ABSTRACT
However, cloud security risk management as a research eld and a set of methodologies, analyses, and techniques is still far from being a mature discipline. On the contrary, it is riddled with uncertainty derived from the still early stages of security risk analysis, especially applied to cloud systems, and the relatively poor experience in managing cloud risks. For these reasons there is still an ongoing debate about which risks should be considered cloud-speci c and new, which established
CONTENTS 8.1 Introduction 87 8.2 What Is Risk? 88
8.2.1 Risk and Uncertainty 88 8.2.2 Indirect Measurements and Metrics 88 8.2.3 Contractual Obligations and Uncertainty 89
8.3 De nitions of Risk 89 8.3.1 De nitions in Information Technology Standards 89
8.4 Risk and Cloud 91 8.4.1 Security Risks Not Speci c to Cloud Computing 91 8.4.2 Cloud-Speci c Risks 92
8.4.2.1 Fate Sharing 93 8.4.2.2 Mutual Auditability 93 8.4.2.3 Insider reats 94
8.5 Cloud Computing Risk Assessment and Management 94 8.5.1 Security SLA for Cloud Services 95
8.5.1.1 Cloud SLA 95 8.5.1.2 Cloud Audit and Assessment 96 8.5.1.3 Cloud Security SLA 97
8.6 Summary 99 Further Readings 99 References 99
risk-mitigating solutions and standards could be applied to the cloud environment, and so on.
