SECURE WEB APPLICATION MODEL FOR CYBERSECURITY ASSESSMENT OF CLOUD SERVICE PROVIDERS

Abstract

This article describes the developed model for assessing the security state of
cloud service providers on the Internet. The article presents the fully developed model along with all its
evaluation parameters. It provides an overview of the principles behind the construction of evaluation
parameters and their respective levels. Each evaluation parameter is presented in the form of formulas that
comprehensively describe the approach to assessing the security of cloud services for information
infrastructure objects. Additionally, a generalized view of the model will be presented in the form of a
diagram, including all evaluation parameters and groups of questions/answers used in the evaluation of
cloud service providers. Based on the developed principles and assessing parameters, a mathematical
evaluation model was built, which is the basis for developing a mathematical method and assessing system.

Keywords: cybersecurity, information security, assessment, mathematical model, audit, CSP, Cloud
Service Provider, IaaS, PaaS, CaaS, FaaS, SaaS

List of used literature:
1. Analysis of modern cloud services to ensure cybersecurity / Y. Pedchenko et al. Procedia
Computer Science. 2022. Vol. 207. P. 110–117. URL: https://doi.org/10.1016/j.procs.2022.09.043.
2. What Is Cloud Security? - Issues & Threats | Proofpoint US. Proofpoint. URL:
https://www.proofpoint.com/us/threat-reference/cloud-security.
3. What is Cyber Espionage? | CrowdStrikee. CrowdStrike: We Stop Breaches with AI-native
Cybersecurity. URL: https://www.crowdstrike.com/cybersecurity-101/cyberattacks/cyberespionage/.
4. Top 15 Cloud Security Issues, Threats and Concerns. Checkpoint. URL:
https://www.checkpoint.com/cyber-hub/cloud-security/what-is-cloud-security/top-cloud-securityissues-threats-and-concerns/.
5. Top 10 Security Issues in Cloud Computing: Insights and Solutions. Veritis Group. URL:
https://www.veritis.com/blog/top-10-security-issues-in-cloud-computing/.
6. ISO/IEC 27001:2022. ISO. URL: https://www.iso.org/standard/27001.
7. Morgan T. Cloud Spending Curtailed, On Premises Spending Heading Into Recession. The
Next Platform. URL: https://www.nextplatform.com/2023/04/03/cloud-spending-curtailed-onpremises-spending-heading-into-recession/.
8. Корченко О. Системи захисту інформації: Монографія. Київ : НАУ, 2004. 264 с.
9. Модель системи характеристик даних для оцінювання стану кіберзахисту в Україні /
О. Потій та ін. Збірник наукових праць Центрального науково-дослідного інституту Збройних
Сил України №4. 2023. Т. 107. С. 313–329.
10. Morgan T. Cloud Spending Curtailed, On Premises Spending Heading Into Recession. The
Next Platform. URL: https://www.nextplatform.com/2023/04/03/cloud-spending-curtailed-onpremises-spending-heading-into-recession/.
11. IaaS vs. CaaS vs. PaaS vs. FaaS vs. SaaS – What’s the difference?. Stample.
URL: https://stample.com/link/stamples/5ff3d43b60b2acfb9eb5ceb6/iaas-vs-caas-vs-paas-vs-faasvs-saas-whats-the-difference.