Wooley, Paul S.2011-07-062011-07-062011-02https://hdl.handle.net/1794/1139384 p. This paper was completed as part of the final research component in the University of Oregon Applied Information Management Master's Degree Program [see htpp://aim.uoregon.edu].Cloud computing services including Infrastructure as a Service promise potential cost savings for businesses by offering remote, scalable computing resources. However attractive these services are, they pose significant security risks to customer applications and data beyond what is expected using traditional on-premises architecture. This paper identifies three basic types of threats related to the IaaS layer and eight kinds of attacks. These are aligned within the CIA model as a way to determine security risk.en-USCloud computingC.I.A. securityInfrastructure as a ServiceIsaaSVirtual computingAttack surfaceApplied Information ManagementAIMDataOther