ABSTRACT
This chapter presents a survey of some of the most relevant cloud security risk management studies and analyses. The reason for that is to be found neither in cloud or security technologies nor in risk management, taken individually, but in the combination of information technology issues with risk management methodologies. Insufficient due diligence was often found to be one of the main threats to cloud computing adoption. Cloud forensics is harder than for traditional systems for many of the specific characteristics of cloud computing. The problem is even exacerbated when complex cloud supply chains are taken into account, with services offered by a cloud service provider (CSP) resulting from the coordinated composition of different services from different CSPs. The chapter discusses cloud security risk management, a topic that is widely debated in general in information security and, as a consequence, but also with several peculiarities, for cloud computing.
