Security and privacy concerns represent a significant hindrance to the widespread adoption\nof cloud computing services. While cloud adoption mitigates some of the existing information\ntechnology (IT) risks, research shows that it introduces a new set of security risks linked to\nmulti-tenancy, supply chain and system complexity. Assessing and managing cloud risks can\nbe a challenge, even for cloud service providers (CSPs), due to the increased numbers of parties,\ndevices and applications involved in cloud service delivery. The limited visibility of security controls\ndown the supply chain, further exacerbates this risk assessment challenge. As such, we propose the\nCloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model\nwhich is supported by supplier security posture assessment and supply chain mapping. Using the\nCSCCRA model, we assess the risk of a SaaS application, mapping its supply chain, identifying weak\nlinks in the chain, evaluating its security risks and presenting the risk value in monetary terms (£),\nwith this, promoting cost-effective risk mitigation and optimal risk prioritisation. We later apply the\nCore Unified Risk Framework (CURF) in comparing the CSCCRA model with already established\nmethods, as part of evaluating its completeness.
Loading....