A Novel Risk Identification Framework for Cloud Computing Security

This paper introduces the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro methodology as a novel framework to identify risks for Cloud Computing. According to Cloud Security Alliance (CSA), before applying security controls in Cloud Computing, risks and threats must be effectively identified and assessed. OCTAVE Allegro approach being introduced is designed to allow broad assessment of Cloud Computing operational risk environment with the goal of producing more robust results without the need for extensive risk assessment knowledge. This approach differs from others by focusing primarily on information assets in the context of how they are used, where they are stored, transported, and processed, and how they are exposed to threats, vulnerabilities, and disruptions as a result.