The method of assessing the cyber security of cloud services of information infrastructure objects

Abstract

In the work, a method based on a mathematical model was developed, which is intended for mathematical calculation of the assessment of the state of cyber security of cloud services of information infrastructure objects. To build the evaluation method, the results of the model development, evaluation criteria of cloud services, as well as answer options, for which the number of points for each option is determined, were used. The evaluation method consists of 11 stages, where the last one is directly calculating the criticality of the cloud service. Based on the results of the calculations, a recommendation is provided regarding the use or non-use of the cloud service, which allows you to make informed decisions based on the received data. The article also presents the calculated maximum possible number of points that can be obtained within the evaluated cloud service. This method can be used during the development of a network application, which will be a useful tool for the auditor. It will help to assess the state of security of the used cloud service at the customer company, as well as before purchasing or using such services. The application of this method allows you to significantly increase the level of awareness of the potential risks associated with the use of cloud technologies and ensure an appropriate level of cyber security. The developed approach can become the basis for further research in the field of cyber security assessment, contributing to the development of more comprehensive models and tools for analyzing risks in cloud environments. This, in turn, will contribute to the growth of trust in cloud services and their security in the conditions of modern information challenges.

Keywords: cyber security, information security, evaluation, mathematical model, mathematical method, audit, CSP, Cloud Service Provider, IaaS, PaaS, CaaS, FaaS, SaaS.