Journal of Platform Technology

ICT Platform Society (ICT플랫폼학회)
권호 표지

A Study on effective risk analysis and evaluation method of cloud computing system environment

클라우드컴퓨팅 시스템 환경의 효과적 위험분석평가 방법에 관한 연구

  • 이정림 (중앙대학교 대학원 융합보안학과) ;
  • 장항배 (중앙대학교 산업보안학과)
  • Received : 2021.05.04
  • Accepted : 2021.06.24
  • Published : 2021.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Although many studies have been conducted on risk analysis and evaluation in the on-premises environment in information security, studies on effective methodologies of risk analysis and evaluation for cloud computing systems are lacking. In 2015, the Cloud Computing Development Act was enacted, which served as an opportunity to promote the introduction of cloud computing. However, due to the increase in security incidents in the cloud computing system, activation is insufficient. In addition, the cloud computing system is not being actively introduced because of the difficulty in understanding the cloud computing system technology of the person in charge who intends to introduce the cloud computing system. In this regard, this study presented an effective risk analysis and evaluation method by examining the characteristics, concepts, and models of cloud computing systems and analyzing how these characteristics affect risk analysis and evaluation.

정보보안에 있어서 온-프레미스의 환경에서 위험분석평가에 대한 많은 연구가 진행되었지만, 클라우드컴퓨팅 시스템에 대한 위험분석평가의 효과적인 방법론에 대한 연구는 많이 부족한 실정이다. 2015년 클라우드컴퓨팅 발전법이 제정되어 클라우드컴퓨팅 도입 촉진 계기가 되었다, 그러나 클라우드컴퓨팅 시스템의 보안사고 증가 등의 이유로 활성화가 미진한 상황이다. 또한, 클라우드컴퓨팅 시스템을 도입하려는 관련 담당자의 클라우드컴퓨팅 시스템 기술 이해의 어려움 때문에 적극적으로 도입이 이루어지고 있지 않은 상황이다. 이에 관하여 이 연구는 클라우드컴퓨팅 시스템이 가진 특성과 개념, 그리고 모델을 살펴보고 이러한 특성이 위험분석평가에 어떻게 영향을 미치는지를 분석하여 효과적인 위험분석평가 방법을 제시하였다.

Keywords

References

  1. Eunjoo Kim. "Public sector cloud application examples and performance analysis". Journal of Korean Communication Sciences (Information and Communication), 36 (2), 23-27. 2019.
  2. Thomas Erl, Zaigham Mahmood and Ricardo Puttini, "Cloud Computing: Concepts, Technology & Architecture"
  3. Dongho Kim, Junghoon Lee, and Yangpyo Park, "A Study on the Factors of Cloud Computing Characteristics Influencing Enterprise's Intention to Adopt Cloud Computing Services," The Jounal of Society for e-Business Studies, vol. 17, no. 1, pp. 111-136, 2012. https://doi.org/10.7838/jsebs.2012.17.1.111
  4. S. Kim and H. Park, "The Relationship between Vender Dependency and Expected Benefits of Cloud Computing: The Moderating Effects of Vendor Trust and Organizational Supports," korean management review, vol. 47, no. 5, pp. 1021-1047, 2018, doi: 10.17287/kmr.2018.47.5.1021.
  5. Saeha Jeon, Narae Park, and Jung Jung Lee, "Study on the Factors Affecting the Intention to Adopt Public Cloud Computing Service," Entrue Journal of Information Technology, vol. 10, no. 2, pp. 97-112, 2011.
  6. Woojin Jeon and Kiwoong Park, "Container-friendly File System Event Detection System for PaaS Cloud Computing," The Korea Next Generation Computing Society, vol. 15, no. 1, pp. 86-98, 2019.
  7. Ilhoon Jung, Junghun Oh, Jungheum Park, and Sangjin Lee, "A Digital Forensic Study on IaaS Type Cloud Computing Services," Journal of the Korea Institute of Information Security & Cryptology, vol. 21, no. 9, pp. 55-65, 2011.
  8. Sangyong Choi and Kimoon Jung, "Security Architecture for a Secure Cloud Computing Environment," Journal of the Korea Society of Computer and Information, vol. 23, no. 12, pp. 81-87, 2018, doi: 10.9708/jksci.2018.23.12.081.
  9. Roh Hyun-suk, "A Study on the Concept of Moving Personal Information Overseas in Cloud Service" Ancient Law No. 79 2015.
  10. Changjae Lee, "A Study on the Risk Assessment Plan for Persons Handling Personal Information," Dongguk University Master's Thesis, 2016.
  11. Lee Myung-ryul, "A Study on Information Security Risk Analysis Method Reflecting Information Security Governance and External Threats" Master's Thesis, Soongsil University, 2017.
  12. Lee Cheong-hee, "Information Flow-Based Risk Analysis Methodology _ Focusing on Photomask Process Flow" Master's Thesis, Kyungwon University, 2009.
  13. http://www.ahnlab.com
  14. https://www.hangrp.com/consulting/consulting_03_01.php
  15. http://www.kaits.or.kr/sub/?p=sub14
  16. https://cve.mitre.org/cve/update_cve_records.html
  17. http://www.zinion.co.kr/index.php?mid=service04
  18. http://cwe.mitre.org,
  19. https://nvd.nist.gov/vuln-metrics/cvss
  20. https://owasp.org/
  21. http://aws,amazon.com/ko/agreement/, Security Handoff Point
  22. Shin Kyung-ah and Lee Sang-jin, "Information Security Management System for Cloud Computing Services," Journal of the Korea Institute of Information Security & Cryptology 21(6), vol. 22, no. 1, pp. 155-167, 2012. https://doi.org/10.13089/JKIISC.2012.22.1.155
  23. Morgan, D. L. (1996). Focus groups as qualitative research (Vol. 16). Sage publications.
  24. Cabrera, D., Mandel, J. T., Andras, J. P., & Nydam, M. L. (2008). What is the crisis? Defining and prioritizing the world's most pressing problems. Frontiers in Ecology and the Environment, 6(9), 469-475. https://doi.org/10.1890/070185