RISKS IDENTIFICATION AND RANKING IN INFORMATION TECHNOLOGY PROJECTS BASED ON CLOUD COMPUTING

Management delicacies in risks of information technology projects, are not always taking into consideration; that is why these projects neither achieve the anticipated profits, nor lead to success. Identifying the most important risks of information technology and assess their correlations has a key role in administrative decision making. Proper implementation of IT project depends on identifying and assessing the major risks of information technology projects. The purpose of this study is to identify and assess the relationship between risk factors by utilizing widely-known risks in Cloud Computing technology. Data were collected using an online questionnaire and email. Specialists in Cloud Computing Research Center of Amirkabir University constituted the study population .Among the Center’s professional members, 39people participated in the study. Eleven participants, who had the best conditions for scientific research, were selected by Delphi method. Among the 35 risk extracted from the library research, 19 crucial risks in Cloud Computing-based information technology projects in Iran were definitely approved and ranked. Given the level of risk and probability of occurrence; encounter strategy was determined. Risks related to "data protection" and "network breaks" received the highest risk ratings; Strategies to deal with it was determined as "totally avoidable". Risks, such as " distributed denial of service (DDoS)", " cloud provider malicious insider ","social engineering attacks (i.e. Impersonation)",and "illegal data leakage on up/download, intra-cloud " were placed at the next rank and the situation was called "dangerous" and strategies to deal with it were identified as "reduce the probability or risk impact" and a number of other strategies as "risk compliance ".

[1]  Stephanie Buck Libraries in the Cloud: Making a Case for Google and Amazon. , 2009 .

[2]  Nuria Lloret Romero,et al.  “Cloud computing” in library automation: benefits and drawbacks , 2012 .

[3]  Paul T. Jaeger,et al.  Cloud Computing and Information Policy: Computing in a Policy Cloud? , 2008 .

[4]  Rossouw von Solms,et al.  A Model for Information Security Management , 1993, Inf. Manag. Comput. Secur..

[5]  Kamal Dahbur,et al.  A survey of risks, threats and vulnerabilities in cloud computing , 2011, ISWSA '11.

[6]  Christopher Millard,et al.  Data protection jurisdiction and cloud computing – when are cloud users and providers subject to EU data protection law? The cloud of unknowing , 2012 .

[7]  Janice C. Sipior,et al.  The Internet Jurisdiction Risk of Cloud Computing , 2010, Inf. Syst. Manag..

[8]  Mitsuhisa Sato,et al.  D-Cloud: Design of a Software Testing Environment for Reliable Distributed Systems Using Cloud Computing Technology , 2010, 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing.

[9]  Matt Goldner Winds of Change: Libraries and Cloud Computing , 2010 .

[10]  Brian Hayes,et al.  What Is Cloud Computing? , 2019, Cloud Technologies.

[11]  Mark-Shane Scale,et al.  Assessing the Impact of Cloud Computing and Web Collaboration on the Work of Distance Library Services , 2010 .

[12]  CharlesH. Le Grand Cloud Security Issues that Impact BCM , 2012 .

[13]  Maria Azua Himmel Qualitative Analysis of Cloud Computing Risks and Framework for the Rationalization and Mitigation of Cloud Risks , 2012 .

[14]  Rossouw von Solms,et al.  A business approach to effective information technology risk analysis and management , 1996, Inf. Manag. Comput. Secur..

[15]  Cong Wang,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2011, IEEE Transactions on Parallel and Distributed Systems.

[16]  Shufen Zhang,et al.  Cloud Computing Research and Development Trend , 2010, 2010 Second International Conference on Future Networks.