Migration of Information security risk assessment from On-premise to Cloud

Thesis title: Migration of Information security risk assessment from On-premise to Cloud
Author: Ravindranathan, Rahul Nair
Thesis type: Diploma thesis
Supervisor: Ziaei Nafchi, Majid
Opponents: Sudzina, František
Thesis language: English
Abstract:
The migration of information security risk assessment (ISRA) from on-premise to cloud environments presents a complex array of challenges and opportunities for modern organizations. As businesses increasingly adopt cloud computing to leverage its scalability, cost-efficiency, and flexibility, they must also navigate the unique security risks inherent in these platforms. Traditional ISRA frameworks, well-suited to static and controlled on-premise environments, often fall short when applied to the dynamic and decentralized nature of cloud computing. This thesis explores the inherent differences in risk profiles between on-premise and cloud-based infrastructures, evaluating the effectiveness of existing risk assessment methodologies in the context of cloud migration. Through a combination of theoretical analysis and empirical research, this study proposes a framework specifically tailored to enhance ISRA for cloud environments. To gather comprehensive insights, the research methodology included 23 in-depth interviews with industry experts and a detailed survey distributed to security professionals across various sectors. The interviews provided qualitative data on the challenges and strategies experienced by organizations during their transition to the cloud, highlighting gaps in traditional risk assessment approaches. The survey offered quantitative data on the effectiveness of current methodologies and specific security incidents encountered in cloud environments. Key findings emphasize the necessity for ongoing surveillance, real-time risk assessment, and the integration of advanced technologies such as machine learning and artificial intelligence to improve threat identification and response. This research underscores the need for a holistic and adaptive ISRA framework to address evolving threats and vulnerabilities in cloud computing, ultimately contributing to the development of more resilient and secure cloud infrastructures.
Keywords: Cloud Computing; Cloud Migration; Information Security Risk Assessment; Cloud Security; On-Premise Security; Risk Management; Security Frameworks; ISO/IEC 27001; NIST SP 800-30; Continuous Monitoring; Information Security Management System
Thesis title: Migration of Information security risk assessment from On-premise to Cloud
Author: Ravindranathan, Rahul Nair
Thesis type: Diplomová práce
Supervisor: Ziaei Nafchi, Majid
Opponents: Sudzina, František
Thesis language: English
Abstract:
The migration of information security risk assessment (ISRA) from on-premise to cloud environments presents a complex array of challenges and opportunities for modern organizations. As businesses increasingly adopt cloud computing to leverage its scalability, cost-efficiency, and flexibility, they must also navigate the unique security risks inherent in these platforms. Traditional ISRA frameworks, well-suited to static and controlled on-premise environments, often fall short when applied to the dynamic and decentralized nature of cloud computing. This thesis explores the inherent differences in risk profiles between on-premise and cloud-based infrastructures, evaluating the effectiveness of existing risk assessment methodologies in the context of cloud migration. Through a combination of theoretical analysis and empirical research, this study proposes a framework specifically tailored to enhance ISRA for cloud environments. To gather comprehensive insights, the research methodology included 23 in-depth interviews with industry experts and a detailed survey distributed to security professionals across various sectors. The interviews provided qualitative data on the challenges and strategies experienced by organizations during their transition to the cloud, highlighting gaps in traditional risk assessment approaches. The survey offered quantitative data on the effectiveness of current methodologies and specific security incidents encountered in cloud environments. Key findings emphasize the necessity for ongoing surveillance, real-time risk assessment, and the integration of advanced technologies such as machine learning and artificial intelligence to improve threat identification and response. This research underscores the need for a holistic and adaptive ISRA framework to address evolving threats and vulnerabilities in cloud computing, ultimately contributing to the development of more resilient and secure cloud infrastructures.
Keywords: Cloud Computing; Cloud Migration; Information Security Risk Assessment; Cloud Security; On-Premise Security; Risk Management; Security Frameworks; ISO/IEC 27001; NIST SP 800-30; Continuous Monitoring; Information Security Management System

Information about study

Study programme: Information Systems Management
Type of study programme: Magisterský studijní program
Assigned degree: Ing.
Institutions assigning academic degree: Vysoká škola ekonomická v Praze
Faculty: Faculty of Informatics and Statistics
Department: Department of Systems Analysis

Information on submission and defense

Date of assignment: 27. 10. 2023
Date of submission: 25. 6. 2024
Date of defense: 26. 8. 2024
Identifier in the InSIS system: https://insis.vse.cz/zp/86283/podrobnosti

Files for download

    Last update: