Week 4 Discussion: After Reading The Articles Below, Answer ✓ Solved

Posted on December 14, 2025

Week 4 discussion: After reading the articles below, answer

Week 4 discussion: After reading the articles below, answer the following two questions: 1) What are some of the potential risks involved with cloud computing? 2) Does the research and model in these articles propose a viable solution to cloud-based risk management? Reading Assignments: Mackita, M., Shin, S.-Y., & Choe, T.-Y. (2019). ERMOCTAVE: A Risk Management Framework for IT Systems Which Adopt Cloud Computing. Future Internet, 11(9), 195. Puchley, T., & Toppi, C. (2018). ERM: Evolving From Risk Assessment to Strategic Risk Management. HFM (Healthcare Financial Management), 1–5. Deliverable: a 300-word response in APA format with in-text citations and references.

Paper For Above Instructions

Introduction

Cloud computing delivers agility, scalability, and cost efficiencies, but it also introduces a set of technical, organizational, and regulatory risks that must be managed strategically (Armbrust et al., 2010; Mell & Grance, 2011). This paper summarizes key cloud risks and evaluates whether the ERMOCTAVE framework and the enterprise risk management (ERM) perspectives from the assigned readings (Mackita et al., 2019; Puchley & Toppi, 2018) offer a viable approach to cloud-based risk management.

Key Potential Risks in Cloud Computing

Security and data breaches: Multi-tenant architectures and shared infrastructure increase attack surfaces; cross-VM side channels and misconfigurations have led to data leakage incidents (Ristenpart et al., 2009; Subashini & Kavitha, 2011). Compliance and legal risk: Data residency, cross-border transfers, and differing regulatory regimes can cause noncompliance with privacy and sectoral laws (ENISA, 2012; Pearson & Benameur, 2010). Loss of control and visibility: Moving assets to third-party providers reduces direct control over infrastructure, complicating monitoring, incident response, and forensic analysis (Mell & Grance, 2011; NIST SP 800-144, 2011).

Availability and resilience risk: Dependence on provider SLAs and potential for large-scale outages can disrupt operations (Armbrust et al., 2010). Vendor lock-in and portability: Proprietary APIs and data formats make migration costly and risky, affecting long-term strategic flexibility (Subashini & Kavitha, 2011). Shared-technology vulnerabilities and virtualization flaws create systemic risk where single vulnerabilities affect many tenants (Ristenpart et al., 2009).

Insider threat and governance: Provider personnel or poorly governed customer processes may expose data. Finally, supply-chain and third-party risks extend upstream: orchestration tools, managed services, and open-source components introduce additional dependencies (Cloud Security Alliance, 2017).

ERMOCTAVE and ERM: Overview

Mackita et al. (2019) propose ERMOCTAVE, an adaptation of the OCTAVE risk assessment methodology tailored for cloud-adopting IT systems. ERMOCTAVE emphasizes asset-centric identification, cloud-specific threat scenarios, and a structured set of controls and mitigation plans. Puchley and Toppi (2018) frame ERM as a shift from siloed risk assessment to strategic, enterprise-wide risk governance that integrates risk appetite, board oversight, and decision-making across business units.

Does ERMOCTAVE and ERM Provide a Viable Solution?

Alignment with enterprise strategy: ERMOCTAVE's adaptation to cloud contexts complements the ERM perspective by situating cloud risks within enterprise risk appetite and strategic objectives. Puchley and Toppi (2018) argue ERM is necessary to elevate technical risks into board-level decisions; ERMOCTAVE can provide the technical inputs ERM requires (Puchley & Toppi, 2018; Mackita et al., 2019).

Strengths: ERMOCTAVE introduces cloud-specific threat modeling, improved asset classification for cloud deployments, and recommended control mappings that align with industry guidance (Mackita et al., 2019). The framework is consistent with best practices from NIST and ENISA, and meshes with Cloud Security Alliance control catalogs by mapping technical controls to business risks (NIST SP 800-144, 2011; ENISA, 2012; Cloud Security Alliance, 2017).

Limitations and practical challenges: ERMOCTAVE is largely methodological and requires organizational commitment, resourcing, and skilled practitioners to operationalize (Mackita et al., 2019). It does not by itself resolve vendor lock-in or supply-chain complexities; these require contractual, architectural, and strategic remediation (Subashini & Kavitha, 2011). Additionally, empirical validation at scale is limited in the published article; real-world effectiveness will depend on integration with existing ERM processes, continuous monitoring, and metrics that feed governance dashboards (Puchley & Toppi, 2018).

Operationalization concerns: Integrating ERMOCTAVE outputs into enterprise dashboards, SLAs, and incident response requires translation layers and governance alignment. ERM frameworks emphasize board-level oversight and risk appetite definitions; without these, technical frameworks cannot drive prioritization or funding decisions (Puchley & Toppi, 2018).

Practical Recommendations

Adopt a hybrid approach: Use ERMOCTAVE for cloud-specific threat identification and control mapping, and embed its outputs into an ERM-led governance cycle that defines risk appetite, prioritizes risk treatments, and tracks remediation (Mackita et al., 2019; Puchley & Toppi, 2018). Leverage standards and toolchains: Combine ERMOCTAVE assessments with continuous monitoring solutions aligned to NIST and CSA controls to maintain visibility and automate evidence collection (NIST SP 800-144, 2011; Cloud Security Alliance, 2017).

Contractual and architectural measures: Negotiate SLAs that include measurable security and availability metrics, and design for portability and multi-cloud patterns to reduce vendor lock-in (Armbrust et al., 2010; Subashini & Kavitha, 2011). Ensure regular third-party audits and supply-chain risk assessments (ENISA, 2012).

Conclusion

Cloud computing presents a multifaceted risk landscape—security, compliance, availability, and governance among the foremost concerns (Armbrust et al., 2010; Ristenpart et al., 2009). ERMOCTAVE provides a focused, asset-driven methodology for identifying cloud-specific threats and mapping mitigations, while ERM elevates those technical findings into strategic decision-making (Mackita et al., 2019; Puchley & Toppi, 2018). Together they form a viable solution in principle; success depends on organizational integration, continuous monitoring, contractual rigor, and empirical validation. Practitioners should therefore adopt ERMOCTAVE outputs within an ERM governance cycle and reinforce them with standards-based controls and automated monitoring to manage cloud-based risks effectively.

References

Mackita, M., Shin, S.-Y., & Choe, T.-Y. (2019). ERMOCTAVE: A Risk Management Framework for IT Systems Which Adopt Cloud Computing. Future Internet, 11(9), 195.
Puchley, T., & Toppi, C. (2018). ERM: Evolving From Risk Assessment to Strategic Risk Management. HFM (Healthcare Financial Management), 1–5.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50–58.
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. National Institute of Standards and Technology.
Ristenpart, T., Tromer, E., Shacham, H., & Savage, S. (2009). Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. Proceedings of the 16th ACM Conference on Computer and Communications Security.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1–11.
ENISA. (2012). Cloud computing: Benefits, risks and recommendations for information security. European Network and Information Security Agency.
Cloud Security Alliance. (2017). Cloud Controls Matrix (CCM) v3.0.1. Cloud Security Alliance.
Pearson, S., & Benameur, A. (2010). Privacy, security and trust issues arising from cloud computing. 2010 IEEE Second International Conference on Cloud Computing Technology and Science.
NIST. (2011). NIST Special Publication 800-144: Guidelines on Security and Privacy in Public Cloud Computing. National Institute of Standards and Technology.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.