Information security risk management models for cloud hosted systems: A comparative study

Abstract

Cloud hosting approach is becoming a popular choice for management. Having the information hosted in the cloud increase the risks and threats. A strong Security Model is required to maximize the security and treat risks efficiently. This research aims to analysis the most popular Security Model Methodologies and provide recommendation on the best fit methodology for cloud hosting approach. This research used a comparison model to compare the Security Model methodologies, which are ISO27005, NIST SP 800-30, CRAMM, CORAS, OCTAVE Allegro, and COBIT 5, based on three areas: Applicability, adaptability, and Involvement of the models for a cloud-based hosting approach. The research recommends OCTAVE Allegro as the preferred model for cloud hosting approach, as well as COBIT 5 and CORAS with some tuning. The previous models handle the CIA Triad and focus on the information storage, Processing, and transmission. The ISO27005, NIST SP 800-30, and CRAMM are all describing the risk management and assessment as an abstract and might not provide clear guidelines for cloud risks evaluation and assessment. There are more than 200 security models in the management studies, few are suitable for fast growing and continuously changing environment like the cloud approach, the research value on highlighting the best fit approaches to consider when using a cloud hosting platform, securing the information with a proper model.