ANALYSIS OF MODELS AND METHODS FOR ASSESSING THE STATE OF CYBERSECURITY OF CLOUD SERVICES OF INFORMATION INFRASTRUCTURE OBJECTS

Authors

DOI:

https://doi.org/10.18372/2225-5036.30.19240

Keywords:

cybersecurity, information security, assessment, model, method, audit, CSP, Cloud Service Provider, IaaS, PaaS, CaaS, FaaS, SaaS

Abstract

This article describes the analysis of existing standards in the field of cybersecurity aimed at providing requirements for the functioning of the company's information environment. The article will describe cloud services, their types, and the structural model of each of the selected types. Based on the analysis of the structural models of cloud service types, the main evaluation criteria will be determined. To assess the compliance of cybersecurity standards with the defined evaluation criteria, a comparative analysis will be carried out using these criteria.

References

How Mainframe Computers Have Changed Over the Years? [Electronic resource] : Maintec Technologies. — Mode of access: https://www.linkedin.com/pulse/how-mainframe-computers-have-changed-over-years/ (date of access: 01.09.2024).

Keith D. Foote. A Brief History of Cloud Computing [Electronic resource] / Keith D. Foote // Dataversity. — 2021. — Mode of access: https://www.dataversity.net/brief-history-cloud-computing/ (date of access: 02.09.2024).

Tim Matthews. The Origins of Web Security and the Birth of Security Socket Layer (SSL) Protocol [Electronic resource] / Tim Matthews // Exabeam. — 2019. — Mode of access: https://www.exabeam.com/blog/infosec-trends/the-origins-of-web-security-and-the-birth-of-security-socket-layer-ssl-protocol/ (date of access: 03.09.2024).

Pedchenko Y. Analysis of modern cloud services to ensure cybersecurity [Electronic resource] / Y. Pedchenko, Y. Ivanchenko, I. Ivanchenko, I. Lozova, D. Jancarczyk, P. Sawicki // Procedia Computer Science. — 2022. — Vol. 207. — P. 110-117. — Mode of access: https://www.sciencedirect.com/science/article/pii/S1877050922009164 (date of access: 04.09.2024).

Peter Mell. The NIST Definition of Cloud Computing / Peter Mell, Tim Grance// NIST. — 2011. — Mode of access: https://csrc.nist.gov/publications/detail/sp/800-145/final (date of access: 04.08.2024).

PaaS vs. IaaS vs. SaaS vs. CaaS: How are they different? [Electronic resource] : Google. — Mode of access: https://cloud.google.com/learn/paas-vs-iaas-vs-saas (date of access: 05.09.2024).

What is function as a service (FaaS)? [Electronic resource] : IBM. — Mode of access: https://www.ibm.com/topics/faas (date of access: 06.09.2024).

Sacha Roger. IaaS vs. CaaS vs. PaaS vs. FaaS vs. SaaS — What’s the difference? / Sacha Roger // Medium. — 2020. — Mode of access: https://stample.com/link/stamples/5ff3d43b60b2acfb9eb5ceb6/iaas-vs-caas-vs-paas-vs-faas-vs-saas-whats-the-difference (date of access: 06.09.2024).

Google is a Leader for the 5th consecutive year, in the 2024 Gartner® Magic Quadrant™ for Cloud AI Developer Services (CAIDS) [Electronic resource] : Google Cloud. — Mode of access: https://cloud.google.com/resources/gartner-caids-mq-report (date of access: 07.09.2024).

Pedchenko Y. Mathematical model of security cloud services assessment / Shulha Volodymyr, Korchenko Oleksandr, Ivanchenko Yevheniia, Vyshnevska Natalia, Pedchenko Yevhenii, Petrovska Mari // Problems Of Scientific, Technical And Legal Support For Cybersecurity In The Modern World. UKEN. Krakow, 2024. P. 5-12.

Health Information Privacy [Electronic resource] : U.S. Department of Health and Human Services. — Mode of access: https://www.hhs.gov/hipaa/index.html (date of access: 08.09.2024).

PCI-DSS [Electronic resource] : PCI Security Standards Council. — Mode of access: https://www.pcisecuritystandards.org/ (date of access: 09.09.2024).

SOC 2 [Electronic resource] : SOC System and Organization Controls. — Mode of access: https://soc2.co.uk/ (date of access: 10.09.2024).

ISO/IEC 27001:2022 [Electronic resource] : ISO. — Mode of access: https://www.iso.org/standard/27001 (date of access: 11.09.2024).

General Data Protection Regulation (EU GDPR) [Electronic resource] : GDPR Text. — Mode of access: https://gdpr-text.com/uk/ (date of access: 12.09.2024).

Downloads

Published

2024-12-03

How to Cite

Ivanchenko, I., & Pedchenko, Y. (2024). ANALYSIS OF MODELS AND METHODS FOR ASSESSING THE STATE OF CYBERSECURITY OF CLOUD SERVICES OF INFORMATION INFRASTRUCTURE OBJECTS. Ukrainian Scientific Journal of Information Security, 30(2), 281–288. https://doi.org/10.18372/2225-5036.30.19240

Issue

Vol. 30 No. 2 (2024): Ukrainian Scientific Journal of Information Security

Section

Cybersecurity & Critical Information Infrastructure Protection (CIIP)

License

The scientific journal "Information Security" adheres to the principles of open science and provides free, free and permanent access to all published materials. The goal of the policy is to increase the visibility, citation and impact of the results of scientific research in the field of information security. The journal works according to the principles of Open Access and does not charge a fee for access to published articles.

All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

Copyright

Authors who publish their works in the journal “Information Security”:

  • retain the copyright to their publications;

  • grant the journal the right of first publication of the article;

  • agree to the distribution of their materials under the CC BY 4.0 license;

  • have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.