Правильная ссылка на статью:
Tsaregorodtsev, A.V., Ermoshkin, G.N..
The model for the evaluation of information
security risks in the information system
based upon the cloud computing.
// National Security / nota bene. – 2013. – № 6.
– С. 46-54.
DOI: 10.7256/2073-8560.2013.6.9585.
рубрика Фактор надежности в системах безопасности
DOI: 10.7256/2073-8560.2013.6.9585
Читать статью
Аннотация: Cloud services, which are currently
regarded as one of the most attractive modern
infor mation technologies, are capable of both optimizing the information security
management processes, and complicating
control over critical data and counter-measures
for security incidents in an organization.
Solution to the problem of timely and goodquality
outsourcing and information security
risks analysis for the cloud architecture systems
shall allow to solve numerous problems related
to protection from threats of use of information
and telecommunication technology for illegal
purposes. The wide spread and application
of cloud computing requires the need for
adaptation and development of the existing risk
evaluation models for information systems. The
approach presented in this article may be used
for evaluation of risks in information systems,
functioning on the basis of cloud computing
technology and for the evaluation of efficiency
of current security measures. At the same time,
risk evaluation includes the stages of analysis
and evaluation, and the risk analysis includes
identification and quality evaluation of risk.
Evaluation guarantees are provided based upon
defining the risk context (choice of risk criteria
and defining the scope of analysis). The quantity
evaluation of risks is understood as a modeling
process, including development and analysis of
alternative risk scenarios and the formation of
risk functions, defining the possibility for the
risk situation taking place.
Ключевые слова: i n for mat ion secu r it y, cloud computing, public cloud, private cloud, hybrid cloud, risk evaluation, risk model, influence matrix, loss matrix, dependency matrix.
Контактная информация: Tsaregorodtsev, Anatoliy Valerievich, 125993, Russia, Moskva, Leningradskiy prospect, 49.
Библиография:
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, Joint Task Force Transformation Initiative, NIST Special Publication 800-37, Revision 1, .
Tsaregorodtsev A.V., Kachko A.K. Odin iz podkhodov k upravleniyu informatsionnoy bezopasnost'yu pri razrabotke informatsionnoy infrastruktury organizatsii // Natsional'naya bezopasnost'. – M.: Izd-vo "NB Media", 2012.-№ 1(18). – S. 46-59.
Tsaregorodtsev A.V., Kachko A.K. Obespechenie informatsionnoy bezopasnosti na oblachnoy arkhitekture organizatsii // Natsional'naya bezopasnost'. – M.: Izd-vo "NB Media", 2011.-№5. – S. 25-34.
Michael Armbrust, Armando Fox,ReanGriffith.Above The Clouds:A Berkeley View of Cloud Computing. 2009, 2. EECS Department University of California, Berkeley Technical Report No. UCB /EECS 200928.http: //www.eecs. erkeley.edu /Pubs /TechRpts/2009/EECS-2009-28.pdf.
FENG Deng Guo, ZHANG Min,ZHANGYan,XUZhen.Study on Cloud Computing Security.Journal of Software, 2011, 22(1). – PP. 71-83.
Zhang Jian Xun, Gu Zhi Min. Surey of research progress on cloud computing.Application Research of Computers, 2010, 27(2). – PP. 429-433.
Steve Elky. An Introduction to Information System Risk Management-SANS Institute, 2007.
References (transliteration):
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, Joint Task Force Transformation Initiative, NIST Special Publication 800-37, Revision 1, .
Tsaregorodtsev A.V., Kachko A.K. Odin iz podkhodov k upravleniyu informatsionnoy bezopasnost'yu pri razrabotke informatsionnoy infrastruktury organizatsii // Natsional'naya bezopasnost'. – M.: Izd-vo "NB Media", 2012.-№ 1(18). – S. 46-59.
Tsaregorodtsev A.V., Kachko A.K. Obespechenie informatsionnoy bezopasnosti na oblachnoy arkhitekture organizatsii // Natsional'naya bezopasnost'. – M.: Izd-vo "NB Media", 2011.-№5. – S. 25-34.
Michael Armbrust, Armando Fox,ReanGriffith.Above The Clouds:A Berkeley View of Cloud Computing. 2009, 2. EECS Department University of California, Berkeley Technical Report No. UCB /EECS 200928.http: //www.eecs. erkeley.edu /Pubs /TechRpts/2009/EECS-2009-28.pdf.
FENG Deng Guo, ZHANG Min,ZHANGYan,XUZhen.Study on Cloud Computing Security.Journal of Software, 2011, 22(1). – PP. 71-83.
Zhang Jian Xun, Gu Zhi Min. Surey of research progress on cloud computing.Application Research of Computers, 2010, 27(2). – PP. 429-433.
Steve Elky. An Introduction to Information System Risk Management-SANS Institute, 2007.