A Risk Management Framework for Cloud Migration Decision Support

Security is considered one of the top ranked risks of Cloud Computing (CC) due to the outsourcing of sensitive data onto a third party. In addition, the complexity of the cloud model results in a large number of heterogeneous security controls that must be consistently managed. Hence, no matter how strongly the cloud model is secured, organizations continue suffering from lack of trust on CC and remain uncertain about its security risk consequences. Traditional risk management frameworks do not consider the impact of CC security risks on the business objectives of the organizations. In this paper, we propose a novel Cloud Security Risk Management Framework (CSRMF) that helps organizations adopting CC identifies, analyze, evaluate, and mitigate security risks in their Cloud platforms. Unlike traditional risk management frameworks, CSRMF is driven by the business objectives of the organizations. It allows any organization adopting CC to be aware of cloud security risks and align their low-level management decisions according to high-level business objectives. In essence, it is designed to address impacts of cloud-specific security risks into business objectives in a given organization. Consequently, organizations are able to conduct a cost-value analysis regarding the adoption of CC technology and gain an adequate level of confidence in Cloud technology. On the other hand, Cloud Service Providers (CSP) is able to improve productivity and profitability by managing cloud-related risks. The proposed framework has been validated and evaluated through a use-case scenario.

This paper provides a comprehensive exploration of the Risk Management Framework (RMF) and its application in the context of cloud-based systems. Beginning with an overview of the RMF's significance in contemporary enterprise risk management, the paper systematically details the steps involved in the framework, categorizing them into Risk Assessment, Risk Treatment, and Risk Control. It further delves into the specific challenges and nuances of risk management for cloud-based systems, emphasizing the importance of risk identification, assessment, mitigation, and ongoing monitoring. The paper reviews existing risk assessment models, underscores the need for tailored approaches in cloud environments, and proposes strategies for effective risk mitigation. Additionally, it discusses the significance of real-time risk monitoring techniques, such as log analysis, threat intelligence, anomaly detection, and incident response. The paper also highlights the benefits of adopting the RMF for cloud computing, including enhanced security measures, improved decision-making processes, compliance alignment, and robust business continuity strategies.

Cloud computing has created a remarkable paradigm shift in the IT industry and brought several advantages such as on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. These advantages enabled cloud to have significant impact on different sectors of smart cites. However, cloud adoption has increased the sophistication of the ever changing security risks which frustrate enterprises on expanding their on-premises infrastructure towards cloud horizons. These risks have the potential of being a major concern for smart cities due to the increasing impact of cloud on them. Managing these security risks requires adopting effective risk management method which involve both the cloud service provider and the customer. The risk management frameworks currently applied to manage enterprise IT risks do not readily fit the cloud environment and the dynamic nature of clouds, which are characterized by on demand self-service and rapid elasticity. Therefore, researchers have proposed different cloud security risk management methods and frameworks. This paper critically reviews these risk management methods and frameworks. In addition, it conducts critical analysis on two of them using qualitative content analysis technique, and evaluates their effectiveness for assessing and mitigating cloud security risks.

The massive expansion of the Internet of medical things (IoMT) technology brings many opportunities for improving healthcare. At the same time, their use increases security risks, brings security and privacy concerns, and threatens the functioning of healthcare facilities or healthcare provision. This scoping review aims to identify progress in designing risk assessment and management frameworks for IoMT security. The frameworks found are divided into two groups according to whether frameworks address the technological design of risk management or assess technological measures to ensure the security of the IoMT environment. Furthermore, the article intends to find out whether frameworks also include an assessment of organisational measures related to IoMT security. This review was prepared using PRISMA ScR guidelines. Relevant studies were searched in the citation databases Web of Science and Scopus. The search was limited to articles published in English between 2018 and 17 September 2023. The initial search yielded 1341 articles, of which 44 (3.3%) were included in the scoping review. A qualitative content analysis focused on selected security perspectives and progress in the given area was carried out. Thirty-two articles describe the design of risk assessment and management frameworks. Twelve articles describe the design of frameworks for assessing the security of IoMT devices and possibly offer a comparison of different IoMT alternatives. A description of the included articles was prepared from the selected security perspectives. The review shows the need to create comprehensive or holistic frameworks for operational security and privacy risk management at all layers of the IoMT architecture. It includes the design of specific technological solutions and frameworks for continuously assessing the overall level of information security and privacy of the IoMT environment. Unfortunately, none of the found frameworks offer an assessment of organizational measures even though the importance of the organization measures was highlighted in articles. Another area of interest for researchers could be the design of a general risk management database for IoMT, which would include potential IoMT-related risks connected to a particular device.

Cloud computing has attracted more and more attention as it reduces the cost of IT infrastructure of organizations. In our country, business Cloud services, such as Alibaba Cloud, Huawei Cloud, QingCloud, UCloud and so on are gaining more and more uses, especially small or median organizations. In the cloud service scenario, the program and data are migrating into cloud, resulting the lack of trust between customers and cloud service providers. However, the recent study on Cloud computing is mainly focused on the service side, while the data security and trust have not been sufficiently studied yet. This paper investigates into the data security issues from data life cycle which includes five steps when an organization uses Cloud computing. A data management framework is given out, including not only the data classification but also the risk management framework. Concretely, the data is divided into two varieties, business and personal information. And then, four classification levels (high, medium, low, normal) according to the different extent of the potential adverse effect is introduced. With the help of classification, the administrators can identify the application or data to implement corresponding security controls. At last, the administrators conduct the risk assessment to alleviate the risk of data security. The trust between customers and cloud service providers will be strengthen through this way.

Organizations are now seriously considering adopting cloud into the existing business context, but migrating data, application and services into cloud doesn't come without substantial risks. These risks are the significant barriers for the wider cloud adoption. There are works that consolidate the existing work on cloud migration and technology. However, there is no secondary study that consolidates the state of the art research and existing practice on risk management in cloud computing. It makes difficult to understand the risks management trend, maturity, and research gaps. This paper investigates the state of the art research and practices relating to risk management in cloud computing and discusses survey results on migration goals and risks. The survey participants are practitioners from both public and private organizations of two different locations, i.e., UK and Malaysia. The authors identify and classify the relevant literature and systematically compare the existing works and survey results. The results show that most of the existing works do not consider the existing organization and business context for the risk assessment. The authors' study results also reveal that risk management in cloud computing research and practice is still not in a mature stage but gradually advancing. Finally, they propose a risk assessment approach and determine the relative importance of the migration goals from two real migration use cases.

Organizations are now seriously considering adopting cloud into the existing business context, but migrating data, application and services into cloud doesn't come without substantial risks. These risks are the significant barriers for the wider cloud adoption. There are works that consolidate the existing work on cloud migration and technology. However, there is no secondary study that consolidates the state of the art research and existing practice on risk management in cloud computing. It makes difficult to understand the risks management trend, maturity, and research gaps. This paper investigates the state of the art research and practices relating to risk management in cloud computing and discusses survey results on migration goals and risks. The survey participants are practitioners from both public and private organizations of two different locations, i.e., UK and Malaysia. The authors identify and classify the relevant literature and systematically compare the existing works and survey results. The results show that most of the existing works do not consider the existing organization and business context for the risk assessment. The authors' study results also reveal that risk management in cloud computing research and practice is still not in a mature stage but gradually advancing. Finally, they propose a risk assessment approach and determine the relative importance of the migration goals from two real migration use cases.

Toward Integrated Enterprise Risk Management, Model Risk Management & Cyber-Finance Risk Management: Bridging Networks, Systems and Controls Frameworks

Effective risk management plays a vital role in the successful implementation of pest control projects, offering benefits such as improved project quality, adherence to budgets, high stakeholder satisfaction, and timely completion. Despite these benefits, challenges in managing risks within pest control projects remain, highlighting the need for a structured and proactive approach to risk management. This study aimed to explore the influence of risk management practices, specifically risk identification, assessment, response, and review, on the successful implementation of organic pest control projects in Rwanda. This study will adopt Theory of Risk Perception and contingency theory and will use both descriptive and correlational designs, targeting an estimated population of 100 respondents from Agropy Ltd, including project managers, risk management officers, field officers, Laboratory Analyst and key stakeholders. Data was collected through questionnaires, interviews, and document reviews. A pilot test was conducted with 20 respondents to determine the instrument's ability to produce consistent results over time. The reliability of the research instrument (questionnaire) was assessed using Cronbach’s Alpha. Data was analyzed using descriptive and inferential statistics, including correlation and regression analysis. The findings for four hypotheses were tested at ?=.05 level of significance and the results were: risk identification (p = 0.000 < 0.05); risk assessment (p = 0.000 < 0.05); risk response (p = 0.000 < 0.05) and; risk review and control (p = 0.000 < 0.05), have no significant effect on performance of projects were rejected, confirming that all the risk management practices significantly affects the implementation of pest control projects. In conclusion, the study highlights the significant positive effect of risk management practices, including risk identification, assessment, response, and review in the successful implementation of pest control projects. It is recommended that organizations strengthen their risk management frameworks, involve stakeholders early in the process, prioritize comprehensive risk assessments, establish clear risk response strategies, and continuously monitor and adapt risk control measures. Future studies could explore the role of different stakeholders in pest control projects to further enhance risk management and project success.

From the beginning of 21st century, there has been an awareness of risk in the environment along with a growing concern for the continuing potential damage caused by hazards. In order to ensure environmental sustainability, a better understanding of natural disasters and their impacts is essential.It has been recognized that a holistic and integrated approach to environmental hazards needs to be attempted using common methodologies, such as risk analysis, which involves risk management and risk assessment. Indeed, risk management means reducing the threats posed by known hazards, whereas at the same time accepting unmanageable risks and maximizing any related benefits.The risk management framework involves evaluating the importance of a risk, either quantitatively or qualitatively. Risk assessment comprises three steps, namely risk identification (data base, event monitoring, statistical inference), risk estimation (magnitude, frequency, economic costs) and risk evaluation (cost-benefit analysis).Nevertheless, the risk management framework also includes a fourth step, risk governance, i.e. the need for a feedback of all the risk assessment undertakings. There is currently a lack of such feedback which constitutes a serious deficiency in the reduction of environmental hazards.This book emphasises methodological approaches and procedures of the three main components in the study of environmental hazards, namely forecasting nowcasting (before), monitoring (during) and assessment (after), based on geoinformatic technologies and data and simulation through examples and case studies.These are considered within the risk management framework and, in particular, within the three components of risk assessment, namely risk identification, risk estimation and risk evaluation. This approach is a contemporary and innovative procedure and constitutes current research in the field of environmental hazards.Environmental Hazards Methodologies for Risk Assessment and Management covers hydrological hazards (floods, droughts, storms, hail, desertification), biophysical hazards (frost, heat waves, epidemics, forest fires), geological hazards (landslides, snow avalanches), tectonic hazards (earthquakes, volcanoes), and technological hazards.This book provides a text and a resource on environmental hazards for senior undergraduate students, graduate students on all courses related to environmental hazards and risk assessment and management. It is a valuable handbook for researchers and professionals of environmental science, environmental economics and management, and engineering.ISBN: 9781780407128 (Paperback)ISBN: 9781780407135 (eBook)

New Risks: Issues and Management

Cloud computing technology has experienced exponential growth over the past few years. It provides many advantages for both individuals and organizations. However, at the same time, many issues have arisen due to the vast growth of cloud computing. Organizations often have concerns about the migration and utilization of cloud computing due to the loss of control over their outsourced resources and cloud computing is vulnerable to risks. Thus, a cloud provider needs to manage the cloud computing environment risks in order to identify, assess, and prioritize the risks in order to decrease those risks, improve security, increase confidence in cloud services, and relieve organizations’ concerns on the issue of using a cloud environment. Considering that a conventional risk management framework does not fit well with cloud computing due to the complexity of its environment, research in this area has become widespread. The aim of this paper is to review the previously proposed risk management frameworks for cloud computing and to make a comparison between them in order to determine the strengths and weaknesses of each of them. The review will consider the extent of the involvement and participation of consumers in cloud computing and other issues.

Cloudy.

Ex Ante vs. Ex Post: Economically Efficient Sanctioning Regimes for Online Risks

The study develops a process model of the implementation of IT risk management frameworks involving IT department individuals. The literature on IT risk management and specifically participation with IT risk management frameworks, is reviewed. The review indicates a need for process research to improve existing knowledge and practices in the domain of IT risk management. Specifically, the thesis addresses four research questions: (i) What IT culture could be identified during the implementation of ITRM for the first time? (ii) What factors and contextual conditions influence the implementation of ITRM? (iii) What are the processes IT managers go through when implementing ITRM within IT departments? (iv) How can these ITRM processes be depicted in a model? This qualitative study adopts a subjectivist epistemology, complemented with an interpretive paradigm and inductive reasoning. A series of nine case studies were designed around forty-two semi-structured in-depth interviews and were conducted to investigate how and why IT managers and their IT teams implemented risk management for the first time. The study focused on contextual and processual elements as well as the action of key players associated with implementation. The use of a Grounded theory− like qualitative analysis was particularly appropriate, generating a set of insights, issues, and propositions that addressed the critical individual and organisational elements involved in implementing IT risk management, elements to date largely overlooked in the risk management literature. The theory generated from the empirical findings suggests that the intentions and actions of IT department’s members (head of IT, senior IT management and operational IT groups), the processes they enact, as well as the organisational context into which they are implemented, critically influence IT risk management implementation. The findings provide new insights in relation to IT risk management implementation by considering IT individual culture. The thesis conceptualises IT risk management implementation as a cultural process through which IT managers socially construct the meanings and purposes of their work activities. These findings suggest a dynamic approach to implementing IT risk management framework — one that considers the interaction over time of intentions, context, process, and action around risk management frameworks. The research develops a substantive theory (Gregor, 2006) involving a schematic model involving five sub-process and a set of theoretical propositions. The thesis discusses the propositions by way of reference to the literature thereby enhancing the credibility and generalisability of theory building from case research. The last section presents an evaluation of the resulting theory by following the guidelines introduced by Sjoberg et al. (2008) for building behavioural theories in software engineering.