ABSTRACT
The trust relation between cloud customers (CCs) and cloud service providers has to be established before CCs move their information systems to the cloud. A CC has a special challenge in risk assessment compared to conventional information technology customers. The risks can be associated with not only negative outcomes but also positive outcomes. Risk perception for the same scenario may be different from person to person even from time to time because the probabilities and consequences may be different for different people at different times. Risk analysis is a systematic examination of a risk scenario to understand its probability/likelihood and consequences. European Network and Information Security Agency’s risk scenarios are grouped in four categories: policy and organizational, technical, legal, and other scenarios not specific to cloud computing. A CC can assess the risk level related to a scenario qualitatively and understands what kind of vulnerabilities and assets are related to each scenario by examination.
