ANALYSIS OF MODELS AND METHODS FOR ASSESSING THE STATE OF CYBERSECURITY OF CLOUD SERVICES OF INFORMATION INFRASTRUCTURE OBJECTS
DOI:
https://doi.org/10.18372/2225-5036.30.19240Keywords:
cybersecurity, information security, assessment, model, method, audit, CSP, Cloud Service Provider, IaaS, PaaS, CaaS, FaaS, SaaSAbstract
This article describes the analysis of existing standards in the field of cybersecurity aimed at providing requirements for the functioning of the company's information environment. The article will describe cloud services, their types, and the structural model of each of the selected types. Based on the analysis of the structural models of cloud service types, the main evaluation criteria will be determined. To assess the compliance of cybersecurity standards with the defined evaluation criteria, a comparative analysis will be carried out using these criteria.
References
How Mainframe Computers Have Changed Over the Years? [Electronic resource] : Maintec Technologies. — Mode of access: https://www.linkedin.com/pulse/how-mainframe-computers-have-changed-over-years/ (date of access: 01.09.2024).
Keith D. Foote. A Brief History of Cloud Computing [Electronic resource] / Keith D. Foote // Dataversity. — 2021. — Mode of access: https://www.dataversity.net/brief-history-cloud-computing/ (date of access: 02.09.2024).
Tim Matthews. The Origins of Web Security and the Birth of Security Socket Layer (SSL) Protocol [Electronic resource] / Tim Matthews // Exabeam. — 2019. — Mode of access: https://www.exabeam.com/blog/infosec-trends/the-origins-of-web-security-and-the-birth-of-security-socket-layer-ssl-protocol/ (date of access: 03.09.2024).
Pedchenko Y. Analysis of modern cloud services to ensure cybersecurity [Electronic resource] / Y. Pedchenko, Y. Ivanchenko, I. Ivanchenko, I. Lozova, D. Jancarczyk, P. Sawicki // Procedia Computer Science. — 2022. — Vol. 207. — P. 110-117. — Mode of access: https://www.sciencedirect.com/science/article/pii/S1877050922009164 (date of access: 04.09.2024).
Peter Mell. The NIST Definition of Cloud Computing / Peter Mell, Tim Grance// NIST. — 2011. — Mode of access: https://csrc.nist.gov/publications/detail/sp/800-145/final (date of access: 04.08.2024).
PaaS vs. IaaS vs. SaaS vs. CaaS: How are they different? [Electronic resource] : Google. — Mode of access: https://cloud.google.com/learn/paas-vs-iaas-vs-saas (date of access: 05.09.2024).
What is function as a service (FaaS)? [Electronic resource] : IBM. — Mode of access: https://www.ibm.com/topics/faas (date of access: 06.09.2024).
Sacha Roger. IaaS vs. CaaS vs. PaaS vs. FaaS vs. SaaS — What’s the difference? / Sacha Roger // Medium. — 2020. — Mode of access: https://stample.com/link/stamples/5ff3d43b60b2acfb9eb5ceb6/iaas-vs-caas-vs-paas-vs-faas-vs-saas-whats-the-difference (date of access: 06.09.2024).
Google is a Leader for the 5th consecutive year, in the 2024 Gartner® Magic Quadrant™ for Cloud AI Developer Services (CAIDS) [Electronic resource] : Google Cloud. — Mode of access: https://cloud.google.com/resources/gartner-caids-mq-report (date of access: 07.09.2024).
Pedchenko Y. Mathematical model of security cloud services assessment / Shulha Volodymyr, Korchenko Oleksandr, Ivanchenko Yevheniia, Vyshnevska Natalia, Pedchenko Yevhenii, Petrovska Mari // Problems Of Scientific, Technical And Legal Support For Cybersecurity In The Modern World. UKEN. Krakow, 2024. P. 5-12.
Health Information Privacy [Electronic resource] : U.S. Department of Health and Human Services. — Mode of access: https://www.hhs.gov/hipaa/index.html (date of access: 08.09.2024).
PCI-DSS [Electronic resource] : PCI Security Standards Council. — Mode of access: https://www.pcisecuritystandards.org/ (date of access: 09.09.2024).
SOC 2 [Electronic resource] : SOC System and Organization Controls. — Mode of access: https://soc2.co.uk/ (date of access: 10.09.2024).
ISO/IEC 27001:2022 [Electronic resource] : ISO. — Mode of access: https://www.iso.org/standard/27001 (date of access: 11.09.2024).
General Data Protection Regulation (EU GDPR) [Electronic resource] : GDPR Text. — Mode of access: https://gdpr-text.com/uk/ (date of access: 12.09.2024).
