A Goal-Driven Risk Management Approach to Support Security and Privacy Analysis of Cloud-Based System

Abstract

Cloud Computing is a rapidly evolving paradigm that is radically changing the way humans use their computers. Despite the many advantages, such as economic benefit, a rapid elastic resource pool, and on-demand service, the paradigm also creates challenges for both users and providers. There are issues, such as unauthorized access, loss of privacy, data replication, and regulatory violation that require adequate attention. A lack of appropriate solutions to such challenges might cause risks, which may outweigh the expected benefits of using the paradigm. In order to address the challenges and associated risks, a systematic risk management practice is necessary that guides users to analyze both benefits and risks related to cloud based systems. In this chapter the authors propose a goal-driven risk management modeling (GSRM) framework to assess and manage risks that supports analysis from the early stages of the cloud-based systems development. The approach explicitly identifies the goals that the system must fulfill and the potential risk factors that obstruct the goals so that suitable control actions can be identified to control such risks. The authors provide an illustrative example of the application of the proposed approach in an industrial case study where a cloud service is deployed to share data amongst project partners.