Study on Security Policy of Cloud Service based on Risk Characteristic Analysis

Each enterprise has its own unique situation, therefore it is unable to adopt a completely unified security control measures. Thus enterprise should have risk characteristic analysis to determine the appropriate information security attributes as well as the control measures. Different enterprises will adopt different cloud services, and they will put different types and levels of data into cloud services, so different users need different security policies of cloud services. Enterprises need a scientific and rational way to help themselves to determine which security controls are necessary. This paper proposed a method based on risk characteristic analysis to determine the information security control measures needed by the specific enterprise.