识别与使用公共云计算相关的网络风险的概念框架

Proceedings of the 11th International Conference on Security of Information and Networks Pub Date : 2018-09-10 DOI:10.1145/3264437.3264466

D. Bird

{"title":"识别与使用公共云计算相关的网络风险的概念框架","authors":"D. Bird","doi":"10.1145/3264437.3264466","DOIUrl":null,"url":null,"abstract":"There are a number of methods of abstraction used in public cloud computing models today. Successive incidents involving cloud customer instantiations reveal that either the security risks are difficult to comprehend, or customers' requisite security responsibilities are not fully understood. A pretext to this paper is an argument that there has been an over-reliance upon: (a) compliance mapping by customers that can hide technical complexities and the associated technical risks, or (b) risk assessment methods that pre-date cloud. The transition to a Cloud 2.0 era offers us an opportunity to re-think architecture and also to re-calibrate security approaches in order to better understand the risks. A Conceptual Framework has been derived for this purpose and proposed as a mechanism to contextualise public cloud risks.","PeriodicalId":130946,"journal":{"name":"Proceedings of the 11th International Conference on Security of Information and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A Conceptual Framework To Identify Cyber Risks Associated With The Use Of Public Cloud Computing\",\"authors\":\"D. Bird\",\"doi\":\"10.1145/3264437.3264466\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"There are a number of methods of abstraction used in public cloud computing models today. Successive incidents involving cloud customer instantiations reveal that either the security risks are difficult to comprehend, or customers' requisite security responsibilities are not fully understood. A pretext to this paper is an argument that there has been an over-reliance upon: (a) compliance mapping by customers that can hide technical complexities and the associated technical risks, or (b) risk assessment methods that pre-date cloud. The transition to a Cloud 2.0 era offers us an opportunity to re-think architecture and also to re-calibrate security approaches in order to better understand the risks. A Conceptual Framework has been derived for this purpose and proposed as a mechanism to contextualise public cloud risks.\",\"PeriodicalId\":130946,\"journal\":{\"name\":\"Proceedings of the 11th International Conference on Security of Information and Networks\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-09-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 11th International Conference on Security of Information and Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3264437.3264466\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 11th International Conference on Security of Information and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3264437.3264466","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

目前在公共云计算模型中使用了许多抽象方法。涉及云客户实例化的连续事件表明，要么安全风险难以理解，要么客户必要的安全责任没有完全理解。本文的一个借口是一个论点，即过度依赖:(A)客户的合规性映射，可以隐藏技术复杂性和相关的技术风险，或者(b)在云计算之前的风险评估方法。向云2.0时代的过渡为我们提供了一个重新思考架构和重新校准安全方法的机会，以便更好地了解风险。为此目的衍生了一个概念框架，并建议将其作为将公共云风险置于环境中的机制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Conceptual Framework To Identify Cyber Risks Associated With The Use Of Public Cloud Computing

There are a number of methods of abstraction used in public cloud computing models today. Successive incidents involving cloud customer instantiations reveal that either the security risks are difficult to comprehend, or customers' requisite security responsibilities are not fully understood. A pretext to this paper is an argument that there has been an over-reliance upon: (a) compliance mapping by customers that can hide technical complexities and the associated technical risks, or (b) risk assessment methods that pre-date cloud. The transition to a Cloud 2.0 era offers us an opportunity to re-think architecture and also to re-calibrate security approaches in order to better understand the risks. A Conceptual Framework has been derived for this purpose and proposed as a mechanism to contextualise public cloud risks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 11th International Conference on Security of Information and Networks

自引率

0.00%

发文量