A Risk Management Framework for Cloud Migration Decision Support

Article

Islam, S., Fenz, Stefan, Weippl, Edgar and Mouratidis, Haralambos 2017. A Risk Management Framework for Cloud Migration Decision Support. Journal of Risk and Financial Management. 10 (2), p. 10. https://doi.org/10.3390/jrfm10020010

Publication dates
Authors	Islam, S., Fenz, Stefan, Weippl, Edgar and Mouratidis, Haralambos
Abstract	Managing risks is of paramount importance for enabling a widespread adoption of cloud computing. Users need to understand the risks associated with the process of migrating applications and data, so that appropriate mechanisms can be taken into consideration. However, risk management in cloud computing differs from risk management in a traditional computing environment due to the unique characteristics of the cloud and the users’ dependency on the cloud service provider for risk control. This paper presents a risk management framework to support users with cloud migration decisions. In particular, the framework enables users to identify risks, based on the relative importance of the migration goals and analyzed the risks with a semi-quantitative approach. This allows users to make accurate cloud migration decisions, based on specific migration scenarios. Our framework follows basic risk management principles and proposes a novel and structured process and a well-defined method for managing risks and making migration decisions. A practical migration use case about collaborative application such as e-mail and document migration is considered to demonstrate the applicability of our work. The results from the studied context show that risks in cloud computing mainly depend on the specific migration scenario and organization context. A cloud service provider is not alone responsible for mitigating all the risks; hence, depending on the type of risk, the cloud user is also responsible for risk mitigation.
Keywords	risk management framework; risk assessment; cloud migration; risk assessment security; analytic hierarchy process (AHP); business value
Journal	Journal of Risk and Financial Management
Journal citation	10 (2), p. 10
ISSN	1911-8074
	1911-8066
Year	2017
Publisher	MDPI, Basel, Switzerland.
Publisher's version	JRFM Islam S..pdf License CC BY
Digital Object Identifier (DOI)	https://doi.org/10.3390/jrfm10020010
Web address (URL)	https://doi.org/10.3390/jrfm10020010
Print	22 Apr 2017
Publication process dates
Deposited	01 Jun 2017
Accepted	10 Apr 2017
Funder	Austrian Science Fund
	Austrian Science Fund
Copyright information	© 2017 by the authors.

Permalink -

https://repository.uel.ac.uk/item/84w0x

Download files

Publisher's version

	JRFM Islam S..pdf
	License: CC BY

49
total views
98
total downloads
3
views this month
2
downloads this month

Export as

Related outputs

An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System

Kure, H., Islam, S. and Razzaque, Mohammad 2018. An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System. Applied Sciences. 8 (6), p. Art. 898. https://doi.org/10.3390/app8060898

E-Government Maturity Model for Sustainable E-Government Services from the Perspective of Developing Countries

Joshi, P. and Islam, S. 2018. E-Government Maturity Model for Sustainable E-Government Services from the Perspective of Developing Countries. Sustainability. 10 (6), p. Art. 1882. https://doi.org/10.3390/su10061882

Assets focus risk management framework for critical infrastructure cybersecurity risk management

Kure, H. and Islam, S. 2019. Assets focus risk management framework for critical infrastructure cybersecurity risk management. IET Cyber-Physical Systems. 4 (4), pp. 332-340. https://doi.org/10.1049/iet-cps.2018.5079

Cyber Threat Intelligence for Improving Cybersecurity and Risk Management in Critical Infrastructure

Kure, H. and Islam, S. 2019. Cyber Threat Intelligence for Improving Cybersecurity and Risk Management in Critical Infrastructure. Journal of Universal Computer Science. 25 (11), pp. 1478-1502.

A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control

Uddin, M., Islam, S. and Al-Nemrat, A. 2019. A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control. IEEE Access. 7 (Art. 166676). https://doi.org/10.1109/ACCESS.2019.2947377

Cyber Security Threat Modeling for Supply Chain Organizational Environments

Yeboah-Ofori, A. and Islam, S. 2019. Cyber Security Threat Modeling for Supply Chain Organizational Environments. Future Internet. 11 (3), p. Art. 63. https://doi.org/10.3390/fi11030063

Managing Social Engineering Attacks- Considering Human Factors and Security Investment

Alavi, R., Islam, S., Mouratidis, Haralambos and Lee, Sin Wee 2015. Managing Social Engineering Attacks- Considering Human Factors and Security Investment. in: Clarke, Nathan and Furnell, Steven (ed.) Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) Plymouth University. pp. 161-171

Agile Changes of Security Landscape: A Human Factors and Security Investment View

Alavi, R. and Islam, S. 2016. Agile Changes of Security Landscape: A Human Factors and Security Investment View. in: Clarke, Nathan and Furnell, Steven (ed.) Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016) Plymouth University.

A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives

Islam, S., Weippl, Edgar R. and Krombholz, Katharina 2014. A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives. in: Proceedings of the 16th International Conference on Information Integration and Web-based Applications & Services New York, NY, USA ACM. pp. 185-189

Sustainability forecast for cloud migration

Rahman, Alifah Aida Lope Abdul and Islam, S. 2015. Sustainability forecast for cloud migration. in: IEEE 9th International Symposium on the Maintenance and Evolution of Service-Oriented and Cloud-Based Environments (MESOCA) IEEE. pp. 31-35

Cloud Security Audit for Migration and Continuous Monitoring

Ismail, Umar Mukhtar, Islam, S. and Mouratidis, Haralambos 2015. Cloud Security Audit for Migration and Continuous Monitoring. in: 2015 IEEE Trustcom/BigDataSE/ISPA IEEE.

Measuring sustainability for an effective Information System audit from public organization perspective

Lope Abdul Rahman, Alifah Aida, Islam, S. and Al-Nemrat, A. 2015. Measuring sustainability for an effective Information System audit from public organization perspective. in: Research Challenges in Information Science (RCIS), 2015 IEEE 9th International Conference on IEEE. pp. 42-51

Towards Cloud Security Monitoring: A Case Study

Ismail, Umar Mukhtar, Islam, S. and Islam, S. 2016. Towards Cloud Security Monitoring: A Case Study. in: 2016 Cybersecurity and Cyberforensics Conference (CCC) IEEE.

A framework to support selection of cloud providers based on security and privacy requirements

Mouratidis, Haralambos, Islam, S., Kalloniatis, Christos and Gritzalis, Stefanos 2013. A framework to support selection of cloud providers based on security and privacy requirements. Journal of Systems and Software. 86 (9), pp. 2276-2293.

Evaluating cloud deployment scenarios based on security and privacy requirements

Kalloniatis, Christos, Mouratidis, Haralambos and Islam, S. 2013. Evaluating cloud deployment scenarios based on security and privacy requirements. Requirements Engineering. 18 (4), pp. 299-319. https://doi.org/10.1007/s00766-013-0166-7

An empirical study on the implementation and evaluation of a goal-driven software development risk management model

Islam, S., Mouratidis, Haralambos and Weippl, Edgar R. 2013. An empirical study on the implementation and evaluation of a goal-driven software development risk management model. Information and Software Technology. 56 (2), pp. 117-133. https://doi.org/10.1016/j.infsof.2013.06.003

Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts

Kalloniatis, Christos, Mouratidis, Haralambos, Vassilis, Manousakis, Islam, S., Gritzalis, Stefanos and Kavakli, Evangelia 2013. Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts. Computer Standards and Interfaces. 36 (4), pp. 759-775. https://doi.org/10.1016/j.csi.2013.12.010

An information security risk-driven investment model for analysing human factors

Alavi, R., Islam, S. and Mouratidis, Haralambos 2016. An information security risk-driven investment model for analysing human factors. Information and Computer Security. 24 (2), pp. 205-227.

A Framework for Security Transparency in Cloud Computing

Ismail, U., Islam, S., Ouedraogo, Moussa and Weippl, Edgar 2016. A Framework for Security Transparency in Cloud Computing. Future Internet. 8 (1), p. 5.

Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners

Islam, S., Fenz, Stefan, Weippl, Edgar and Kalloniatis, Christos 2016. Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners. International Journal of Secure Software Engineering. 7 (3), pp. 44-73. https://doi.org/10.4018/IJSSE.2016070103

Assurance of security and privacy requirements for cloud deployment models

Islam, S., Ouedraogo, Moussa, Kalloniatis, Christos, Mouratidis, Haralambos and Gritzalis, Stephanos 2015. Assurance of security and privacy requirements for cloud deployment models. IEEE Transactions on Cloud Computing. PP (99).

Human Factors in Software Security Risk Management

Islam, S. 2008. Human Factors in Software Security Risk Management. in: Proceedings of the first international workshop on Leadership and management in software architecture ACM. pp. 13-16

Software Development Risk Management Model – A Goal Driven Approach

Islam, S. 2009. Software Development Risk Management Model – A Goal Driven Approach. ESEC/FSE'09 Joint 12th European Software Engineering Conference (ESEC) and 17th ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE-17). Amsterdam, The Netherlands 24 - 28 Aug 2009 ACM.

Offshore-Outsourced Software Development Risk Management Model

Islam, S. 2009. Offshore-Outsourced Software Development Risk Management Model. pp. 514-519

Goal and Risk Factors in Offshore Outsourced Software Development From Vendor's Viewpoint

Islam, S. 2009. Goal and Risk Factors in Offshore Outsourced Software Development From Vendor's Viewpoint. 4th IEEE International Conference on Global Software Engineering. Limerick, Ireland 13 - 16 Jul 2009

Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec

Islam, S. 2009. Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec. Requirements Engineering Journal. 15 (1), pp. 63-93.

Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations

Islam, S., Mouratidis, Haralambos and Wager, Stefan 2010. Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations. in: Wieringa, Roel and Persson, Anne (ed.) Requirements Engineering: Foundation for Software Quality Springer.