TWO-STAGE PROCEDURE OF QUANTITATIVE ASSESSMENT OF INFORMATION SECURITY RISK OF CLOUD COMPUTING
A.V. Tsaregorodtsev, A.N. Zelenina, V.A. Savelev
When organizations use cloud services, special attention to ensuring the security of their computing resources and information assets should be paid. It is one of the most important factors in making decisions on outsourcing services. Adopting a new model of providing IT services using cloud technologies and managing information risks is impossible without understanding the possible types of threats that organizations may face. The authors propose a methodology for assessing information security risks that allows analyzing the cloud services security under the impact of the threat classes under consideration, as well as a set of effective measures and means to counteract these threats. The proposed method for assessing risks for different types of deployment of cloud environments is aimed at identifying the countermeasures to possible attacks and correlating the amount of damage with the total cost of ownership of the entire infrastructure of information resources of the organization.
Keywords: : information security, cloud computing, risk assessment, risk model, frequency of exploit use, damage during the implementation of the exploit.