{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T22:20:01Z","timestamp":1766269201974,"version":"3.37.3"},"reference-count":29,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2016,9,13]],"date-time":"2016-09-13T00:00:00Z","timestamp":1473724800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"European Commission (BE)","award":["FP7-ICT-2011-8-317550-A4CLOUD"],"award-info":[{"award-number":["FP7-ICT-2011-8-317550-A4CLOUD"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cloud Comp"],"published-print":{"date-parts":[[2016,12]]},"DOI":"10.1186\/s13677-016-0064-x","type":"journal-article","created":{"date-parts":[[2016,9,13]],"date-time":"2016-09-13T07:54:29Z","timestamp":1473753269000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":37,"title":["A risk assessment model for selecting cloud service providers"],"prefix":"10.1186","volume":"5","author":[{"given":"Erdal","family":"Cayirci","sequence":"first","affiliation":[]},{"given":"Alexandr","family":"Garaga","sequence":"additional","affiliation":[]},{"given":"Anderson","family":"Santana de Oliveira","sequence":"additional","affiliation":[]},{"given":"Yves","family":"Roudier","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,9,13]]},"reference":[{"unstructured":"Catteddu D, Hogben G (2009) Cloud Computing. Benefits, risks and recommendations for information security. Technical report. ENISA. http:\/\/www.enisa.europa.eu\/activities\/risk-management\/files\/deliverables\/cloud-computing-risk-assessment\/at_download . fullReport. Accessed 13 Aug 2015.","key":"64_CR1"},{"unstructured":"The Notorious Nine Cloud Computing Top Threats in 2013 (2013). Technical report, Cloud Security Alliance. https:\/\/downloads.cloudsecurityalliance.org\/initiatives\/top_threats\/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf . Accessed 13 Aug 2015.","key":"64_CR2"},{"unstructured":"Article 29 Data Protection Working Party, Opinion 05\/2012 on Cloud Computing (2012). http:\/\/ec.europa.eu\/justice\/data-protection\/article-29\/documentation\/opinion-recommendation\/files\/2012\/wp196_en.pdf . Accessed 13 Aug 2015.","key":"64_CR3"},{"unstructured":"Cloud Security Alliance, Security CSATrust & Assurance Registry (STAR). https:\/\/cloudsecurityalliance.org\/star\/ . Accessed 25 Jul 2014.","key":"64_CR4"},{"doi-asserted-by":"crossref","unstructured":"Cayirci E, Garaga A, Santana A, Roudier Y (2014) A Cloud Adoption Risk Assessment Model In: 2014 IEEE\/ACM 7th International Conference on Utility and Cloud Computing, 908\u2013913, doi:10.1109\/UCC.2014.148. http:\/\/ieeexplore.ieee.org\/lpdocs\/epic03\/wrapper.htm?arnumber=7027615 . Accessed 13 Aug 2015.","key":"64_CR5","DOI":"10.1109\/UCC.2014.148"},{"unstructured":"ISO 31000:2009. Risk management - Principles and guidelines (2009). Technical report, ISO\/IEC. http:\/\/www.iso.org\/iso\/catalogue_detail?csnumber=43170 . Accessed 13 Aug 2015.","key":"64_CR6"},{"unstructured":"ISO 31010:2009. Risk management - Risk assessment techniques (2009). Technical report, ISO\/IEC. http:\/\/www.iso.org\/iso\/catalogue_detail?csnumber=51073 . Accessed 13 Aug 2015.","key":"64_CR7"},{"unstructured":"ISO\/IEC 27005:2011 Information technology - Security techniques - Information security risk management (2011). Technical report, ISO\/IEC. http:\/\/www.iso.org\/iso\/catalogue_detail?csnumber=56742 . Accessed 13 Aug 2015.","key":"64_CR8"},{"unstructured":"NIST Special Publication 800-30 Revision 1: Guide for Conducting Risk Assessments (2012). Technical Report September, NIST. http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-30-rev1\/sp800_30_r1.pdf . Accessed 13 Aug 2015.","key":"64_CR9"},{"doi-asserted-by":"crossref","unstructured":"NIST Special Publication 800-37 Revision 1: Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approach (2010). Technical report, NIST. doi: http:\/\/dx.doi.org\/10.6028\/NIST.SP.800-30r1 . Accessed 13 Aug 2015.","key":"64_CR10","DOI":"10.6028\/NIST.SP.800-30r1"},{"unstructured":"COBIT 5. A Business Framework for the Governance and Management of Enterprise IT (2012). Technical report, ISACA. http:\/\/www.isaca.org\/cobit\/pages\/default.aspx . Accessed 13 Aug 2015.","key":"64_CR11"},{"unstructured":"Stone G, Noel P (2013) Cloud Risk Decision Framework. Technical report. Microsoft. http:\/\/download.microsoft.com\/documents\/australia\/enterprise\/SMIC1545_PDF_v7_pdf.pdf . Accessed 13 Aug 2015.","key":"64_CR12"},{"unstructured":"Cloud Security AllianceCloud Control Matrix (CCM). https:\/\/cloudsecurityalliance.org\/research\/ccm\/ . Accessed 25 Jul 2014.","key":"64_CR13"},{"doi-asserted-by":"crossref","unstructured":"Kaplan S, Garrick BJ, Kaplin S, Garrick GJ (1981) On the quantitative definition of risk. Risk Anal. 1(1): 11\u201327. doi: http:\/\/dx.doi.org\/10.1111\/j.1539-6924.1981.tb01350.x .","key":"64_CR14","DOI":"10.1111\/j.1539-6924.1981.tb01350.x"},{"doi-asserted-by":"crossref","unstructured":"Ezell BC, Bennett SP, von Winterfeldt D, Sokolowski J, Collins AJ (2010) Probabilistic Risk Analysis and Terrorism Risk. Risk Anal 30(4): 575\u2013589. doi: http:\/\/dx.doi.org\/10.1111\/j.1539-6924.2010.01401.x .","key":"64_CR15","DOI":"10.1111\/j.1539-6924.2010.01401.x"},{"unstructured":"Methodology for Privacy Risk Management; How to implement the Data Protection Act (2012). Technical report, CNIL. http:\/\/www.cnil.fr\/fileadmin\/documents\/en\/CNIL-ManagingPrivacyRisks-Methodology.pdf . Accessed 13 Aug 2015.","key":"64_CR16"},{"unstructured":"Cloud Security AllianceConsensus Assessment Initiative Questionnaire (CAIQ). https:\/\/cloudsecurityalliance.org\/research\/cai\/ . Accessed 25 Jul 2014.","key":"64_CR17"},{"unstructured":"Luna J, Ghani H, Vateva T, Suri N (2011) Quantitative Assessment of Cloud Security Agreements: A Case Study.","key":"64_CR18"},{"doi-asserted-by":"crossref","unstructured":"Luna J, Langenberg R, Suri N (2012) Benchmarking cloud security level agreements using quantitative policy trees In: Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop - CCSW \u201912, 103.. ACM Press, New York. doi: http:\/\/dx.doi.org\/10.1145\/2381913.2381932 . Accessed 13 Aug 2015.","key":"64_CR19","DOI":"10.1145\/2381913.2381932"},{"doi-asserted-by":"crossref","unstructured":"Habib SM, Ries S, Muhlhauser M (2011) Towards a Trust Management System for Cloud Computing In: 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, 933\u2013939. doi: http:\/\/dx.doi.org\/10.1109\/TrustCom.2011.129 . http:\/\/ieeexplore.ieee.org\/lpdocs\/epic03\/wrapper.htm?arnumber=6120922 . Accessed 13 Aug 2015.","key":"64_CR20","DOI":"10.1109\/TrustCom.2011.129"},{"unstructured":"Busby J, Langer L, Sch\u00f6ller M, Shirazi N, Smith P (2013) SEcure Cloud computing for CRitical infrastructure IT Deliverable: 3.1 Methodology for Risk Assessment and Management. Technical report, SECCRIT Project. http:\/\/www.ait.ac.at\/uploads\/media\/D3-1-Methodology-for-Risk-Assessment-and-Management.pdf . Accessed 13 Aug 2015.","key":"64_CR21"},{"unstructured":"SPECSSecure Provisioning of Cloud Services Based on SLA Management. http:\/\/www.specs-project.eu\/ . Accessed 13 Aug 2015.","key":"64_CR22"},{"doi-asserted-by":"crossref","unstructured":"Luna J, Taha A, Trapero R, Suri N (2015) Quantitative Reasoning About Cloud Security Using Service Level Agreements. IEEE Transactions on Cloud ComputingPP(99): 1\u20131. doi: http:\/\/dx.doi.org\/10.1109\/TCC.2015.2469659 .","key":"64_CR23","DOI":"10.1109\/TCC.2015.2469659"},{"doi-asserted-by":"crossref","unstructured":"Cayirci E (2013) A joint trust and risk model for MSaaS mashups In: 2013 Winter Simulations Conference (WSC), 1347\u20131358. doi: http:\/\/dx.doi.org\/10.1109\/WSC.2013.6721521 . http:\/\/ieeexplore.ieee.org\/lpdocs\/epic03\/wrapper.htm?arnumber=6721521 . Accessed 13 Aug 2015.","key":"64_CR24","DOI":"10.1109\/WSC.2013.6721521"},{"unstructured":"Cloud Security AllianceConsensus Assessments Initiative Questionnaire V1.1. https:\/\/cloudsecurityalliance.org\/download\/consensus-assessments-initiative-questionnaire-v1-1\/ Accessed 25 Jul 2014.","key":"64_CR25"},{"unstructured":"Machine Learning Group at the University of WaikatoWEKA 3: Data Mining Software in Java. http:\/\/www.cs.waikato.ac.nz\/ml\/weka\/ . Accessed 25 Jul 2014.","key":"64_CR26"},{"doi-asserted-by":"crossref","unstructured":"Habib SM, Varadharajan V, Muhlhauser M (2013) A Trust-Aware Framework for Evaluating Security Controls of Service Providers in Cloud Marketplaces In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 459\u2013468. doi: http:\/\/dx.doi.org\/10.1109\/TrustCom.2013.58 . http:\/\/ieeexplore.ieee.org\/lpdocs\/epic03\/wrapper.htm?arnumber=6680875 . Accessed 13 Aug 2015.","key":"64_CR27","DOI":"10.1109\/TrustCom.2013.58"},{"unstructured":"Cloud Accountability Project. http:\/\/www.a4cloud.eu\/ . Accessed 10 Aug 2015.","key":"64_CR28"},{"unstructured":"Garaga A, Santana de Oliveira A, Cayirci E, Dalla Corte L, Leenes R, Mhungu R, Stefanatou D, Tetrimida K, Felici M, Alnemr R, Pearson S, Vranaki A (2014) D:C-6.2 Prototype for the data protection impact assessment tool. Technical report, A4Cloud Project. http:\/\/www.a4cloud.eu\/sites\/default\/files\/D36.2\\%20Prototype\\%20for\\%20the\\%20data\\%20protection\\%20impact . %20assessment\\%20tool.pdf. Accessed 13 Aug 2015.","key":"64_CR29"}],"container-title":["Journal of Cloud Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13677-016-0064-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s13677-016-0064-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13677-016-0064-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,24]],"date-time":"2017-06-24T18:39:49Z","timestamp":1498329589000},"score":1,"resource":{"primary":{"URL":"http:\/\/journalofcloudcomputing.springeropen.com\/articles\/10.1186\/s13677-016-0064-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,9,13]]},"references-count":29,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2016,12]]}},"alternative-id":["64"],"URL":"https:\/\/doi.org\/10.1186\/s13677-016-0064-x","relation":{},"ISSN":["2192-113X"],"issn-type":[{"type":"electronic","value":"2192-113X"}],"subject":[],"published":{"date-parts":[[2016,9,13]]},"article-number":"14"}}