The MIT-IBM CloudSec 16: A Cloud Cybersecurity Benchmarking Framework

Lewke, Damien

Author(s)

Lewke, Damien

DownloadThesis PDF (2.430Mb)

Advisor

Weitzner, Daniel

Reynolds, Taylor

Terms of use

In Copyright - Educational Use Permitted Copyright retained by author(s) https://rightsstatements.org/page/InC-EDU/1.0/

Metadata

Show full item record

Abstract

This paper proposes a novel cloud security benchmarking framework and scoring system to improve cyber risk management. Cyber risk management is challenging and has become even more difficult as organizations digitally transform their business and IT from on-premises environments to cloud infrastructure. Threats proliferate as organizations’ attack surfaces expand due to shadow IT, software supply chain security, outsourced networking, and virtualization. Existing cyber risk management frameworks and controls are too exhaustive or generic and provide no means for organizations to assess their cyber risk against their peers. The MIT-IBM CloudSec 16 developed in this paper is a new security benchmarking framework and scoring system built specifically for cloud deployments in the financial service sector. When paired with MIT’s SCRAM secure computation platform, the MIT-IBM CloudSec 16 can provide an overview of cloud security in the financial service sector and enable organizations to and remediate areas of relative weakness.

Date issued

2023-06

URI

https://hdl.handle.net/1721.1/151640

Department

System Design and Management Program.

Publisher

Massachusetts Institute of Technology

Collections

Graduate Theses