ABSTRACT
Businesses take risks to earn returns. Best practice is for organizations to ensure that risks to services are assessed and managed. This chapter lays the foundation for rigorous risk assessment and management of user service quality risk based on ISO 31000, Risk Management Principles and Guidelines. The uncertainty-oriented definition of risk is best understood by considering two categories of risk: safety risk and enterprise risk. Organizations, including cloud service customers (CSCs), have a handful of basic risk treatment options that can be considered: replace or remove the risk source, change the risk likelihood, change the risk consequences, share the risk with external party, retain the risk, reject accountability and avoid the risk. Organizations typically have different risk appetites for different types of risk: no risk appetite, low risk appetite, moderate risk appetite and high risk appetite. Risk management is the second part of the overall process after risks have been identified and assessed, as in 'risk assessment and management.
