Cloud risk analysis using OCTAVE Allegro : Identifying and analysing risks of a cloud service

Abstract: Cybersecurity is currently an important and relevant issue, as more and more industries are taking advantage of the accessibility of storing information online. To create a secure system one must know the potential risks and attacks on that system, making risk analysis a very potent tool. In this study, we performed such an analysis using the risk analysis method OCTAVE Allegro on a company providing a cloud-based service to find out what risks a cloud service provider might be exposed to, and the usefulness of said risk analysis method in this circumstance. We found that OCTAVE Allegro is suitable to use on smaller companies and applicable to cloud services, and the most severe risks identified were connected to leakage of client data with a consequence of damaging the company's reputation. Common areas of concern for these risks were third parties hacking the cloud server or other company systems to gain access to sensitive information. Such risks will likely be found at any company providing a cloud service that manages sensitive data, increasing the importance of risk analysis at these companies.