A Framework for Cloud Security Risk Management based on the Business Objectives of Organizations

Youssef, Ahmed E.

doi:10.14569/ijacsa.2019.0101226

Cited by 10 publications

(9 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Youssef's [119] work was in full support of the usage of existing risk analysis method as the bases of its assessment. Delphi quantitative risk assessment procedure was implemented in this study.…”

Section: Evaluation Results For Usage Of Existing Risk Management Techniquesmentioning

confidence: 95%

“…The works carried out by Youssef [119] and Rupra and Omamo [120] proposed cloudbased security assessment frameworks; the authors used Delphi quantitative assessment model and the objective question measurement method respectively. Their work did not follow BPLC and therefore, it has no support for the integration of SRM with BPLC.…”

Section: Business Process Life Cycle Evaluation Resultsmentioning

confidence: 99%

“…The works by Ali [110], Damasceno [111], Kozlov and Noga [113], Hutchings [115], Jakoubi [116], Belov [117], Ciovica [118], and Youssef [119] were not tested real-time. Therefore, these works need subjection to further analysis; they were not applied to any domain.…”

Section: Domain Applicability Evaluation Resultsmentioning

confidence: 99%

“…The works of Goettelman [10], Kateeb and Almadallah [109], Ali [110], Vasiljeva [108], Damasceno [111], Goettelman [112], Goettelman [114], Hutchings [115], Jakoubi [116], Belov [117], Ciovica [118], and Youssef [119] did not use security risk standards. Therefore, approaches proposed by these authors are no support of the usage of security risk standard.…”

Section: Evaluation Results For the Integration Of Security Risk Standardsmentioning

confidence: 99%

See 3 more Smart Citations

Cloud-Based Business Process Security Risk Management: A Systematic Review, Taxonomy, and Future Directions

et al. 2021

View full text Add to dashboard Cite

Despite the attractive benefits of cloud-based business processes, security issues, cloud attacks, and privacy are some of the challenges that prevent many organizations from using this technology. This review seeks to know the level of integration of security risk management process at each phase of the Business Process Life Cycle (BPLC) for securing cloud-based business processes; usage of an existing risk analysis technique as the basis of risk assessment model, usage of security risk standard, and the classification of cloud security risks in a cloud-based business process. In light of these objectives, this study presented an exhaustive review of the current state-of-the-art methodology for managing cloud-based business process security risk. Eleven electronic databases (ACM, IEEE, Science Direct, Google Scholar, Springer, Wiley, Taylor and Francis, IEEE cloud computing Conference, ICSE conference, COMPSAC conference, ICCSA conference, Computer Standards and Interfaces Journal) were used for the selected publications. A total of 1243 articles were found. After using the selection criteria, 93 articles were selected, while 17 articles were found eligible for in-depth evaluation. For the results of the business process lifecycle evaluation, 17% of the approaches integrated security risk management into one of the phases of the business process, while others did not. For the influence of the results of the domain assessment of risk management, three key indicators (domain applicability, use of existing risk management techniques, and integration of risk standards) were used to substantiate our findings. The evaluation result of domain applicability showed that 53% of the approaches had been testing run in real-time, thereby making these works reusable. The result of the usage of existing risk analysis showed that 52.9% of the authors implemented their work using existing risk analysis techniques while 29.4% of the authors partially integrated security risk standards into their work. Based on these findings and results, security risk management, the usage of existing security risk management techniques, and security risk standards should be integrated with business process phases to protect against security issues in cloud services.

show abstract

Section: Evaluation Results For Usage Of Existing Risk Management Techniquesmentioning

confidence: 95%

Section: Business Process Life Cycle Evaluation Resultsmentioning

confidence: 99%

Section: Domain Applicability Evaluation Resultsmentioning

confidence: 99%

Section: Evaluation Results For the Integration Of Security Risk Standardsmentioning

confidence: 99%

See 2 more Smart Citations

Cloud-Based Business Process Security Risk Management: A Systematic Review, Taxonomy, and Future Directions

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Hence, partnering with other organisations becomes a compelling reason to outsource IT. Through ITO, the client and service provider organisations form an ecosystem leveraging the role of the service provider to maintain the state-of-the-art technology infrastructure (Słoniec and González Rodriguez 2018 ; Youssef 2019 ).…”

Section: Related Workmentioning

confidence: 99%

Information security implications of using NLP in IT outsourcing: a Diffusion of Innovation theory perspective

2021

View full text Add to dashboard Cite

Information technology outsourcing (ITO) is a USD multi-trillion industry. There is growing competition among ITO service providers to improve their service deliveries. Natural language processing (NLP) is a technique, which can be leveraged to gain a competitive advantage in the ITO industry. This paper explores the information security implications of using NLP in ITO. First, it explores the use of NLP to enhance information security risk management (ISRM) in ITO. Then, it delves into the information security risks (ISRs) that may arise from the use of NLP in ITO. Finally, it proposes possible ISRM approaches to address those ISRs in ITO from the use of NLP. The study follows a qualitative approach using the case study method. Nine participants from three organisations (an ITO client, service provider and sub-contractor) engaged in an ITO relationship in the ICT industry were interviewed through a semi-structured questionnaire. The research findings were verified through a focus group. Case study scenarios are provided for a clear understanding of the findings. To the best of our knowledge, it is the first study to investigate the information security implications of the use of NLP in ITO.

show abstract

Research on the Integration of Business and Finance Based on the Background of Bulk Trade Risk Management and Control in Cloud Computing Environment

Zhang

Wei²

2023

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

A Framework for Cloud Security Risk Management based on the Business Objectives of Organizations

Cited by 10 publications

References 11 publications

Cloud-Based Business Process Security Risk Management: A Systematic Review, Taxonomy, and Future Directions

Cloud-Based Business Process Security Risk Management: A Systematic Review, Taxonomy, and Future Directions

Information security implications of using NLP in IT outsourcing: a Diffusion of Innovation theory perspective

Research on the Integration of Business and Finance Based on the Background of Bulk Trade Risk Management and Control in Cloud Computing Environment

Contact Info

Product

Resources

About