{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,4,6]],"date-time":"2023-04-06T16:50:15Z","timestamp":1680799815494},"reference-count":36,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,7,1]]},"abstract":"<p>Cloud computing is a growing technology used by several organizations because it presents a cost effective policy to manage and control Information Technology (IT). It delivers computing services as a public utility rather than a personal one. However, despite these benefits, it presents many challenges including access control and security problems. In order to assess security risks, the paper gives an overview of security risk management metrics. Then, it illustrates the use of a cyber security measure to describe an economic security model for cloud computing system. Moreover, it proposes a cloud provider business model for security issues. Finally, the paper shows a solution related to the vulnerabilities in cloud systems using a new quantitative metric to reduce the probability that an architectural components fails. The main aim of this article is to quantify security threats in cloud computing environments due to security breaches using a new security metric.<\/p>","DOI":"10.4018\/ijoci.2014070101","type":"journal-article","created":{"date-parts":[[2014,10,29]],"date-time":"2014-10-29T17:10:01Z","timestamp":1414602601000},"page":"1-21","source":"Crossref","is-referenced-by-count":4,"title":["A Security Risk Management Metric for Cloud Computing Systems"],"prefix":"10.4018","volume":"4","author":[{"given":"Mouna","family":"Jouini","sequence":"first","affiliation":[{"name":"Department of Computer Science, ISG, Tunis, Tunisia"}]},{"given":"Latifa Ben Arfa","family":"Rabai","sequence":"additional","affiliation":[{"name":"Department of Computer Science, ISG, Tunis, Tunisia"}]}],"member":"2432","reference":[{"key":"ijoci.2014070101-0","doi-asserted-by":"crossref","unstructured":"Ben Aissa, A., Abercrombie, RK., Sheldon, FT., & Mili, A. (2010). Quantifying security threats and their potential impacts: a case study, in Innovation in Systems and Software Engineering: A NASA Journal, 6, 269\u2013281.","DOI":"10.1007\/s11334-010-0123-2"},{"key":"ijoci.2014070101-1","doi-asserted-by":"publisher","DOI":"10.1145\/1852666.1852727"},{"key":"ijoci.2014070101-2","doi-asserted-by":"crossref","unstructured":"Ben Arfa Rabai, L., Jouini, M., Ben Aissa, A., & Mili, A. (2013). A cybersecurity model in cloud computing environments, Journal of King Saud University \u2013 Computer and Information Sciences.","DOI":"10.1016\/j.jksuci.2012.06.002"},{"key":"ijoci.2014070101-3","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSec.2012.6246112"},{"key":"ijoci.2014070101-4","unstructured":"Bob, B. (CSO Eds). 2006-2010. E-Crime Watch Survey."},{"key":"ijoci.2014070101-5","doi-asserted-by":"crossref","unstructured":"Boehme, R., & Nowey, T. Economic security metrics. In: Irene, E., Felix, F., & Ralf, R. (Eds.). 2008. Dependability Metrics, 4909, 176\u2013187.","DOI":"10.1007\/978-3-540-68947-8_15"},{"key":"ijoci.2014070101-6","author":"F.Borko","year":"2010","journal-title":"Handbook of cloud computing"},{"key":"ijoci.2014070101-7","unstructured":"Bryant, A. R. (2009). Developing a framework for evaluating organizational information assurance metrics programs. Ft. Belvoir: Defense Technical Information Center, Retrieved from: http:\/\/handle.dtic.mil\/100.2\/ADA467367"},{"key":"ijoci.2014070101-8","doi-asserted-by":"crossref","unstructured":"Chang, V., Bacigalupo, D., Wills, G., & De Roure, D. (2010). A Categorization of Cloud Computing Business Models. The 10th IEEE\/ACM International Symposium on Cluster, Cloud and Grid Computing, Melbourne, Australia, 509-512.","DOI":"10.1109\/CCGRID.2010.132"},{"key":"ijoci.2014070101-9","unstructured":"Chang, V., & Ramachandran, M. (2014). A proposed case for the Cloud Software Engineering in Security. The first international workshop on Emerging Software as a Service and Analytics, ESaaSA 2014."},{"key":"ijoci.2014070101-10","author":"V.Chang","year":"2015","journal-title":"Towards achieving Cloud Data Security with the Cloud Computing Adoption Framework"},{"key":"ijoci.2014070101-11","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2013.01.005"},{"key":"ijoci.2014070101-12","author":"E.Chew","year":"2009","journal-title":"Guide for developing performance metrics for information security: Recommendations of the National Institute of Standards and Technology"},{"key":"ijoci.2014070101-13","unstructured":"Clusif rapport. (Eds). 2010. Menaces informatiques et pratiques de s\u00e9curit\u00e9 en France."},{"key":"ijoci.2014070101-14","first-page":"2007","volume":"27005","year":"2007","journal-title":"IEC"},{"key":"ijoci.2014070101-15","author":"W.Jansen","year":"2011","journal-title":"Guidelines on Security and Privacy in Public Cloud Computing"},{"key":"ijoci.2014070101-16","author":"B. W.Johnson","year":"1989","journal-title":"Design and analysis of fault-tolorant digital systems, Johnson, BW. Addison-Wesley Longman Publishing Co., INC"},{"key":"ijoci.2014070101-17","doi-asserted-by":"publisher","DOI":"10.1145\/638750.638776"},{"key":"ijoci.2014070101-18","doi-asserted-by":"crossref","unstructured":"Jonsson, E., & Pirzadeh, L. (2011). A Framework for Security Metrics Based on Operational System Attributes, International workshop on Security Measurements and Metrics - MetriSec2011, Bannf, Alberta, Canada.","DOI":"10.1109\/Metrisec.2011.19"},{"key":"ijoci.2014070101-19","author":"M.Jouini","year":"2012"},{"issue":"3","key":"ijoci.2014070101-20","first-page":"265","article-title":"Towards quantitative measures of Information Security: A Cloud Computing case study.","volume":"1","author":"M.Jouini","year":"2012","journal-title":"International Journal of Cyber-Security and Digital Forensics"},{"key":"ijoci.2014070101-21","unstructured":"Mayer, N. (2009). Model-Based Management of Information System Security Risk. PhD Thesis."},{"key":"ijoci.2014070101-22","doi-asserted-by":"crossref","unstructured":"Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing, NIST Special Publication 800-145. Retrieved from: http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-145\/SP800-145.pdf","DOI":"10.6028\/NIST.SP.800-145"},{"key":"ijoci.2014070101-23","unstructured":"Ramachandran, M., & Chang, V. (2014). Cloud Security proposed and demonstrated by Cloud Computing Adoption Framework. The first international workshop on Emerging Software as a Service and Analytics, Barcelona."},{"key":"ijoci.2014070101-24","author":"J. W.Rittinghouse","year":"2010","journal-title":"Cloud computing: Implementation, management, and security"},{"key":"ijoci.2014070101-25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12035-0_25"},{"key":"ijoci.2014070101-26","unstructured":"Schechter, S. E. (2004). Computer Security Strength & Risk: A Quantitative Approach, PhD thesis, Harvard University DEAS."},{"key":"ijoci.2014070101-27","author":"S.Speaks","year":"2010","journal-title":"Reliability and MTBF Overview"},{"key":"ijoci.2014070101-28","author":"G.Stoneburner","year":"2001","journal-title":"Risk management guide for information technology systems: Recommendations of the national institute of standards and technology. National Insitute of Standards and Technology (NIST) Special Publication 800-30"},{"key":"ijoci.2014070101-29","article-title":"A survey on security issues in service delivery models of cloud computing.","author":"S.Subashini","year":"2010","journal-title":"Journal of Network and Computer Applications"},{"key":"ijoci.2014070101-30","doi-asserted-by":"crossref","unstructured":"The Center for Internet Security (CIS). (2009). The CIS Security Metrics v1.0.0.","DOI":"10.1201\/9781420052862.ch1"},{"issue":"4","key":"ijoci.2014070101-31","first-page":"7","article-title":"Information security expenditures: A techno-economic analysis.","volume":"10","author":"T.Tsiakis","year":"2010","journal-title":"International Journal of Computer Science and Network Security"},{"key":"ijoci.2014070101-32","doi-asserted-by":"publisher","DOI":"10.1145\/1496091.1496100"},{"key":"ijoci.2014070101-33","doi-asserted-by":"crossref","unstructured":"Vaughan-Nichols, SJ. (2008). Virtualization sparks security concerns. IEEE computer, 41(8), 13-15.","DOI":"10.1109\/MC.2008.276"},{"key":"ijoci.2014070101-34","unstructured":"Wang, J. A., Xia, M., & Zhang, F. (2009). Metrics for information security vulnerabilities. Proceedings of Intellect base International Consortium, USA, 1, 284-294."},{"key":"ijoci.2014070101-35","doi-asserted-by":"publisher","DOI":"10.1109\/CIT.2010.501"}],"container-title":["International Journal of Organizational and Collective Intelligence"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=117717","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T16:21:04Z","timestamp":1654100464000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/ijoci.2014070101"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2014,7,1]]},"references-count":36,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2014,7]]}},"URL":"https:\/\/doi.org\/10.4018\/ijoci.2014070101","relation":{},"ISSN":["1947-9344","1947-9352"],"issn-type":[{"value":"1947-9344","type":"print"},{"value":"1947-9352","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,7,1]]}}}