• Title/Summary/Keyword: Cloud Risk

Search Result 148, Processing Time 0.025 seconds

The Impact of Perceived Risks and Switching Costs on Switching Intention to Cloud Services: Based on PPM Model (지각된 위험과 전환비용이 클라우드 서비스로의 전환의도에 미치는 영향에 관한 연구: PPM 모델 중심으로)

  • Lee, Seung Hee;Jeong, Seok Chan
    • The Journal of Information Systems
    • /
    • v.30 no.3
    • /
    • pp.65-91
    • /
    • 2021
  • Purpose In this study, we investigated the impact of perceived risk and switching costs on switching intention to cloud service based on PPM (Pull-Push-Mooring) model. Design/methodology/approach We focused on revealing the switching factors of the switching intention to the cloud services. The switching factors to the cloud services were defined as perceived risk consisting of performance risk, economic risk, and security risk, and switching costs consisting of financial and learning costs. On the PPM model, we defined the pull factors consisting of perceived usefulness and perceived ease of use, and the push factor as satisfaction of the legacy system, and the mooring factor as policy supports. Findings The results of this study as follows; (1) Among the perceived risk factors, performance risk has a negative effect on the ease of use of pull factors, and finally it was found to affect the switching intention to the cloud services. Therefore, cloud service providers need to improve trust in cloud services, service timeliness, and linkage to the legacy systems. And it was found that economic risk and security risk among the perceived risk factors did not affect the switching intention to the cloud services. (2) Of the perceived risk factors, financial cost and learning cost did not affect the satisfaction of the legacy system, which is a push factor. It indicates that the respondents are positively considering switching to cloud service in the future, despite the fact that the respondents are satisfied with the use of the legacy system and are aware of the switching cost to cloud service. (3) Policy support was found to improve the switching intention to cloud services by alleviating the financial and learning costs required for cloud service switching.

Leveraged BMIS Model for Cloud Risk Control

  • Song, YouJin;Pang, Yasheng
    • Journal of Information Processing Systems
    • /
    • v.10 no.2
    • /
    • pp.240-255
    • /
    • 2014
  • Cloud computing has increasingly been drawing attention these days. Each big company in IT hurries to get a chunk of meat that promises to be a whopping market in the future. At the same time, information is always associated with security and risk problems. Nowadays, the handling of these risks is no longer just a technology problem, with a good deal of literature focusing on risk or security management and framework in the information system. In this paper, we find the specific business meaning of the BMIS model and try to apply and leverage this model to cloud risk. Through a previous study, we select and determine the causal risk factors in cloud service, which are also known as CSFs (Critical Success Factors) in information management. Subsequently, we distribute all selected CSFs into the BMIS model by mapping with ten principles in cloud risk. Finally, by using the leverage points, we try to leverage the model factors and aim to make a resource-optimized, dynamic, general risk control business model for cloud service providers.

How to Manage Cloud Risks Based on the BMIS Model

  • Song, Youjin;Pang, Yasheng
    • Journal of Information Processing Systems
    • /
    • v.10 no.1
    • /
    • pp.132-144
    • /
    • 2014
  • Information always comes with security and risk problems. There is the saying that, "The tall tree catches much wind," and the risks from cloud services will absolutely be more varied and more severe. Nowadays, handling these risks is no longer just a technology problem. So far, a good deal of literature that focuses on risk or security management and frameworks in information systems has already been submitted. This paper analyzes the causal risk factors in cloud environments through critical success factors, from a business perspective. We then integrated these critical success factors into a business model for information security by mapping out 10 principles related to cloud risks. Thus, we were able to figure out which aspects should be given more consideration in the actual transactions of cloud services, and were able to make a business-level and general-risk control model for cloud computing.

Mitigating Threats and Security Metrics in Cloud Computing

  • Kar, Jayaprakash;Mishra, Manoj Ranjan
    • Journal of Information Processing Systems
    • /
    • v.12 no.2
    • /
    • pp.226-233
    • /
    • 2016
  • Cloud computing is a distributed computing model that has lot of drawbacks and faces difficulties. Many new innovative and emerging techniques take advantage of its features. In this paper, we explore the security threats to and Risk Assessments for cloud computing, attack mitigation frameworks, and the risk-based dynamic access control for cloud computing. Common security threats to cloud computing have been explored and these threats are addressed through acceptable measures via governance and effective risk management using a tailored Security Risk Approach. Most existing Threat and Risk Assessment (TRA) schemes for cloud services use a converse thinking approach to develop theoretical solutions for minimizing the risk of security breaches at a minimal cost. In our study, we propose an improved Attack-Defense Tree mechanism designated as iADTree, for solving the TRA problem in cloud computing environments.

The Effect of Perceived Risk and Trust on Users' Acceptance of Cloud Computing : Mobile Cloud Computing (인지된 위험과 신뢰가 Cloud Computing 사용의도에 미치는 영향 : 모바일 Cloud Computing을 중심으로)

  • Kim, Jun-Woo;Kim, Yong-Gu
    • Journal of Korean Society of Industrial and Systems Engineering
    • /
    • v.35 no.3
    • /
    • pp.70-76
    • /
    • 2012
  • This research tested how the perceived risk and the trust affect the usage intention of the cloud computing. To this end, this research setups a research model and tests it with the statistic tools. In order to build the model, TAM (Technology Acceptance Model) and UTAUT (Unified Theory of Acceptance and Use of Technology) were employed and, the factors such as the perceived risk, the trust and the intention of the cloud computing use were derived. This research finds that the perceived risk does not affect the intention of usage. Also the perceived risk has the negative effect for the trust. Thus this research has the following suggestions.

A Study on effective risk analysis and evaluation method of cloud computing system environment (클라우드컴퓨팅 시스템 환경의 효과적 위험분석평가 방법에 관한 연구)

  • Lee, Junglimg;Chang, Hangbae
    • Journal of Platform Technology
    • /
    • v.9 no.2
    • /
    • pp.10-25
    • /
    • 2021
  • Although many studies have been conducted on risk analysis and evaluation in the on-premises environment in information security, studies on effective methodologies of risk analysis and evaluation for cloud computing systems are lacking. In 2015, the Cloud Computing Development Act was enacted, which served as an opportunity to promote the introduction of cloud computing. However, due to the increase in security incidents in the cloud computing system, activation is insufficient. In addition, the cloud computing system is not being actively introduced because of the difficulty in understanding the cloud computing system technology of the person in charge who intends to introduce the cloud computing system. In this regard, this study presented an effective risk analysis and evaluation method by examining the characteristics, concepts, and models of cloud computing systems and analyzing how these characteristics affect risk analysis and evaluation.

Agent Based Information Security Framework for Hybrid Cloud Computing

  • Tariq, Muhammad Imran
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.1
    • /
    • pp.406-434
    • /
    • 2019
  • In general, an information security approach estimates the risk, where the risk is to occur due to an unusual event, and the associated consequences for cloud organization. Information Security and Risk Management (ISRA) practices vary among cloud organizations and disciplines. There are several approaches to compare existing risk management methods for cloud organizations but their scope is limited considering stereo type criteria, rather than developing an agent based task that considers all aspects of the associated risk. It is the lack of considering all existing renowned risk management frameworks, their proper comparison, and agent techniques that motivates this research. This paper proposes Agent Based Information Security Framework for Hybrid Cloud Computing as an all-inclusive method including cloud related methods to review and compare existing different renowned methods for cloud computing risk issues and by adding new tasks from surveyed methods. The concepts of software agent and intelligent agent have been introduced that fetch/collect accurate information used in framework and to develop a decision system that facilitates the organization to take decision against threat agent on the basis of information provided by the security agents. The scope of this research primarily considers risk assessment methods that focus on assets, potential threats, vulnerabilities and their associated measures to calculate consequences. After in-depth comparison of renowned ISRA methods with ABISF, we have found that ISO/IEC 27005:2011 is the most appropriate approach among existing ISRA methods. The proposed framework was implemented using fuzzy inference system based upon fuzzy set theory, and MATLAB(R) fuzzy logic rules were used to test the framework. The fuzzy results confirm that proposed framework could be used for information security in cloud computing environment.

The Effect of Cloud Service Risks on the Intention of Purchasing Real Options: Focusing on Public Cloud Service of Small and Medium-sized Enterprises (클라우드 서비스 위험이 실물옵션 채택의도에 미치는 영향: 중소기업의 퍼블릭 클라우드 서비스를 중심으로)

  • Kim, Jeong-eun;Yang, Hee-dong
    • Information Systems Review
    • /
    • v.17 no.1
    • /
    • pp.117-140
    • /
    • 2015
  • Cloud Computing has drawn attention as one of 10 IT strategic technology trends and has various advantages such as cost reduction and enhancing business flexibility. However, corporations hesitate to adopt the service because of unexpected risks. Especially compared to large firm, medium and small ones use public cloud that security risk is high. Meanwhile, real option strategy has drawn attention as the method to hedge uncertainty in IT projects. Therefore, in this study causal relationships among technical, security, relational, and economic risks of cloud service will be investigated. Eventually, this study investigates how those risks influence the intention to choose the real option about the cloud service. For this study, five hypotheses is drawn, and a survey is conducted about the medium and small firms which are currently using cloud service to examine hypotheses. Since the study is at organizational level, 287 questionnaire replies are recalculated to 120 firms. For statistical analysis, Smart PLS and SPSS Statistics18 are used. As a result, technical risk of cloud service has significantly positive influence on security risk. Second, security risk and relational risk of cloud service has significantly positive influence on economic risk. Third, economic risk of cloud service has significantly positive influence on the intention to purchase the delay option or abandon option. Based on this result, this research discussed practical and academic implications and the limitations.

Effect of Centralization in Decision Making Upon Real Option Utilization : Empirical Approach of Cloud Service Implementation in Korean Small & Medium Sized Firms (의사결정 집중화 수준과 불확실성이 실물옵션 활용에 미치는 영향에 대한 연구 : 국내 중소기업 클라우드 서비스 도입에 대한 연구)

  • Kim, Taeha;Nam, Seunghyeon;Yang, Heedong
    • Journal of Information Technology Applications and Management
    • /
    • v.24 no.4
    • /
    • pp.117-131
    • /
    • 2017
  • We question whether Korean IT managers consider real options to reduce risks of cloud service implementation. This work investigates the impact of technology risk, relationship risk, economy risk, security risk upon the intention of IT managers to utilize abandon & expansion options. We also analyze moderation effect of centralization level of decision making between these risks and the utilization of real options. Using the survey questionnaire, we empirically find that technology risk, relationship risk and security risk have significant effect upon abandon option and technology risk, relationship risk, and economy upon expansion option. We also find the evidence that centralization level moderates some risks and the direction of moderation effect is to offset the effect of risks on intention to utilize real options.

IP-CCTV Risk Decision Model Using AHP (Cloud Computing Based) (AHP를 활용한 IP-CCTV 위험 결정 모델 (클라우드 컴퓨팅 기반으로))

  • Jung, Sung-hoo;Lee, Kyung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.1
    • /
    • pp.229-239
    • /
    • 2018
  • This paper analyzes the problems of existing CCTV and discusses cyber security problems of IP-CCTV in cloud computing environment. In order to reduce the risk of simply removing the risk associated with the provision of cloud services, the risk analysis and counter-measures need to be carried out effectively. Therefore, the STRIDE model as the Threat Risk Modeling is used to analyze the risk factors, and Analytic Hierarchy Process(AHP) is used to measure risk priorities based on the analyzed threats.