Standards for Cloud Risk Assessments - What's Missing?

摘要

Conducting a risk assessment (RA) for cloud computing platforms presents new challenges in the space of Information Security Management Systems (ISMS). ISO 27001 RA methods have been used for the Alcohol Monitoring Systems (AMS) ISMS across a portfolio of products and services. Scaling these localized techniques to national and international cloud security standards shows that a ‘one size fits all’ risk assessment approach does not exist in the industry today. The context and methods for conducting cloud risk assessment are examined across representative national and international standards and guidelines. Recommendations for standardizing the RA methods for cloud computing are suggested based on industry best practices.