International Journal on Advanced Science, Engineering and Information Technology, Vol. 10 (2020) No. 1, pages: 106-111, DOI:10.18517/ijaseit.10.1.10169

Risk Evaluation Using Nominal Group Technique for Cloud Computing Risk Assessment in Healthcare

Nurbaini Zainuddin, Rasimah Che Mohd Yusuff, Ganthan Narayana Samy

Abstract

Emerging of cloud computing with flexibility, improve accessing data, and cost-saving makes this technology accessible and growing fast. As a result of the emergence of cloud computing bring interest to industries to used cloud computing. Although cloud computing brings so many benefits to customers, the previous study reveals that cloud computing penetration in the Healthcare area is still low. With effective cloud risk assessment methodology will gain the confidence to cloud users in this technology. Study in cloud risk assessment methodology still infant and the complexity in identifying security risk still debating. This paper explores the risk assessment process by highlighting the method in the risk evaluation process. Risk evaluation is an essential phase in the risk assessment process. It compares the result from the risk analysis process and determines whether to accept or tolerate the risk criteria to decide on the risk analysis. In this study, the Nominal Group Technique (NGT) is introduced to compare risk analysis results in the earlier phase. Since risk evaluation based on organizational objectives, external and internal context and stakeholders' views, NGT is promising for effective results. This study not only contributing to the prioritizing list of risks and threats in a systematical manner but indirectly NGT process makes stakeholders aware of the current cloud security risk situation in the organization. Equal opportunity expressing views in this focus group discussion is hope can generate a brilliant solution in risk assessment results.

Keywords:

cloud computing; risk assessment; nominal group technique; STRIDE-DREAD model; risk evaluation.

Viewed: 235 times (since Sept 4, 2017)

cite this paper     download