Next Article in Journal
Process-Aware Enactment of Clinical Guidelines through Multimodal Interfaces
Next Article in Special Issue
Value Modeling for Ecosystem Analysis
Previous Article in Journal / Special Issue
Parliamentary Open Data in Scandinavia
Open AccessArticle

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

1
Department of Computer Science, University of Oxford, Oxford OX1 2JD, UK
2
Saïd Business School, University of Oxford, Oxford OX1 2JD, UK
*
Author to whom correspondence should be addressed.
Computers 2019, 8(3), 66; https://doi.org/10.3390/computers8030066
Received: 3 July 2019 / Revised: 5 September 2019 / Accepted: 5 September 2019 / Published: 8 September 2019
(This article belongs to the Special Issue Information Systems - EMCIS 2018)
Security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. While cloud adoption mitigates some of the existing information technology (IT) risks, research shows that it introduces a new set of security risks linked to multi-tenancy, supply chain and system complexity. Assessing and managing cloud risks can be a challenge, even for cloud service providers (CSPs), due to the increased numbers of parties, devices and applications involved in cloud service delivery. The limited visibility of security controls down the supply chain, further exacerbates this risk assessment challenge. As such, we propose the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by supplier security posture assessment and supply chain mapping. Using the CSCCRA model, we assess the risk of a SaaS application, mapping its supply chain, identifying weak links in the chain, evaluating its security risks and presenting the risk value in monetary terms (£), with this, promoting cost-effective risk mitigation and optimal risk prioritisation. We later apply the Core Unified Risk Framework (CURF) in comparing the CSCCRA model with already established methods, as part of evaluating its completeness. View Full-Text
Keywords: cloud computing; quantitative risk assessment; supply chain; transparency; security rating service; decision support analysis cloud computing; quantitative risk assessment; supply chain; transparency; security rating service; decision support analysis
Show Figures

Figure 1

MDPI and ACS Style

Akinrolabu, O.; New, S.; Martin, A. CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers. Computers 2019, 8, 66.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map

1
Back to TopTop