VULNERABILITY CLASSIFICATION OF CLOUD TOOLS IN THE PROBLEM OF QUANTITATIVE RISK ASSESSMENT

Almost all technologies that are now part of the cloud paradigm existed before, but so far there have been no offers on the market that would combine the promising technologies in a single commercially attractive solution. Only in the past decade publicly available cloud services emerged, which made these technologies, on the one hand, available to the developer, and on the other hand, understandable for the business community. But many of the features that make cloud computing attractive can conflict with traditional information security models. Based on a common vulnerability assessment system, which allows to determine the qualitative index of susceptibility to vulnerabilities of information systems taking into account environmental factors, a methodology for risk assessment for different types of deployment of cloud environments was proposed. Based on the widely used Common Vulnerability Accounting System, which helps to determine the qualitative indicator of susceptibility to information system vulnerabilities, the article proposes a classification of vulnerabilities typical for different types of cloud deployment.

1. Tsaregorodtsev, A.V. Model' otsenki riskov informatsionnoy bezopasnosti informatsionnykh sistem na osnove oblachnykh vychisleniy [Tekst] / Tsaregorodtsev, A.V., Yermoshkin, G.N. // Natsional'naya bezopasnost'. 2013. №6(29). P.46-54.

2. Tsaregorodtsev, A.V. Otsenka uyazvimostey dlya razlichnykh tipov razvertyvaniya oblachnykh sred [Tekst] / Tsaregorodtsev, A.V., Makarenko, Ye.V. // Bezopasnost' informatsionnykh tekhnologiy. 2014. №4. P.112-117.

3. Tsaregorodtsev, A.V. Odin iz podkhodov k otsenke riskov informatsionnoy bezopasnosti v oblachnykh sredakh [Tekst] / Tsaregorodtsev, A.V., Malyuk, A.A., Makarenko, Ye.V. // Bezopasnost' informatsionnykh tekhnologiy. – M., 2014. – №4. – P.68-74.

4. Tsaregorodtsev, А. Methodology of vulnerability assessment for various types of cloud structures [Текст] / Tsaregorodtsev, А., Zelenina, А., Ružický, E. // Information Technology Applications. – Bratislava, Slovakia, 2017. – №1. – С.51-60.

5. Tsaregorotsev, A. Automation of the distribution process of sensitive data processing in a hybrid cloud computing environment [Текст] / Tsaregorotsev, A., Zelenina A. // Information Technology Applications. – Bratislava, Slovakia, 2016. – №1. – С.137-149.