Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Download Publication

Home
Publications
CloudWatch2 Risk Based Decision Making Mechanisms For Cloud Service In The Public Sector
CloudWatch2 Risk Based Decision Making Mechanisms For Cloud Service In The Public Sector

CloudWatch2 Risk Based Decision Making Mechanisms For Cloud Service In The Public Sector

Release Date: 10/27/2016

Despite the undisputed advantages of cloud computing, customers (in particular Public
Administrations or PAs, and Small and Medium-sized Enterprises or SMEs) are still in need of
“meaningful” understanding of the security and risk management changes the cloud entails,
in order to assess if this new computing paradigm is “good enough” for their security
requirements. Traditional ICT risk management approaches usually adopt one-size-fits-all
methodologies relying on (security) experts, which are usually not adequate for small
organisations and Public Administrations (PA) that use relatively simple IT-components. One
of the main drivers of CloudWatch2 is to develop a simplified cloud risk
assessment/management approach, called “risk profile” in this document, with the requisite
that SMEs/PAs need simple, flexible, efficient and cost-effectivecloud security solutions.
This deliverable proposes a risk profiling methodology to assist PAs with the risk assessment
process from the perspective of a cloud service customer (CSC) procuring a suitable cloudbased service. The proposed approach also provides information to cloud partners (e.g.
cloud brokers) and CSPs, on the risk management methodology for cloud adoption used by a
(prospective) customer organization. Despite the fact that the main focus of this deliverable
being on PAs, we also discuss the appropriateness of the suggested risk profile methodology
for SMEs (to be further expanded inDeliverable 3.5 or D3.5).
This incremental report also presents a fresh approach to the problem of leveraging risk
profiles by analysing, from the risk management perspective, the specification of security in
mechanisms like Service Level Agreements (SLA) as a promising approach to empower PAs
(and also SMEs) in assessing and understanding their cloud requirements.
The next version of this deliverable (i.e. D3.5) will present the validation results of the
presented risk profiles, both for SMEs and PAs, based on real-world use cases and end-user
feedback. In addition D3.5 will further elaborate on end-user mechanisms/tools for
instantiating the proposed risk profiling methodology.
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
Related resources

Acknowledgements

Marina Bregkou
Marina Bregkou
Senior Research Analyst, CSA EMEA

Marina Bregkou

Senior Research Analyst, CSA EMEA

This person does not have a biography listed with CSA.

Damir Savanovic
Damir Savanovic

Damir Savanovic

Damir Savanovic (M) is an Associate Director - Cloud Controls Lead at Willis Towers Watson, leading a team of subject matter experts to address compliance and control requirements for multiple compliance frameworks within information and cybersecurity for a global financial institution.

As a security evangelist and subject matter expert in the areas of security governance, risk and compliance, data protection with over...

Read more

Jesus Luna Headshot Missing
Jesus Luna

Jesus Luna

This person does not have a biography listed with CSA.

Nicholas Ferguson Headshot Missing
Nicholas Ferguson

Nicholas Ferguson

This person does not have a biography listed with CSA.

Theodora Dragan Headshot Missing
Theodora Dragan

Theodora Dragan

This person does not have a biography listed with CSA.

Lucio Scudiero Headshot Missing
Lucio Scudiero

Lucio Scudiero

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Related Certificates & Training