Information Security Risk Assessment Methods in Cloud Computing: Comprehensive Review

Ali, T, Al-Khalidi, M ORCID: https://orcid.org/0000-0002-1655-8514 and Al-Zaidi, R (2024) Information Security Risk Assessment Methods in Cloud Computing: Comprehensive Review. Journal of Computer Information Systems. pp. 1-28. ISSN 0887-4417

Preview

Published Version Available under License Creative Commons Attribution. Download (6MB) | Preview

Abstract

Cloud computing faces more security threats, requiring better security measures. This paper examines the various classification and categorization schemes for cloud computing security issues, including the widely known CIA trinity (confidentiality, integrity, and availability), by considering critical aspects of the cloud, such as service models, deployment models, and involved parties. A comprehensive comparison of cloud security classifications constructs an exhaustive taxonomy. ISO27005, NIST SP 800–30, CRAMM, CORAS, OCTAVE Allegro, and COBIT 5 are rigorously compared based on their applicability, adaptability, and suitability within a cloud-based hosting methodology. The findings of this research recommend OCTAVE Allegro as the preferred cloud hosting paradigm. With many security models available in management studies, it is imperative to identify those suitable for the rapidly expanding and dynamically evolving cloud environment. This study underscores the significant methods for securing data on cloud-hosting platforms, thereby contributing to establishing a robust cloud security taxonomy and hosting methodology.