ABSTRACT
The sensitivity of the stored information needs to be considered against the security and privacy risks incurred. Cloud-based information systems are exposed to threats that can have adverse effects on organizational operations, organizational assets, individuals, and other organizations. Cloud providers develop cloud architectures and build cloud services that incorporate core functionality and operational features, including security and privacy controls that meet baseline requirements. The risk management framework applied to the cloud ecosystem from the consumer’s perspective can be used to address the security risks associated with cloud-based information systems by incorporating the outcome into the terms and conditions of the contracts with external cloud providers and cloud brokers. A challenge in comparing and selecting service offerings is that cloud providers may offer a default contract written from the provider’s perspective. Cloud providers use service-based agreements to describe their offerings and terms of service to potential cloud consumers.
