QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security

Prasad Saripalli; Ben Walters

doi:10.1109/CLOUD.2010.22

C
CLOUD
2010
2010 IEEE 3rd International Conference on Cloud Computing
Abstract - QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Prasad Saripalli Articles by Ben Walters

2010 IEEE 3rd International Conference on Cloud Computing

QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security

Miami, Florida

July 05-July 10

ISBN: 978-0-7695-4130-3

	ASCII Text	x
	Prasad Saripalli, Ben Walters, "QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security," 2012 IEEE Fifth International Conference on Cloud Computing, pp. 280-288, 2010 IEEE 3rd International Conference on Cloud Computing, 2010.

	BibTex	x
	@article{ 10.1109/CLOUD.2010.22, author = {Prasad Saripalli and Ben Walters}, title = {QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security}, journal ={2012 IEEE Fifth International Conference on Cloud Computing}, volume = {0}, year = {2010}, isbn = {978-0-7695-4130-3}, pages = {280-288}, doi = {http://doi.ieeecomputersociety.org/10.1109/CLOUD.2010.22}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - 2012 IEEE Fifth International Conference on Cloud Computing TI - QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security SN - 978-0-7695-4130-3 SP280 EP288 A1 - Prasad Saripalli, A1 - Ben Walters, PY - 2010 KW - Cloud Computing KW - Security KW - STRIDE KW - Risk KW - Impact KW - Delphi Method KW - Risk Asessment KW - CIAMAU VL - 0 JA - 2012 IEEE Fifth International Conference on Cloud Computing ER -

Prasad Saripalli

Ben Walters

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CLOUD.2010.22

A quantitative risk and impact assessment framework (QUIRC) is presented, to assess the security risks associated with cloud computing platforms. This framework, called QUIRC, defines risk as a combination of the Probability of a security threat event and it’s Severity, measured as its Impact. Six key Security Objectives (SO) are identified for cloud platforms, and it is proposed that most of the typical attack vectors and events map to one of these six categories. Wide-band Delphi method is proposed as a scientific means to collect the information necessary for assessing security risks. Risk assessment knowledgebases could be developed specific to each industry vertical, which then serve as inputs for security risk assessment of cloud computing platforms. QUIRC’s key advantage is its fully quantitative and iterative convergence approach, which enables stakeholders to comparatively assess the relative robustness of different cloud vendor offerings and approaches in a defensible manner.

Index Terms:

Cloud Computing, Security, STRIDE, Risk, Impact, Delphi Method, Risk Asessment, CIAMAU

Citation:

Prasad Saripalli, Ben Walters, "QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security," cloud, pp.280-288, 2010 IEEE 3rd International Conference on Cloud Computing, 2010

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.