[agents] CFP: Special Issue on Cloud Security Risk Management

Blink Yu blink.yu at mdpi.com
Mon Oct 14 22:18:51 EDT 2019 

(Apologies for any cross-posting)

CALL FOR PAPERS

Special Issue on
Cloud Security Risk Management

Guest Editor
Marco Cremonini, University of Milan, Italy

Information Journal
(http://www.mdpi.com/journal/information/)
ISSN 2078-2489, EI, Scopus, et. al. indexed open access journal.

Submission: April 1, 2020

CfP and submission instructions at :
https://www.mdpi.com/journal/information/special_issues/Cloud_Security_Risk_Management
____________________________________________________

”Information security is Information Risk Management" proclaimed Dan
Geer at the beginning of the century. After almost two decades, the
design and development of effective risk-based management strategies for
modern information systems, in particular with regard to cybersecurity
threats, proved to be still ridden with difficult technical and
non-technical challenges, like the insufficient adoption of quantitative
risk assessment approaches, integration of security risk monitoring
features with development and operation functions, or understanding of
human errors leading to security incidents. The advent of cloud
computing and its "as-a-Service" centralized nature has changed the
scenario of modern information systems and applications, for both
organizations and end-users, sometimes in unforeseen ways, for example
with respect to data management and protection, the availability and
accountability of online services, and even the advertising based
revenue model playing a key role in the current digital society. This
evolution has also changed the risk landscape, introducing new threats,
threat agents, and vectors. Cloud-based systems also introduced
different, more complex, cause-effect relations between risks and the
subjects possibly affected by their consequences. Similarly, risk
mitigation solutions, for example with respect to the role of assurance
and certifications, are subject to changes in a cloud-based context.
Overall, cloud security risk management needs innovative approaches
(e.g., analysis methodologies, models, simulations) to take into account
risks resulting from the technical infrastructure and risks emerging
from the complex network of relations between services, data, and
stakeholders. The typical dynamic nature of cloud infrastructures adds
an additional layer of complexity to security risk management, in term
of monitoring of dynamic systems and networks. Recent important
advances, like the integration between edge and cloud computing, are
going to raise further the degree of complexity. Regulatory compliance,
contractual obligations, and accountability are also important aspects
to be considered. Authors are invited to submit papers tackling with the
technical or non-technical problems and challenges posed by cloud
security risk management.

Topics include:
•	Risk assessment of cloud security risks
•	Cloud security vulnerabilities and risk-based prioritization
•	Risk in edge/cloud computing
•	Systemic risk to cloud infrastructures
•	Risk scenarios analyses and simulations
•	Cloud security risk assurance
•	Human and organizational errors
•	Economics of cloud security risk management
•	Legal and regulatory compliance challenges

Academics and practitioners are invited to submit papers for
consideration in the Special Issue.  Extended conference papers are
welcome, provided they have been revised to include at least 25% new
content.

To submit to this special issue and for Authors Instructions, please
visit the Manuscript Submission Information section at
https://www.mdpi.com/journal/information/special_issues/Cloud_Security_Risk_Management.

--
Mr. Blink Yu
Managing Editor
E-Mail: blink.yu at mdpi.com
Skype: live:c91693ac8277e1f0
-- 
MDPI Wuhan Office
No.6 Jingan Road, 430064 Wuhan, China

MDPI
Postfach, CH-4020 Basel, Switzerland
http://www.mdpi.com
-- 
Disclaimer: MDPI recognizes the importance of data privacy and
protection. We treat personal data in line with the General Data
Protection Regulation (GDPR) and with what the community expects of us.
The information contained in this message is confidential and intended
solely for the use of the individual or entity to whom they are
addressed. If you have received this message in error, please notify me
and delete this message from your system. You may not copy this message
in its entirety or in part, or disclose its contents to anyone.

More information about the agents mailing list