOUD.2010.22","DOIUrl":null,"url":null,"abstract":"A quantitative risk and impact assessment framework (QUIRC) is presented, to assess the security risks associated with cloud computing platforms. This framework, called QUIRC, defines risk as a combination of the Probability of a security threat event and it’s Severity, measured as its Impact. Six key Security Objectives (SO) are identified for cloud platforms, and it is proposed that most of the typical attack vectors and events map to one of these six categories. Wide-band Delphi method is proposed as a scientific means to collect the information necessary for assessing security risks. Risk assessment knowledgebases could be developed specific to each industry vertical, which then serve as inputs for security risk assessment of cloud computing platforms. QUIRC’s key advantage is its fully quantitative and iterative convergence approach, which enables stakeholders to comparatively assess the relative robustness of different cloud vendor offerings and approaches in a defensible manner.","PeriodicalId":375404,"journal":{"name":"2010 IEEE 3rd International Conference on Cloud Computing","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"256","resultStr":"{\"title\":\"QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security\",\"authors\":\"P. Saripalli, Ben Walters\",\"doi\":\"10.1109/CLOUD.2010.22\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A quantitative risk and impact assessment framework (QUIRC) is presented, to assess the security risks associated with cloud computing platforms. This framework, called QUIRC, defines risk as a combination of the Probability of a security threat event and it’s Severity, measured as its Impact. Six key Security Objectives (SO) are identified for cloud platforms, and it is proposed that most of the typical attack vectors and events map to one of these six categories. Wide-band Delphi method is proposed as a scientific means to collect the information necessary for assessing security risks. Risk assessment knowledgebases could be developed specific to each industry vertical, which then serve as inputs for security risk assessment of cloud computing platforms. QUIRC’s key advantage is its fully quantitative and iterative convergence approach, which enables stakeholders to comparatively assess the relative robustness of different cloud vendor offerings and approaches in a defensible manner.\",\"PeriodicalId\":375404,\"journal\":{\"name\":\"2010 IEEE 3rd International Conference on Cloud Computing\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-07-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"256\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 IEEE 3rd International Conference on Cloud Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CLOUD.2010.22\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE 3rd International Conference on Cloud Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CLOUD.2010.22","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security
A quantitative risk and impact assessment framework (QUIRC) is presented, to assess the security risks associated with cloud computing platforms. This framework, called QUIRC, defines risk as a combination of the Probability of a security threat event and it’s Severity, measured as its Impact. Six key Security Objectives (SO) are identified for cloud platforms, and it is proposed that most of the typical attack vectors and events map to one of these six categories. Wide-band Delphi method is proposed as a scientific means to collect the information necessary for assessing security risks. Risk assessment knowledgebases could be developed specific to each industry vertical, which then serve as inputs for security risk assessment of cloud computing platforms. QUIRC’s key advantage is its fully quantitative and iterative convergence approach, which enables stakeholders to comparatively assess the relative robustness of different cloud vendor offerings and approaches in a defensible manner.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
