TWO-STAGE PROCEDURE OF QUANTITATIVE ASSESSMENT OF INFORMATION SECURITY RISK OF CLOUD COMPUTING

When organizations use cloud services, special attention to ensuring the security of their computing resources and information assets should be paid. It is one of the most important factors in making decisions on outsourcing services. Adopting a new model of providing IT services using cloud technologies and managing information risks is impossible without understanding the possible types of threats that organizations may face. The authors propose a methodology for assessing information security risks that allows analyzing the cloud services security under the impact of the threat classes under consideration, as well as a set of effective measures and means to counteract these threats. The proposed method for assessing risks for different types of deployment of cloud environments is aimed at identifying the countermeasures to possible attacks and correlating the amount of damage with the total cost of ownership of the entire infrastructure of information resources of the organization.

1. Tsaregorodtsev, A.V. Odin iz podkhodov k otsenke riskov informatsionnoy bezopasnosti v oblachnykh sredakh [Tekst] / Tsaregorodtsev, A.V., Malyuk, A.A., Makarenko, Ye.V. // Bezopasnost' informatsionnykh tekhnologiy. – M., 2014. – №4. – P.68-74.

2. Tsaregorotsev, A. Automation of the distribution process of sensitive data processing in a hybrid cloud computing environment [Текст] / Tsaregorotsev, A., Zelenina A. // Information Technology Applications. – Bratislava, Slovakia, 2016. – №1. – С.137-149.

3. Tsaregorodtsev, А. Methodology of vulnerability assessment for various types of cloud structures [Текст] / Tsaregorodtsev, А., Zelenina, А., Ružický, E. // Information Technology Applications. – Bratislava, Slovakia, 2017. – №1. – С.51-60.