Next Article in Journal
Evaluating the Degree of Uncertainty of Research Activities in Industry 4.0
Previous Article in Journal
25 Years of Bluetooth Technology
Open AccessArticle

ERMOCTAVE: A Risk Management Framework for IT Systems Which Adopt Cloud Computing

1
ING Bank, B-1040 Brussels, Belgium
2
Department of IT Convergence Engineering, Kumoh National Institute of Technology, Gumi 39177, Korea
3
Department of Computer Engineering, Kumoh National Institute of Technology, Gumi 39177, Korea
*
Author to whom correspondence should be addressed.
Future Internet 2019, 11(9), 195; https://doi.org/10.3390/fi11090195
Received: 22 June 2019 / Revised: 31 August 2019 / Accepted: 3 September 2019 / Published: 10 September 2019
(This article belongs to the Section Network Virtualization and Edge/Fog Computing)
Many companies are adapting cloud computing technology because moving to the cloud has an array of benefits. During decision-making, having processed for adopting cloud computing, the importance of risk management is progressively recognized. However, traditional risk management methods cannot be applied directly to cloud computing when data are transmitted and processed by external providers. When they are directly applied, risk management processes can fail by ignoring the distributed nature of cloud computing and leaving numerous risks unidentified. In order to fix this backdrop, this paper introduces a new risk management method, Enterprise Risk Management for Operationally Critical Threat, Asset, and Vulnerability Evaluation (ERMOCTAVE), which combines Enterprise Risk Management and Operationally Critical Threat, Asset, and Vulnerability Evaluation for mitigating risks that can arise with cloud computing. ERMOCTAVE is composed of two risk management methods by combining each component with another processes for comprehensive perception of risks. In order to explain ERMOCTAVE in detail, a case study scenario is presented where an Internet seller migrates some modules to Microsoft Azure cloud. The functionality comparison with ENISA and Microsoft cloud risk assessment shows that ERMOCTAVE has additional features, such as key objectives and strategies, critical assets, and risk measurement criteria. View Full-Text
Keywords: risk management; ERM; OCTAVE; cloud computing; Microsoft Azure risk management; ERM; OCTAVE; cloud computing; Microsoft Azure
Show Figures

Figure 1

MDPI and ACS Style

Mackita, M.; Shin, S.-Y.; Choe, T.-Y. ERMOCTAVE: A Risk Management Framework for IT Systems Which Adopt Cloud Computing. Future Internet 2019, 11, 195.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map

1
Back to TopTop