Many devices in the Internet of Things (IoT) ecosystem may be susceptible to cyberattacks due to their diverse
nature and lack of standardization. Resource-constrained IoT devices include sensor nodes, smart gadgets, and wearable
devices. An organization's RAP (Risk Assessment Process) integrates the evaluation of hazards that are linked to all its
resources, as well as the evaluation and prioritization of these risks. It is crucial to begin the risk management process with
an accurate and thorough risk assessment. The Cyber Security Risk Models (CSRMs) in Cloud Computing are examined
in this research. To understand the uniqueness of IoT systems and why present risk assessment methodologies for IoT are
ineffective, it is necessary to understand the current state of risk assessment for IoT. There are constraints to periodic
evaluations IoT due to device interoperability. Continuous testing of IoT solutions is thus essential.
Keywords
Internet of Things (IoT), Cyber Security Risk Models (CSRM), Risk Assessment Process (RAP), Confidentiality, Integrity, Availability (CIA).
M. H. Amini, J. Mohammadi, and S. Kar, “Promises of fully distributed optimization for IoT-based smart city infrastructures,” in Advances in Intelligent Systems and Computing, Cham: Springer International Publishing, 2020, pp. 15–35.
W. Zheng, J. Cheng, X. Wu, R. Sun, X. Wang, and X. Sun, “Domain knowledge-based security bug reports prediction,” Knowl. Based Syst., vol. 241, no. 108293, p. 108293, 2022.
S. M. H. Anik, X. Gao, N. Meng, P. R. Agee, and A. P. McCoy, “A cost-effective, scalable, and portable IoT data infrastructure for indoor environment sensing,” J. Build. Eng., vol. 49, no. 104027, p. 104027, 2022.
T. Rajmohan, P. H. Nguyen, and N. Ferry, “A decade of research on patterns and architectures for IoT security,” Cybersecurity, vol. 5, no. 1, 2022.
C. Wheelus and X. Zhu, “IoT network security: Threats, risks, and a data-driven defense framework,” IoT, vol. 1, no. 2, pp. 259–285, 2020.
F. Basya, M. Hardjanto, and I. Permana Putra, “SHA512 and MD5 algorithm vulnerability testing using Common Vulnerability Scoring System (CVSS),” bit-cs, vol. 3, no. 1, pp. 1–4, 2022.
S. Goswami, N. Krishnan, M. Verma, S. Saurabh Swarnkar and P. Mahajan, "Reducing Attack Surface of a Web Application by Open Web Application Security Project Compliance", Defence Science Journal, vol. 62, no. 5, pp. 324-330, 2012. Doi: 10.14429/dsj.62.1291.
S. Ramanauskaitė, N. Goranin, A. Čenys and J. Juknius, "Modelling influence of Botnet features on effectiveness of DDoS attacks", Security and Communication Networks, vol. 8, no. 12, pp. 2090-2101, 2014. Doi: 10.1002/sec.1156.
S. Bonvicini, S. Ganapini, G. Spadoni and V. Cozzani, "The Description of Population Vulnerability in Quantitative Risk Analysis", Risk Analysis, vol. 32, no. 9, pp. 1576-1594, 2012. Doi: 10.1111/j.1539-6924.2011.01766.x.
"McAfee Labs Threats Report: December 2018", Computer Fraud & Security, vol. 2019, no. 1, pp. 4-4, 2019. Doi: 10.1016/s1361-3723(19)30004-1.
R. Borum, "Operationally relevant research and practice in terrorism threat assessments.", Journal of Threat Assessment and Management, vol.2, no. 3-4, pp. 192-194, 2015. Doi: 10.1037/tam0000046.
Z. Qian and Y. Wang, "Internet of Things-oriented Wireless Sensor Networks Review", Journal of Electronics & Information Technology,vol. 35, no. 1, pp. 215-227, 2014. Doi: 10.3724/sp.j.1146.2012.00876.
I. Lee, "Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management", Future Internet, vol. 12, no. 9, p. 157,2020. Doi: 10.3390/fi12090157.
G. Krigsvoll, M. Fumo and R. Morbiducci, "National and International Standardization (International Organization for Standardization and European Committee for Standardization) Relevant for Sustainability in Construction", Sustainability, vol. 2, no. 12, pp. 3777-3791, 2010. Doi:10.3390/su2123777.
"Healthcare organisations struggle to maintain security", Network Security, vol. 2015, no. 10, pp. 1-2, 2015. Doi: 10.1016/s1353-4858(15)30084-2
Acknowledgements
Authors thank Reviewers for taking the time and effort necessary to review the manuscript.
Funding
No funding was received to assist with the preparation of this manuscript.
Ethics declarations
Conflict of interest
The authors have no conflicts of interest to declare that are relevant to the content of this article.
Availability of data and materials
No data available for above study.
Author information
Contributions
All authors have equal contribution in the paper and all authors have read and agreed to the published version of the manuscript.
Corresponding author
Hossein Anisi
Hossein Anisi
School of Computer Science and Electronic Engineering, University of Essex, UK.
Open Access This article is licensed under a Creative Commons Attribution NoDerivs is a more restrictive license. It allows you to redistribute the material commercially or non-commercially but the user cannot make any changes whatsoever to the original, i.e. no derivatives of the original work. To view a copy of this license, visit https://creativecommons.org/licenses/by-nc-nd/4.0/
Cite this article
Hossein Anisi, “Evaluation of the Cyber Security Risk Models (CSRM) in Cloud Computing”, Journal of Machine and Computing, vol.2, no.3, pp. 124-133, July 2022. doi: 10.53759/7669/jmc202202017.
