Show simple item record

dc.contributor.advisorStuart Madnick.en_US
dc.contributor.authorRaina, Ravien_US
dc.contributor.otherMassachusetts Institute of Technology. Engineering Systems Division.en_US
dc.date.accessioned2017-03-20T19:42:03Z
dc.date.available2017-03-20T19:42:03Z
dc.date.copyright2016en_US
dc.date.issued2016en_US
dc.identifier.urihttp://hdl.handle.net/1721.1/107602
dc.descriptionThesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, School of Engineering, System Design and Management Program, Engineering and Management Program, 2016.en_US
dc.descriptionCataloged from PDF version of thesis.en_US
dc.descriptionIncludes bibliographical references (pages 119-124).en_US
dc.description.abstractCloud computing represents the next generation of disruptive technologies in computing. However, there are several barriers to massive adoption of cloud and among them security remains one of the principal concerns. Traditional failure analysis and prevention frameworks fall exceedingly short to address cybersecurity as is evident by every increasing cybersecurity breaches. New frameworks for cybersecurity are required which take a holistic view of the problem and a systems perspective. Migrating to cloud also represents a key decision point for CEO/CTO's today, especially from security perspective. The objective of this thesis is to illustrate the effectiveness of taking a Systems Approach to cybersecurity and provide a framework for migration to cloud with specific emphasis on critical cybersecurity issues pertaining to various cloud deployment models and delivery services. The thesis is divided into three phases. Firstly, it will aim to explore the major security threats and critical areas of focus for security in cloud. It will explore the major security frameworks, metrics and controls, especially the major ones from NIST, CIS and CSA. SLA's for different cloud service models will then be presented. A high level cloud migration framework strategy and framework, with special emphasis on cybersecurity will also be discussed. In the second phase, System- Theoretic Accident Model and Processes (STAMP) which is based on Systems Theory will be applied to Target security breach and key recommendations as well as new insights will be presented. The analysis will highlight the need for holistic approach and Systems Thinking to cybersecurity and new insights that are not produced by traditional methods will be presented. Finally, in the third phase, the cloud migration framework discussed in phase one will be applied to Target. A case will be made that in certain scenarios, moving the less critical applications to cloud and utilizing the security benefits of cloud can actually reduce the threat vectors and security exposures and bring IT systems from a higher risk state to lower risk state. The thesis integrates cybersecurity methods and frameworks as well as security metrics with the cloud migration strategy. Additionally, it also presents STAMP/CAST failure model for cybersecurity breaches and highlights the need for integrated view of safety and security and Systems Thinking in cybersecurity both in traditional systems and cloud.en_US
dc.description.statementofresponsibilityby Ravi Raina.en_US
dc.format.extent124 pagesen_US
dc.language.isoengen_US
dc.publisherMassachusetts Institute of Technologyen_US
dc.rightsMIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission.en_US
dc.rights.urihttp://dspace.mit.edu/handle/1721.1/7582en_US
dc.subjectEngineering and Management Program.en_US
dc.subjectSystem Design and Management Program.en_US
dc.subjectEngineering Systems Division.en_US
dc.titleA systems perspective on cybersecurity in the cloud : frameworks, metrics and migration strategyen_US
dc.typeThesisen_US
dc.description.degreeS.M. in Engineering and Managementen_US
dc.contributor.departmentMassachusetts Institute of Technology. Engineering and Management Programen_US
dc.contributor.departmentSystem Design and Management Program.en_US
dc.identifier.oclc974911332en_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record