A Risk Management Framework for Cloud Migration Decision Support

Islam, Shareeful; Fenz, Stefan; Weippl, Edgar; Mouratidis, Haralambos

doi:10.3390/jrfm10020010

Cited by 29 publications

(33 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Governments need to adopt an appropriate strategy to identify, manage and mitigate the risk. However, all the potential risks are difficult to identify, therefore a contingency risk management plan should be in place to manage and minimize the risks occurred during and after the framework implementation [23].…”

Section: E-government Modelmentioning

confidence: 99%

A Framework for Cloud Based E-Government from the Perspective of Developing Countries

Joshi

Islam

2017

Future Internet

Self Cite

View full text Add to dashboard Cite

Despite significant efforts to initiate electronic government projects, developing countries are still struggling to reap the benefits of using e-government services. An effective implementation of e-government infrastructure is necessary to increase the efficiency and transparency of the government services. There are several studies that observed causes like lack of infrastructure support, lack of payment gateway and improper e-government service delivery channel as main barriers to a wider adoption of e-government services. The main contribution of this research is to propose a cloud-based G2G (Government-to-government) e-government framework for a viable e-government solution from the perspective of developing countries. We have introduced a list of concepts and a systematic process to guide the implementation of e-government project based on the government's vision, goals, chosen services through the service delivery channel to the appropriate cloud service and deployment model. We have used Nepal as a context of the case study and applied the framework to a real e-government project of driving licensing department using action research methodology. The results from the study show that the G2G approach of e-government implementation would be the best for providing effective government services to the stakeholders of developing countries. The proposed framework also supports a smooth integration of government services and reduces the time of the overall project.

show abstract

Section: E-government Modelmentioning

confidence: 99%

A Framework for Cloud Based E-Government from the Perspective of Developing Countries

Joshi

Islam

2017

Future Internet

Self Cite

View full text Add to dashboard Cite

show abstract

“…The outcome of the framework will serve as the basis for the on-going operation of the system, which includes reassessment to verify that the cybersecurity requirements are fulfilled [27]. A particular goal driven risk management approach [28,29] emphasizes the identification of goals as objectives specific to the organization mission. Risks are considered as an obstruction to the goal so that identified risks are assessed based on which goals they oppose.…”

Section: Framework/standards/guidelinesmentioning

confidence: 99%

“…This step also identifies the current risk management practice for the CPS organization. We follow the NIST cyber security framework's implementation tiers for this purpose framework [28]. In particular, according to the framework, tiers range from 1 (partial) to 4 (adaptive).…”

Section: Activity 1: Risk Management Contextmentioning

confidence: 99%

“…The approach understands regulatory requirements and can translate them into control objectives for the organization. The existing frameworks and standards that will be considered for the risk management process will include, the NIST framework, ISO 31000:2009, ISO 27001:2013, and goal-driven risk management framework which will provide guidelines for risk management activities and also considers risk management as an important aspect of the overall organizational process [24,25,28,29]. …”

mentioning

confidence: 99%

See 1 more Smart Citation

An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System

2018

Self Cite

View full text Add to dashboard Cite

A cyber-physical system (CPS) is a combination of physical system components with cyber capabilities that have a very tight interconnectivity. CPS is a widely used technology in many applications, including electric power systems, communications, and transportation, and healthcare systems. These are critical national infrastructures. Cybersecurity attack is one of the major threats for a CPS because of many reasons, including complexity and interdependencies among various system components, integration of communication, computing, and control technology. Cybersecurity attacks may lead to various risks affecting the critical infrastructure business continuity, including degradation of production and performance, unavailability of critical services, and violation of the regulation. Managing cybersecurity risks is very important to protect CPS. However, risk management is challenging due to the inherent complex and evolving nature of the CPS system and recent attack trends. This paper presents an integrated cybersecurity risk management framework to assess and manage the risks in a proactive manner. Our work follows the existing risk management practice and standard and considers risks from the stakeholder model, cyber, and physical system components along with their dependencies. The approach enables identification of critical CPS assets and assesses the impact of vulnerabilities that affect the assets. It also presents a cybersecurity attack scenario that incorporates a cascading effect of threats and vulnerabilities to the assets. The attack model helps to determine the appropriate risk levels and their corresponding mitigation process. We present a power grid system to illustrate the applicability of our work. The result suggests that risk in a CPS of a critical infrastructure depends mainly on cyber-physical attack scenarios and the context of the organization. The involved risks in the studied context are both from the technical and nontechnical aspects of the CPS.

show abstract

“…When migrating to cloud, potential cloud users are expecting that cost for migration is reasonable level with no hidden cost, service and maintenance from third party should be at an expected level. In reality, decision for cloud migration is influenced by several factors that contribute for or against it such as financial support, security, continuity of services, data leakage efficiency and maintenance (Mastroeni and Naldi 2011;Islam et al 2016Islam et al , 2017. Therefore, it is necessary to understand whether cloud is a sustainable or non-sustainable solution for the business.…”

Section: Introductionmentioning

confidence: 99%

A Risk Management Approach for a Sustainable Cloud Migration

Rahman¹,

Islam

Kalloniatis

et al. 2017

JRFM

Self Cite

View full text Add to dashboard Cite

Cloud computing is not just about resource sharing, cost savings and optimisation of business performance; it also involves fundamental concerns on how businesses need to respond on the risks and challenges upon migration. Managing risks is critical for a sustainable cloud adoption. It includes several dimensions such as cost, practising the concept of green IT, data quality, continuity of services to users and clients, guarantee tangible benefits. This paper presents a risk management approach for a sustainable cloud migration. We consider four dimensions of sustainability, i.e., economic, environmental, social and technology to determine the viability of cloud for the business context. The risks are systematically identified and analysed based on the existing in house controls and the cloud service provider offerings. We use Dempster Shafer (D-S) theory to measure the adequacy of controls and apply semi-quantitative approach to perform risk analysis based on the theory of belief. The risk exposure for each sustainability dimension allows us to determine the viability of cloud migration. A practical migration use case is considered to determine the applicability of our work. The results identify the risk exposure and recommended control for the risk mitigation. We conclude that risks depend on specific migration case and both Cloud Service Provider (CSP) and users are responsible for the risk mitigation. Inherent risks can evolve due to the cloud migration.

show abstract

A Risk Management Framework for Cloud Migration Decision Support

Cited by 29 publications

References 16 publications

A Framework for Cloud Based E-Government from the Perspective of Developing Countries

A Framework for Cloud Based E-Government from the Perspective of Developing Countries

An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System

A Risk Management Approach for a Sustainable Cloud Migration

Contact Info

Product

Resources

About