A stakeholder-oriented assessment index for cloud security auditing

Syed Rizvi, Jungwoo Ryoo, John Kissell, Bill Aiken

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Scopus citations


Cloud computing is an emerging computing model that provides numerous advantages to organizations (both service providers and customers) in terms of massive scalability, lower cost, and flexibility, to name a few. Despite these technical and economical advantages of cloud computing, many potential cloud consumers are still hesitant to adopt cloud computing due to security and privacy concerns. This paper describes some of the unique cloud computing security factors and subfactors that play a critical role in addressing cloud security and privacy concerns. To mitigate these concerns, we develop a security metric tool to provide information to cloud users about the security status of a given cloud vendor. The primary objective of the proposed metric is to produce a security index that describes the security level accomplished by an evaluated cloud computing vendor. The resultant security index will give confidence to different cloud stakeholders and is likely to help them in decision making, increase the predictability of the quality of service, and allow appropriate proactive planning if needed before migrating to the cloud. To show the practicality of the proposed metric, we provide two case studies based on the available security information about two well-known cloud service providers (CSP). The results of these case studies demonstrated the effectiveness of the security index in determining the overall security level of a CSP with respect to the security preferences of cloud users.

Original languageEnglish (US)
Title of host publicationACM IMCOM 2015 - Proceedings
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450333771
StatePublished - Jan 8 2015
Event9th International Conference on Ubiquitous Information Management and Communication, ACM IMCOM 2015 - Bali, Indonesia
Duration: Jan 8 2015Jan 10 2015

Publication series

NameACM IMCOM 2015 - Proceedings


Other9th International Conference on Ubiquitous Information Management and Communication, ACM IMCOM 2015

All Science Journal Classification (ASJC) codes

  • General Computer Science
  • Control and Systems Engineering
  • Management Information Systems


Dive into the research topics of 'A stakeholder-oriented assessment index for cloud security auditing'. Together they form a unique fingerprint.

Cite this