Login or signup to connect with paper authors and to register for specific Author Connect sessions (if available).
Enhancing Cloud Security Assessment Frameworks for the Generative AI Era: An Action Design Research Approach
Motahareh Pourbehzadi, Tra Le Nguyen Huong, Giti Javidi, Anita Luthra
This study addresses how cloud security assessment frameworks can evolve to counter risks introduced by Generative AI (GAI) in software development. Using Action Design Research, we identify gaps between the Cloud Security Alliance's Consensus Assessments Initiative Questionnaire (CAIQ) and NIST's Secure Software Development Framework (SSDF), focusing on AI-specific security considerations. We developed enhanced assessment questions addressing both traditional and AI-specific vulnerabilities, then evaluated their effectiveness by analyzing cybersecurity disclosures in 50 cloud vendors' 10-K filings using GPT-4o. Results reveal that while organizations implement traditional security measures, AI-specific practices—including model governance, adversarial testing, and incident response—remain underdeveloped. We contribute theoretical insights into evolving security frameworks and practical recommendations for strengthening cybersecurity in AI-driven cloud environments.
AuthorConnect Sessions
No sessions scheduled yet