Adaptive Risk Management Framework for Cloud Computing

2017 ◽  
Author(s):  
Manel Medhioub ◽  
Mohamed Hamdi ◽  
Tai-Hoon Kim
Keyword(s):  
Cloud Computing ◽  
Risk Management ◽  
Management Framework ◽  
Risk Management Framework

scholarly journals Manajemen Risiko Infrastruktur Cloud Pemerintah Menggunakan Nist Framework Studi Kasus Lembaga Ilmu Pengetahuan Indonesia (LIPI)

2017 ◽  
Vol 7 (1) ◽  
pp. 17
Author(s):  
Wahyu Setyo Prabowo ◽  
Widyawan . ◽  
Noor A Setiawan ◽  
M. Hanif Muslim ◽  
Yoga S Utama
Keyword(s):  
Cloud Computing ◽  
Risk Management ◽  
Information Systems ◽  
Data Center ◽  
Management Framework ◽  
Risk Management Framework

<em>Lembaga Ilmu Pengetahuan Indonesia (LIPI) sejak tahun 2015 telah menggunakan teknologi </em>cloud computing<em> sebagai pengganti infrastruktur </em>data center<em> yang mengalami kerusakan. Teknologi ini merupakan hal baru bagi LIPI. Setiap penerapan teknologi baru, organisasi dihadapkan berbagai peluang dan risiko yang dapat mempengaruhi kinerja organisasi tersebut baik positif maupun negatif. Terlebih </em>cloud computing<em> merupakan salah satu skema outsourcing TIK sehingga manajemen risiko yang tepat harus dilaksanakan. Tujuan penelitian ini adalah melakukan manajemen risiko terhadap penggunaan teknologi </em>cloud computing<em> menggunakan </em>framework<em> yang tepat sehingga manfaat dari teknologi tersebut</em> <em>dapat diperoleh secara maksimal. Penelitian ini menggunakan </em>framework<em> NIST SP800-37 </em>revision<em> 1 </em>Guide for Applying the Risk Management Framework to Federal Information Systems<em>. Pemilihan </em>framework<em> ini karena sudah banyak diterima berbagai institusi baik pemerintah maupun profesional. Selain itu </em>framework<em> ini telah diadaptasi untuk bisa menyesuaikan dengan lingkungan </em>cloud<em>. Enam tahapan dalam framework ini hanya dapat dilaksanakan sampai tahapan ketiga karena keterbatasan penelitian. Hasil dari penelitian yang telah terlaksana sampai tahap ketiga adalah tersusunnya dokumen rencana keamanan yang merupakan bagian dari proses manajemen risiko. Diharapkan dokumen rencana keamanan yang berisi kategorisasi sistem informasi, tipe informasi, dan kontrol keamanan yang terpilih dapat diimplementasikan sehingga keamanan lingkunga </em>cloud<em> dapat terjamin.</em>

scholarly journals ERMOCTAVE: A Risk Management Framework for IT Systems Which Adopt Cloud Computing

2019 ◽  
Vol 11 (9) ◽  
pp. 195 ◽  
Author(s):  
Masky Mackita ◽  
Soo-Young Shin ◽  
Tae-Young Choe
Keyword(s):  
Cloud Computing ◽  
Risk Management ◽  
Enterprise Risk Management ◽  
Management Framework ◽  
Risk Management Framework ◽  
Vulnerability Evaluation ◽  
It Systems ◽  
Management Processes ◽  
Enterprise Risk

Many companies are adapting cloud computing technology because moving to the cloud has an array of benefits. During decision-making, having processed for adopting cloud computing, the importance of risk management is progressively recognized. However, traditional risk management methods cannot be applied directly to cloud computing when data are transmitted and processed by external providers. When they are directly applied, risk management processes can fail by ignoring the distributed nature of cloud computing and leaving numerous risks unidentified. In order to fix this backdrop, this paper introduces a new risk management method, Enterprise Risk Management for Operationally Critical Threat, Asset, and Vulnerability Evaluation (ERMOCTAVE), which combines Enterprise Risk Management and Operationally Critical Threat, Asset, and Vulnerability Evaluation for mitigating risks that can arise with cloud computing. ERMOCTAVE is composed of two risk management methods by combining each component with another processes for comprehensive perception of risks. In order to explain ERMOCTAVE in detail, a case study scenario is presented where an Internet seller migrates some modules to Microsoft Azure cloud. The functionality comparison with ENISA and Microsoft cloud risk assessment shows that ERMOCTAVE has additional features, such as key objectives and strategies, critical assets, and risk measurement criteria.

Developing and implementing the risk management framework into business processes of Gazprom transgaz Tomsk Ltd., for implementation of the Eastern gas program of PJSC Gazprom

2020 ◽  
Vol 17 (1) ◽  
pp. 68-77
Author(s):  
V. E. Zaikovsky ◽  
A. V. Karev
Keyword(s):  
Risk Management ◽  
Human Resources ◽  
Management Information System ◽  
Business Processes ◽  
Project Success ◽  
Management Information ◽  
Timely Manner ◽  
Project Approach ◽  
Management Framework ◽  
Risk Management Framework

Project success depends on the ability to respond to risks and make correct decisions in a timely manner. The project approach provides a better framework for implementing a new management system into the company’s business processes. The risk management framework developed by the company comprises a risk management infrastructure, a set of standards, human resources, and a risk management information system. To improve staff compliance, it is necessary to provide training and to communicate the goals of the project effectively. It is also important to develop a motivation system because well trained and motivated staff are able to work more efficiently.

Sign in / Sign up

Export Citation Format

Share Document