1STRUCTURAL MODEL OF THE CYBERSECURITY ASSESSMENT SYSTEM OF CLOUD SERVICES OF INFORMATION INFRASTRUCTURE OBJECTS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2024.25.505515

Keywords:

cybersecurity; model; method; system; audit; cloud service provider.

Abstract

During this investigation, a structural model of the system for evaluating the cyber security of cloud services of information infrastructure objects will demonstrate, which is intended to be used for the evaluation of all public cloud services. A structural model of the cyber security evaluation system of cloud services has been developed, consisting of 11 module evaluation parameters, namely: network, data storage, server, virtualization, operating system, containerization, continuous operation, applications and data processing. For the developed a structural model of the evaluation system, all the modules involved in the evaluation of the used cloud service are presented, as well as the formulas for calculating each of the 1 evaluation parameters involved in a successful system are presented. For the developed a structural model of the evaluation system, a schematic image has been developed that demonstrates the dependence of all system components and the used evaluation parameters of cloud services, as well as interaction with the database, which places all information about questions, answers, recommendations, and evaluations made by the auditor, is presented. In addition, the schematic image shows the process of recording the evaluation results to the database. The visualization of the results of the conducted assessment is presented by generating a separate web page, the data for which is taken from the database tables containing the results of the conducted assessment and a recommendation is presented regarding the possibility of using or not using the cloud service in the productive environment of the company based on the points obtained from the assessment results 11 modules. Additionally, it is possible to download the evaluation results into a separate report that can be presented to the company's management for a final decision. So, this work describes the modules and databases used to build a structured model of the evaluation system, as well as the algorithm for evaluating the cyber security of a cloud service and providing a final conclusion regarding the recommendation to use or not use the evaluated cloud service.

Downloads

Download data is not yet available.

References

Pedchenko, Y., et al. (2022). Analysis of modern cloud services to ensure cybersecurity. Procedia Computer Science, 207, 110–117. https://doi.org/10.1016/j.procs.2022.09.043

Proofpoint. (n.d.). What is cloud security? - Issues & threats. Proofpoint. Retrieved September 20, 2024, from https://www.proofpoint.com/us/threat-reference/cloud-security

CrowdStrike. (n.d.). What is cyber espionage? CrowdStrike. Retrieved September 20, 2024, from https://www.crowdstrike.com/cybersecurity-101/cyberattacks/cyber-espionage/

Checkpoint. (n.d.). Top 15 cloud security issues, threats and concerns. Checkpoint. Retrieved September 20, 2024, from https://www.checkpoint.com/cyber-hub/cloud-security/what-is-cloud-security/top-cloud-security-issues-threats-and-concerns/

McAfee. (n.d.). Cloud adoption and risk report. Retrieved September 20, 2024, from https://files.constantcontact.com/e4d8c81b001/d093e39a-1795-4f0b-928d-c5bb25a3a4b7.pdf

Hyperglance. (n.d.). Cloud security posture management (CSPM). Hyperglance. Retrieved September 21, 2024, from https://www.hyperglance.com/blog/cloud-security-posture-management-cspm/

Microsoft. (n.d.). Shared responsibility in the cloud - Microsoft Azure. Microsoft Learn. Retrieved September 22, 2024, from https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

ISO. (2022). ISO/IEC 27001:2022. Retrieved September 21, 2024, from https://www.iso.org/standard/27001

The Next Platform. (2023, April 3). Cloud spending curtailed, on premises spending heading into recession. Retrieved September 23, 2024, from https://www.nextplatform.com/2023/04/03/cloud-spending-curtailed-on-premises-spending-heading-into-recession/

Korchenko, O. (2004). Information protection systems (Monograph). Kyiv: NAU.

Potii, O., et al. (2023). Model of the system of data characteristics for assessing the state of cyber protection in Ukraine. Collection of scientific works of the Central Research Institute of the Armed Forces of Ukraine, 107(4), 313–329.

Pedchenko, Y., & Ivanchenko, I. (2024). The method of assessing the cyber security of cloud services of information infrastructure objects. Modern Information Security, 59(3), 75–89. https://doi.org/10.31673/2409-7292.2024.030008

Stample. (n.d.). IaaS vs. CaaS vs. PaaS vs. FaaS vs. SaaS – What’s the difference? Retrieved September 29, 2024, from https://stample.com/link/stamples/5ff3d43b60b2acfb9eb5ceb6/iaas-vs-caas-vs-paas-vs-faas-vs-saas-whats-the-difference

Downloads


Abstract views: 70

Published

2024-10-23

How to Cite

Ivanchenko, I., & Pedchenko, Y. (2024). 1STRUCTURAL MODEL OF THE CYBERSECURITY ASSESSMENT SYSTEM OF CLOUD SERVICES OF INFORMATION INFRASTRUCTURE OBJECTS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(25), 505–515. https://doi.org/10.28925/2663-4023.2024.25.505515