Author:
Faizi Ana,Padyab Ali,Naess Andreas
Abstract
Purpose
This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden.
Design/methodology/approach
Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices.
Findings
The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services.
Originality/value
As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.
Subject
Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems
Reference56 articles.
1. CSCCRA: a novel quantitative risk assessment model for SaaS cloud service providers;Computers,2019
2. Security risk assessment framework for cloud computing environments;Security and Communication Networks,2014
3. Assessing information security risks in the cloud: a case study of Australian local government authorities;Government Information Quarterly,2020
4. A survey on security risk management frameworks in cloud computing;Computer Science and Information Technology (CS and IT),2016
5. An exploratory study of current information security training and awareness practices in organizations,2018
Cited by
8 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Security Risk Assessment on Cloud: A Systematic Mapping Study;Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering;2024-06-18
2. Adapting to Change: Software Project Management in the Era of Security in Cloud Computing;Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering;2024-06-18
3. Strategic Approaches in Network Communication and Information Security Risk Assessment;Information;2024-06-14
4. IoT’s Impact on Nigeria’s Construction Industry: Unveiling Benefits in the Era of the 4th Industrial Revolution(4IR);2024 International Conference on Science, Engineering and Business for Driving Sustainable Development Goals (SEB4SDG);2024-04-02
5. Enhancing Cybersecurity in Nigeria: A Proposed Risk Management Framework for Universities;2024 International Conference on Science, Engineering and Business for Driving Sustainable Development Goals (SEB4SDG);2024-04-02