Paradigm shift towards cloud computing offers plethora of advantages both for cloud users and Cloud Service Provider (CSP). For cloud users, it offers saving of cost, scaling of resources, pay per use, elastic and on-demand services. On the other hand, it offers centralized resource management and provisioning of operations, safety and security for CSP. By holding multiple virtual IT resources (CPUs, storage servers, network components and software) over the internet, Infrastructure-as-a-Service (IaaS) serves as fundamental layer for all other delivery models. Along with benefits of IaaS, there exists several security and privacy issues and threats to confidentiality, integrity, authentication, access control and availability. In this paper, detailed study of IaaS components, associated security and privacy issues are explored and counter measures for the same are determined. Furthermore, as a result of the study, Model for IaaS Security and Privacy (MISP) is proposed. The model presents a cubical structure and adds more features than the existing models to enhance the security and privacy of data and operations and guide security assessment for safer adoption by enterprises.