查看文章

Cloud computing services have attracted the attention of many organizations seeking flexible, simple, and efficient system development, operation, and support. The cost advantages of cloud services motivate the outsourcing of IT systems to the cloud. However, there is a lack of awareness of the security risks associated with cloud services. These risks and the associated threats could jeopardize the success and even the survivability of organizations that adopt cloud services. To address this issue, a risk management framework is proposed in this paper which leverages the previously proposed security operations center as a service (SOCaaS) combined with a secure service level agreement (SecSLA) to provide security requirements and compliance. The framework is self-aware of the organization assets and the associated security risks and vulnerabilities. Automated tools are provided to identify, classify …