A Fuzzy Logic Based Risk Assessment Approach for Evaluating and Prioritizing Risks in Cloud Computing Environment

Cloud computing is an innovative and popular paradigm in information technology. It delivers on-demand services by offering numerous advantages such as reduced management effort and efficient resource usage which would lead to economic saving. However, the associated flexibility and elasticity have caused many information security issues in a business environment. In such scenarios, all risk factors must be managed based on their probable effects on assets. Moreover, risk assessment as a core of risk management, estimates and prioritizes risks to reduce their impact and maximize the benefits of cloud computing for system providers and clients. In this paper, we adopt fuzzy logic to deal with insufficient information and estimate the severity and the likelihood of each risk mathematically. The aim of this paper is to develop a conceptual model to prioritize risks based on severity and probability. For estimating risk, human knowledge and expertise need to be integrated into role based circumstance. As a result, fuzzy logic is presented in this paper and the incenter on centroid method is proposed to convert linguistics data to numerical value in order to quantify the rate of risk. On the other hand, fuzzy logic has been used to deal with human experience as insufficient information to obtain the quantitative data due to the risk characterizing factors.