{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T22:30:10Z","timestamp":1766269810607,"version":"build-2065373602"},"reference-count":122,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2021,11,26]],"date-time":"2021-11-26T00:00:00Z","timestamp":1637884800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>Despite the attractive benefits of cloud-based business processes, security issues, cloud attacks, and privacy are some of the challenges that prevent many organizations from using this technology. This review seeks to know the level of integration of security risk management process at each phase of the Business Process Life Cycle (BPLC) for securing cloud-based business processes; usage of an existing risk analysis technique as the basis of risk assessment model, usage of security risk standard, and the classification of cloud security risks in a cloud-based business process. In light of these objectives, this study presented an exhaustive review of the current state-of-the-art methodology for managing cloud-based business process security risk. Eleven electronic databases (ACM, IEEE, Science Direct, Google Scholar, Springer, Wiley, Taylor and Francis, IEEE cloud computing Conference, ICSE conference, COMPSAC conference, ICCSA conference, Computer Standards and Interfaces Journal) were used for the selected publications. A total of 1243 articles were found. After using the selection criteria, 93 articles were selected, while 17 articles were found eligible for in-depth evaluation. For the results of the business process lifecycle evaluation, 17% of the approaches integrated security risk management into one of the phases of the business process, while others did not. For the influence of the results of the domain assessment of risk management, three key indicators (domain applicability, use of existing risk management techniques, and integration of risk standards) were used to substantiate our findings. The evaluation result of domain applicability showed that 53% of the approaches had been testing run in real-time, thereby making these works reusable. The result of the usage of existing risk analysis showed that 52.9% of the authors implemented their work using existing risk analysis techniques while 29.4% of the authors partially integrated security risk standards into their work. Based on these findings and results, security risk management, the usage of existing security risk management techniques, and security risk standards should be integrated with business process phases to protect against security issues in cloud services.<\/jats:p>","DOI":"10.3390\/computers10120160","type":"journal-article","created":{"date-parts":[[2021,11,29]],"date-time":"2021-11-29T01:49:58Z","timestamp":1638150598000},"page":"160","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Cloud-Based Business Process Security Risk Management: A Systematic Review, Taxonomy, and Future Directions"],"prefix":"10.3390","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3373-396X","authenticated-orcid":false,"given":"Temitope","family":"Abioye","sequence":"first","affiliation":[{"name":"Department of Computer Science, Federal University of Agriculture, Abeokuta 2240, Nigeria"}]},{"given":"Oluwasefunmi","family":"Arogundade","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Federal University of Agriculture, Abeokuta 2240, Nigeria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3556-9331","authenticated-orcid":false,"given":"Sanjay","family":"Misra","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Communication, Ostfold University College, 1783 Halden, Norway"}]},{"given":"Kayode","family":"Adesemowo","sequence":"additional","affiliation":[{"name":"School of ICT, Nelson Mandela University, Port Elizabeth 6031, South Africa"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9990-1084","authenticated-orcid":false,"given":"Robertas","family":"Dama\u0161evi\u010dius","sequence":"additional","affiliation":[{"name":"Department of Software Engineering, Kaunas University of Technology, 51368 Kaunas, Lithuania"}]}],"member":"1968","published-online":{"date-parts":[[2021,11,26]]},"reference":[{"key":"ref_1","first-page":"507984","article-title":"Business process management: A comprehensive survey","volume":"2013","year":"2013","journal-title":"ISRN Softw. Eng."},{"key":"ref_2","unstructured":"Mahal, A. (2010). How Work Gets Done: Business Process Management, Basics and Beyond, Technics Publications, LLC."},{"key":"ref_3","unstructured":"Damelio, R. (2011). The Basics of Process Mapping, Taylor & Francis."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1797","DOI":"10.1186\/s40064-016-3498-1","article-title":"Business process performance measurement: A structured literature review of indicators, measures and metrics","volume":"5","author":"Shafagatova","year":"2016","journal-title":"SpringerPlus"},{"key":"ref_5","unstructured":"Harmon, P. (2010). Business Process Change: A Guide for Business Managers and BPM and Six Sigma Professionals, Morgan Kaufmann. [2nd ed.]."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"137","DOI":"10.1145\/1496091.1496100","article-title":"A Break in the Clouds: Towards a Cloud Definition","volume":"39","author":"Vaquero","year":"2008","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"ref_7","unstructured":"NIST (2012). The NIST Definition of Cloud Computing, Gartner."},{"key":"ref_8","first-page":"1","article-title":"Intelligence-Led Policing","volume":"248","author":"Ratcliffe","year":"2003","journal-title":"Trends Issues Crime Crim. Justice"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1016\/j.cose.2015.02.001","article-title":"Selecting a trusted cloud service provider for your SaaS program","volume":"50","author":"Tang","year":"2015","journal-title":"Comput. Secur."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Goettelmann, E., Mayer, N., and Godart, C. (2013, January 28\u201331). A general approach for a trusted deployment of a business process in clouds. Proceedings of the Fifth International Conference on Tangible, Embedded, and Embodied Interaction, Luxembourg.","DOI":"10.1145\/2536146.2536164"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Chen, D., and Zhao, H. (2012, January 23\u201325). Data Security and Privacy Protection Issues in Cloud Computing. Proceedings of the 2012 International Conference on Computer Science and Electronics Engineering, Hangzhou, China.","DOI":"10.1109\/ICCSEE.2012.193"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Jansen, W.A. (2011, January 4\u20137). Cloud Hooks: Security and Privacy Issues in Cloud Computing. Proceedings of the 2011 44th Hawaii International Conference on System Sciences, Kauai, HI, USA.","DOI":"10.1109\/HICSS.2011.103"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"250","DOI":"10.1016\/j.giq.2016.01.012","article-title":"Beyond the Castle Model of cyber-risk and cyber-security","volume":"33","author":"Leuprecht","year":"2016","journal-title":"Gov. Inf. Q."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"e67","DOI":"10.2196\/jmir.1867","article-title":"Opportunities and challenges of cloud computing to improve health care services","volume":"13","year":"2011","journal-title":"J. Med. Internet Res."},{"key":"ref_15","first-page":"31","article-title":"Survey on data security issues in cloud environment","volume":"2","author":"Bhagawat","year":"2015","journal-title":"Int. J. Innov. Res. Adv. Eng."},{"key":"ref_16","first-page":"100","article-title":"History-aware Real-time Risk Detection in Business Processes","volume":"Volume 7044","author":"Meersman","year":"2011","journal-title":"CoopIS, DOA-SVI, and ODBASE LNCS"},{"key":"ref_17","unstructured":"Kitchenham, B. (2004). Procedures for Perfoming Systematic Review, Empirical Software Engineering, National ICT Australia Ltd. Joint Technical Report."},{"key":"ref_18","unstructured":"Kitchenham, B. (2007). Guideline for Performing Systematic Literature Reviews in Software Engineering, University of Keele and Durham. Version 2.3."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"571","DOI":"10.1016\/j.jss.2006.07.009","article-title":"Lessons from applying the systematic literature review process within the software engineering domain","volume":"80","author":"Brereton","year":"2007","journal-title":"J. Syst. Softw."},{"key":"ref_20","unstructured":"Biolchini, J., Mian, P.G., Natali, A.C.C., and Travassos, G.H. (2005). Systematic Review in Software Engineering, Systems Engineering and Computer Science Department COPPE\/UFRJ."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Jakoubi, S., Tjoa, S., Goluch, G., and Quirchmayr, G. (September, January 31). A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management. Proceedings of the 2009 20th International Workshop on Database and Expert Systems Application, DEXA\u201909, Linz, Austria.","DOI":"10.1109\/DEXA.2009.71"},{"key":"ref_22","unstructured":"Rikhardsson, P., Best, P., Green, P., and Rosemann, M. (2020, September 03). Business Process Risk Management and Internal Control: A Proposed Research Agenda in the Context of Compliance and ERP Systems. Available online: https:\/\/eprints.qut.edu.au\/5192."},{"key":"ref_23","first-page":"52","article-title":"Current Research in Risk-aware Business Process Management\u2015Overview, Comparison, and Gap Analysis","volume":"34","author":"Suriadi","year":"2014","journal-title":"Commun. Assoc. Inf. Syst. (CAIS)"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1016\/S0925-5273(03)00102-6","article-title":"Business process modeling: Review and framework","volume":"90","year":"2004","journal-title":"Int. J. Prod. Econ."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1007\/s00766-021-00348-2","article-title":"Risk-aware business process management using multi-view modeling: Method and tool","volume":"26","author":"Thabet","year":"2021","journal-title":"Requir. Eng."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.compind.2020.103199","article-title":"BPRIM: An integrated framework for business process management and risk management","volume":"117","author":"Lamine","year":"2020","journal-title":"Comput. Ind."},{"key":"ref_27","unstructured":"Dixon, J. (2011). BPM Survey Insights: Maturity Advances as BPM Goes Mainstream, Gartner."},{"key":"ref_28","unstructured":"Dixon, J., and Jones, T. (2011). Hype Cycle for Business Process Management, Gartner."},{"key":"ref_29","unstructured":"Vollmer, K., Leganza, G., Pilecki, M., and Smillie, K. (2008). The EA View: BPM Has Become Mainstream, Forrester."},{"key":"ref_30","unstructured":"Gengler, B. (2020, September 03). BPM to Buck Slowing Spend Trend. The Australian. Available online: http:\/\/www.theaustralian.com.au\/news\/."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Dumas, M., Van der Aalst, V., and ter Hofstede, V. (2005). Process-Aware Information Systems: Bridging People and Software through Process Technology, John Wiley & Sons.","DOI":"10.1002\/0471741442"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Dumas, M., La Rosa, M., Mendling, J., and Reijers, H.A. (2013). Fundamentals of Business Process Management, Springer.","DOI":"10.1007\/978-3-642-33143-5"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"155","DOI":"10.1108\/BPMJ-12-2015-0175","article-title":"The BPM lifecycle: How to incorporate a view external to the organization through dynamic capability","volume":"23","author":"Bernardo","year":"2017","journal-title":"Bus. Process Manag. J."},{"key":"ref_34","first-page":"110","article-title":"Do Clouds Compute? A Framework for Estimating the Value of Cloud Computing","volume":"22","author":"Klems","year":"2009","journal-title":"Lect. Notes Bus. Inf. Process."},{"key":"ref_35","unstructured":"Cearley, D. (2009). Hype Cycle for Applications Development, Gartner. Gartner Group Reporter Number G00147982."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1145\/1721654.1721672","article-title":"A view of cloud computing","volume":"53","author":"Armbrust","year":"2010","journal-title":"Commun. ACM"},{"key":"ref_37","first-page":"234","article-title":"Cloud Computing for Increased Business Value","volume":"3","author":"Aljabre","year":"2012","journal-title":"Int. J. Bus. Soc. Sci."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Morin, J.-H., Aubert, J., and Gateau, B. (2012, January 4\u20137). Towards Cloud Computing SLA Risk Management: Issues and Challenges. Proceedings of the 2012 45th Hawaii International Conference on System Sciences, Maui, HI, USA.","DOI":"10.1109\/HICSS.2012.602"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Jiang, S. (2018, January 25\u201327). Research on Risk Evaluation of Information Security Based on Cloud Computer. Proceedings of the 2018 International Conference on Internet and e-Business, Singapore.","DOI":"10.1145\/3230348.3230404"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1109\/MCC.2014.27","article-title":"A Cloud Security Risk-Management Strategy","volume":"1","author":"Choo","year":"2014","journal-title":"IEEE Cloud Comput."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Gupta, S., and Saini, A.K. (2016, January 25\u201327). Modeling Risk Management in Cloud Adoption. Proceedings of the IEEE 5th International Conference on System Modeling & Advancement in Research Trends, Moradabad, India.","DOI":"10.1109\/SYSMART.2016.7894527"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Razaque, A., Li, Y., Liu, Q., Khan, M.J., Doulat, A., Almiani, M., and Alflahat, A. (November, January 28). Enhanced Risk Minimization Framework for Cloud Computing Environment. Proceedings of the 2018 IEEE\/ACS 15th International Conference on Computer Systems and Applications (AICCSA), Aqaba, Jordan.","DOI":"10.1109\/AICCSA.2018.8612785"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Islam, S., Fenz, S., Weippl, E., and Mouratidis, H. (2017). A Risk Management Framework for Cloud Migration Decision Support. J. Risk Financ. Manag., 10.","DOI":"10.3390\/jrfm10020010"},{"key":"ref_44","unstructured":"Gupta, S., Saxena, K.B.C., and Saini, A.K. (2016, January 8\u201310). Towards Risk Managed Cloud Adoption: A Conceptual Framework. Proceedings of the 2016 International Conference on Industrial Engineering and Operations Management, Kuala Lumpur, Malaysia."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Basu, S., Sengupta, A., and Mazumdar, C. (2017, January 24\u201326). A Quantitative Methodology for Cloud Security Risk Assessment. Proceedings of the 7th International Conference Proceedings on Cloud Computing and Services Science (CLOSER 2017), Porto, Portugal.","DOI":"10.5220\/0006294401200131"},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Al-Anzi, F.S., Yadav, S.K., and Soni, J. (2014, January 5\u20136). Cloud Computing: Security Model Comprising Governance, Risk Management and Compliance. Proceedings of the 2014 International Conference on Data Mining and Intelligent Computing (ICDMIC), Delhi, India.","DOI":"10.1109\/ICDMIC.2014.6954232"},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Aruna, E., Shri, A., and Lakkshmanan, A. (2013, January 12\u201314). Security concerns and risk at different levels in Cloud Computing. Proceedings of the 2013 International Conference on Green Computing, Communication and Conservation of Energy (ICGCE), Chennai, India.","DOI":"10.1109\/ICGCE.2013.6823532"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Aswin, M., and Kavitha, M. (2012, January 19\u201321). Cloud intelligent track\u2014Risk analysis and privacy data management in the cloud computing. Proceedings of the 2012 International Conference on Recent Trends in Information Technology, Chennai, India.","DOI":"10.1109\/ICRTIT.2012.6206752"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1109\/TSC.2015.2491281","article-title":"Towards Achieving Data Security with the Cloud Computing Adoption Framework","volume":"9","author":"Chang","year":"2016","journal-title":"IEEE Trans. Serv. Comput."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Dahbur, K., Mohammad, B., and Tarakji, A.B. (2011, January 18\u201320). A survey of risks, threats and vulnerabilities in cloud computing. Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications, Amman, Jordan.","DOI":"10.1145\/1980822.1980834"},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Damenu, T.K., and Balakrishna, C. (2015, January 9\u201311). Cloud Security Risk Management: A Critical Review. Proceedings of the 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies, Cambridge, UK.","DOI":"10.1109\/NGMAST.2015.25"},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1109\/TCC.2014.2344653","article-title":"A Risk Assessment Framework for Cloud Computing","volume":"4","author":"Djemame","year":"2014","journal-title":"IEEE Trans. Cloud Comput."},{"key":"ref_53","unstructured":"El Kefel, M.D., and Mohamed, B. (2013, January 29\u201331). Risk Management in Cloud Computing. Proceedings of the 2013 Third International Conference on Innovative Computing Technology (INTECH), London, UK."},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Khan, A.U., Oriol, M., Kiran, M., Jiang, M., Djemame, K., and Khan, A.U. (2012, January 3\u20136). Security risks and their management in cloud computing. Proceedings of the 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings, Taipei, Taiwan.","DOI":"10.1109\/CloudCom.2012.6427574"},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Marbukh, V. (July, January 27). Systemic Risks in the Cloud Computing Model: Complex Systems Perspective. Proceedings of the 2016 IEEE 9th International Conference on Cloud Computing (CLOUD), San Francisco, CA, USA.","DOI":"10.1109\/CLOUD.2016.0124"},{"key":"ref_56","doi-asserted-by":"crossref","first-page":"2114","DOI":"10.1002\/sec.923","article-title":"Security risk assessment framework for cloud computing environments","volume":"7","author":"Albakri","year":"2014","journal-title":"Secur. Commun. Netw."},{"key":"ref_57","first-page":"143","article-title":"Survey: Risk Assessment for Cloud Computing","volume":"4","author":"Drissi","year":"2013","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_58","doi-asserted-by":"crossref","unstructured":"Wu, J., Wang, Z., and Gao, S. (2014, January 25\u201327). Assessing the cloud migration readiness: A fuzzy AHP approach based on BTR framework. Proceedings of the 2014 11th International Conference on Service Systems and Service Management (ICSSSM), Beijing, China.","DOI":"10.1109\/ICSSSM.2014.6943352"},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Xie, F., Peng, Y., Zhao, W., Chen, D., Wang, X., and Huo, X. (November, January 30). A risk management framework for cloud computing. Proceedings of the 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems, Hangzhou, China.","DOI":"10.1109\/CCIS.2012.6664451"},{"key":"ref_60","first-page":"39","article-title":"Combining Business Intelligence with Cloud Computing to Delivery Agility in Actual Economy","volume":"45","author":"Mircea","year":"2012","journal-title":"J. Econ. Comput. Econ. Cybern. Stud. Res."},{"key":"ref_61","doi-asserted-by":"crossref","unstructured":"Islam, S., Weippl, E.R., and Krombholz, K. (2014, January 4). A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives. Proceedings of the 16th International Conference on Information Integration and Web-based Applications & Services, Hanoi, Vietnam.","DOI":"10.1145\/2684200.2684354"},{"key":"ref_62","doi-asserted-by":"crossref","unstructured":"Griffy-Brown, C., Lazarikos, D., and Chun, M. (July, January 28). Agile Business Growth and Cyber Risk. Proceedings of the 2018 IEEE Technology and Engineering Management Conference (TEMSCON), Evanston, IL, USA.","DOI":"10.1109\/TEMSCON.2018.8488397"},{"key":"ref_63","unstructured":"Chen, W., Sharieh, S., and Blainey, B. (2018, January 15\u201318). A Security-as-a-Service Solution for Applications in Cloud Computing Environment. Proceedings of the Society for Modeling and Simulation (SCS) International, Baltimore, MD, USA."},{"key":"ref_64","doi-asserted-by":"crossref","unstructured":"Peake, C. (2012, January 13\u201315). Security in the cloud: Understanding the risks of cloud-as-a-service. Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST), Waltham, MA, USA.","DOI":"10.1109\/THS.2012.6459871"},{"key":"ref_65","doi-asserted-by":"crossref","first-page":"98","DOI":"10.1016\/j.jnca.2016.08.016","article-title":"On cloud security attacks: A taxonomy and intrusion detection and prevention as a service","volume":"74","author":"Iqbal","year":"2016","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_66","first-page":"465","article-title":"Security Risk Quantification Mechanism for Infrastructure as a Service Cloud Computing Platforms","volume":"23","author":"Fall","year":"2015","journal-title":"J. Inf. Process."},{"key":"ref_67","doi-asserted-by":"crossref","unstructured":"Hussain, M., and Abdulsalam, H. (2011, January 5\u20137). SECaaS: Security as a Service for Cloud-based Applications. Proceedings of the 2nd Kuwait Conference on E-Services and E-Systems, Kuwait City, Kuwait.","DOI":"10.1145\/2107556.2107564"},{"key":"ref_68","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1186\/1869-0238-4-11","article-title":"Adoption of security as a service","volume":"4","author":"Senk","year":"2013","journal-title":"J. Internet Serv. Appl."},{"key":"ref_69","doi-asserted-by":"crossref","unstructured":"Al-Qurishi, M., Al-Rakhami, M., AlRubaian, M., and Alamri, A. (2015, January 23). A Framework of Knowledge Management as a Service over Cloud Computing Platform. Proceedings of the International Conference on Big Data and Internet of Thing, IPAC\u201915, Batna, Algeria.","DOI":"10.1145\/2816839.2816908"},{"key":"ref_70","unstructured":"Duan, Y., Fu, G., Zhou, N., Sun, X., Narendra, N.C., and Hu, B. (July, January 27). Everything as a Service (XaaS) on the Cloud: Origins, Current and Future Trends. Proceedings of the 8th International Conference on Cloud Computing, New York, NY, USA."},{"key":"ref_71","doi-asserted-by":"crossref","first-page":"315","DOI":"10.1016\/j.cose.2012.01.003","article-title":"Applying security policies and service level agreement to IaaS service model to enhance security and transition","volume":"31","author":"Karadsheh","year":"2012","journal-title":"Comput. Secur."},{"key":"ref_72","first-page":"32","article-title":"Offering security diagnosis as a service for cloud SaaS applications","volume":"44","author":"Elsayed","year":"2018","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_73","doi-asserted-by":"crossref","first-page":"232","DOI":"10.1016\/j.dss.2011.07.007","article-title":"Opportunities and risks of software-as-a-service: Findings from a survey of IT executives","volume":"52","author":"Benlian","year":"2011","journal-title":"Decis. Support Syst."},{"key":"ref_74","first-page":"15","article-title":"R-BPM: Uma Metodologia para Gerenciamento de Processos de Neg\u00f3cios Consciente dos Riscos","volume":"9","author":"Ferreira","year":"2016","journal-title":"Rev. Bras. Sist. Inf. Rio J."},{"key":"ref_75","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1023\/B:ELEC.0000009282.06809.c5","article-title":"Security analysis of electronic business process","volume":"4","author":"Knorr","year":"2004","journal-title":"Electron. Commer. Res."},{"key":"ref_76","unstructured":"Taubenberger, S., and J\u00fcrjen, J. (2008, January 28). IT Security Risk Analysis Based on Business Process Models Enhanced with Security Re-quirements. Proceedings of the Workshop on Modelling Security (MODSEC08) Held as Part of the 2008 International Conference on Model Driven Engineering Languages and Systems (MODELS), Toulouse, France."},{"key":"ref_77","doi-asserted-by":"crossref","first-page":"149","DOI":"10.1016\/S0378-7206(03)00044-2","article-title":"The IS risk analysis based on a business model","volume":"41","author":"Suh","year":"2003","journal-title":"Inf. Manag."},{"key":"ref_78","doi-asserted-by":"crossref","first-page":"187","DOI":"10.1002\/sys.20054","article-title":"Integration of risk identification with business process models","volume":"9","author":"Lambert","year":"2006","journal-title":"Syst. Eng."},{"key":"ref_79","doi-asserted-by":"crossref","unstructured":"Bhandari, R., and Suman, U. (2015, January 10\u201312). Secure integrated framework for business processes. Proceedings of the International Conference on Computer Communication and Control (IC4), Indore, India.","DOI":"10.1109\/IC4.2015.7375726"},{"key":"ref_80","doi-asserted-by":"crossref","first-page":"647","DOI":"10.1109\/TASE.2014.2362819","article-title":"Modeling and verification of online shopping business processes by considering malicious behavior patterns","volume":"13","author":"Yu","year":"2016","journal-title":"IEEE Trans. Autom. Sci. Eng."},{"key":"ref_81","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/2192-113X-1-11","article-title":"A quantitative analysis of current security concerns and solutions for cloud computing","volume":"1","author":"Gonzalez","year":"2012","journal-title":"J. Cloud Comput. Adv. Syst. Appl."},{"key":"ref_82","doi-asserted-by":"crossref","unstructured":"Bouayad, A., Blilat, A., Mejhed, N.E.H., and El Ghazi, M. (2012, January 22\u201324). Cloud computing: Security challenges. Proceedings of the 2012 Colloquium in Information Science and Technology, Fez, Morocco.","DOI":"10.1109\/CIST.2012.6388058"},{"key":"ref_83","doi-asserted-by":"crossref","unstructured":"Almorsy, M., Grundy, J., and Ibrahim, A.S. (2011, January 4\u20139). Collaboration-Based Cloud Computing Security Management Framework. Proceedings of the 2011 IEEE 4th International Conference on Cloud Computing, Washington, DC, USA.","DOI":"10.1109\/CLOUD.2011.9"},{"key":"ref_84","unstructured":"Og\u00eeg\u0103u-Neam\u021biu, F. (2015, January 15). Cryptographic Key Management in Cloud Computing. Proceedings of the 10th International Scientific Conference \u201cDefense Resources Management in the 21st Century\u201d, Bra\u015fov, Romania."},{"key":"ref_85","doi-asserted-by":"crossref","first-page":"38","DOI":"10.5815\/ijmecs.2015.08.05","article-title":"Data Protection Techniques for Building Trust in Cloud Computing","volume":"7","author":"Saeed","year":"2015","journal-title":"Int. J. Mod. Educ. Comput. Sci."},{"key":"ref_86","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1504\/IJCC.2017.083905","article-title":"Cloud computing review: Concepts, technology, challenges and security","volume":"6","author":"Birje","year":"2017","journal-title":"Int. J. Cloud Comput."},{"key":"ref_87","doi-asserted-by":"crossref","unstructured":"Sumter, L.-Q. (2010, January 15). Cloud Computing: Security Risk. Proceedings of the ACMSE\u201910, Oxford, MS, USA.","DOI":"10.1145\/1900008.1900152"},{"key":"ref_88","unstructured":"Gao, Z., Tang, H., Zhu, Z., and Li, Y. (2013, January 23). Management process based cloud service security model. Proceedings of the International Conference on Cyberspace Technology (CCT 2013), Beijing, China."},{"key":"ref_89","doi-asserted-by":"crossref","unstructured":"Ratansingham, P., and Kumer, K. (2000, January 10\u201313). Trading partner trust in electronic commerce participation. Proceedings of the 21st International Conference on Information Systems, Brisbane, Australia.","DOI":"10.1108\/EUM0000000005316"},{"key":"ref_90","doi-asserted-by":"crossref","unstructured":"Caroll, M.C., Merwe, A.V.D., and Kortze, P. (2011, January 15\u201317). Secure Cloud Computing: Benefits, Risks and Control. Proceedings of the Information Security for South Africa, Johannesburg, South Africa.","DOI":"10.1109\/ISSA.2011.6027519"},{"key":"ref_91","unstructured":"Weitz, C., Hindley, N., and Ilse, R. (2020, September 03). A Balancing Act: What Cloud Computing Means for Business, and How to Capitalize on It. Available online: www.deloitte.com."},{"key":"ref_92","unstructured":"Ponemon, L. (2020, September 03). Security of Cloud Computing Users: A Study of Practitioners in the US & Europe. Available online: http:\/\/www.ca.com\/~\/media\/Files\/IndustryResearch\/security-cloud-computing-users_235659.pdf."},{"key":"ref_93","first-page":"26","article-title":"Risk Landscape of Cloud Computing","volume":"1","author":"Raval","year":"2010","journal-title":"ISACA J."},{"key":"ref_94","unstructured":"Gregg, M. (2020, September 03). 10 Security Concerns for Cloud Computing. Available online: www.globalknowledge.com."},{"key":"ref_95","unstructured":"Rittinghouse, J.W., and Ransome, J.F. (2010). Cloud Computing Implementation, Management, and Security, CRC Press."},{"key":"ref_96","unstructured":"Centre for the Protection of National Infrastructure (CPNI) (2020, September 03). Information Security Briefing 01\/2010: Cloud Computing, Available online: http:\/\/www.cpni.gov.uk\/Docs\/cloud-computing-briefing.pdf."},{"key":"ref_97","unstructured":"Kelson, N. (2020, September 03). Cloud Computing Management Audit\/Assurance Program. Available online: www.isaca.org."},{"key":"ref_98","unstructured":"(2020, September 03). Clavister: Security in the Cloud. Available online: www.clavister.com\/resources\/."},{"key":"ref_99","unstructured":"Third Brigade (2020, September 03). Cloud Computing Security: Making Virtual Machines Cloud-Ready [White Paper]. Available online: http:\/\/resources.thirdbrigade.com\/."},{"key":"ref_100","unstructured":"Open Cloud Manifesto (2020, September 03). Open Cloud Manifesto: Dedicated to the Belief That the Cloud Should Be Open 2009. Available online: www.opencloudmanifesto.org\/."},{"key":"ref_101","doi-asserted-by":"crossref","unstructured":"Azeez, N., Odufuwa, O., Misra, S., Oluranti, J., and Dama\u0161evi\u010dius, R. (2021). Windows PE Malware Detection Using Ensemble Learning. Informatics, 8.","DOI":"10.3390\/informatics8010010"},{"key":"ref_102","doi-asserted-by":"crossref","unstructured":"Alharbi, A., Alosaimi, W., Alyami, H., Rauf, H., and Dama\u0161evi\u010dius, R. (2021). Botnet Attack Detection Using Local Global Best Bat Algorithm for Industrial Internet of Things. Electronics, 10.","DOI":"10.3390\/electronics10111341"},{"key":"ref_103","doi-asserted-by":"crossref","unstructured":"Toldinas, J., Ven\u010dkauskas, A., Dama\u0161evi\u010dius, R., Grigali\u016bnas, \u0160., Morkevi\u010dius, N., and Baranauskas, E. (2021). A Novel Approach for Network Intrusion Detection Using Multistage Deep Learning Image Recognition. Electronics, 10.","DOI":"10.3390\/electronics10151854"},{"key":"ref_104","doi-asserted-by":"crossref","first-page":"200","DOI":"10.1504\/IJESDF.2020.106318","article-title":"Identifying phishing attacks in communication networks using URL consistency features","volume":"12","author":"Azeez","year":"2020","journal-title":"Int. J. Electron. Secur. Digit. Forensics"},{"key":"ref_105","doi-asserted-by":"crossref","first-page":"75","DOI":"10.2307\/25148625","article-title":"Design Science in Information Systems Research","volume":"28","author":"Hevner","year":"2004","journal-title":"MIS Q."},{"key":"ref_106","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1016\/0167-9236(94)00041-2","article-title":"Design and natural science research on information technology","volume":"15","author":"March","year":"1995","journal-title":"Decis. Support Syst."},{"key":"ref_107","doi-asserted-by":"crossref","unstructured":"Goettelmann, E., Mayer, N., and Godart, C. (2014, January 14\u201317). Integrating Security Risk Management into Business Process Management for the Cloud. Proceedings of the 2014 IEEE 16th Conference on Business Informatics, Geneva, Switzerland.","DOI":"10.1109\/CBI.2014.29"},{"key":"ref_108","doi-asserted-by":"crossref","first-page":"443","DOI":"10.1016\/j.proeng.2017.01.087","article-title":"Cloud Computing: Business Perspectives, Benefits and Challenges for Small and Medium Enterprises (Case of Latvia)","volume":"178","author":"Vasiljeva","year":"2017","journal-title":"Procedia Eng."},{"key":"ref_109","unstructured":"Kateeb, I., and Almadallah, M. (2014, January 25\u201327). Risk Management Framework in Cloud Computing Security in Business and Organizations. Proceedings of the IAJC\/ISAM Joint International Conference, Orlando, FL, USA."},{"key":"ref_110","doi-asserted-by":"crossref","first-page":"639","DOI":"10.1016\/j.ijinfomgt.2017.05.008","article-title":"Cloud-based business services innovation: A risk management model","volume":"37","author":"Ali","year":"2017","journal-title":"Int. J. Inf. Manag."},{"key":"ref_111","doi-asserted-by":"crossref","unstructured":"Damasceno, J., Lins, F., Medeiros, R., Silva, B., Souza, A., Araga\u00e3o, D., Maciel, P., Rosa, N., Stephenson, B., and Li, J. (2011, January 4\u20139). Modeling and Executing Business Processes with Annotated Security Requirements in the Cloud. Proceedings of the 2011 IEEE International Conference on Web Services, Washington, DC, USA.","DOI":"10.1109\/ICWS.2011.78"},{"key":"ref_112","unstructured":"Goettelmann, E., Dahman, K., Gateau, B., Dubois, E., and Godart, C. (July, January 27). A Security Risk Assessment Model for Business Process De-ployment in the Cloud. Proceedings of the IEEE International Conference on Services Computing, Anchorage, AK, USA."},{"key":"ref_113","doi-asserted-by":"crossref","unstructured":"Kozlov, A.D., and Noga, N.L. (2018, January 1\u20133). Risk Management for Information Security of Corporate Information Systems Using Cloud Technology. Proceedings of the 2018 Eleventh International Conference \u201cManagement of Large-Scale System Development\u201d (MLSD), Moscow, Russia.","DOI":"10.1109\/MLSD.2018.8551947"},{"key":"ref_114","unstructured":"Goettelman, E., Amina, A.-N., Youcef, S., and Godart, C. (July, January 27). Paving the way towards semi-automatic design-time business process model obfuscation. Proceedings of the IEEE International Conference on Web Services, New York, NY, USA."},{"key":"ref_115","first-page":"1","article-title":"Cloud Computing for Small Business: Criminal and Security Threats and Preventive Measures","volume":"456","author":"Hutchings","year":"2013","journal-title":"Trends Issues Crime Crim. Justice"},{"key":"ref_116","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1007\/978-1-4419-1636-5_6","article-title":"Risk-aware Business Process Management\u2015Establishing the Link between Business and Security","volume":"Volume 41","author":"Xhafa","year":"2010","journal-title":"Complex Intelligent Systems and Their Applications, Springer Optimization and Its Applications"},{"key":"ref_117","doi-asserted-by":"crossref","unstructured":"Belov, V.M., Pestunov, A., and Pestunova, T.M. (2018, January 2\u20136). On the Issue of Information Security Risks Assessment of Business Processes. Proceedings of the 2018 XIV International Scientific-Technical Conference on Actual Problems of Electronics Instrument Engineering (APEIE), Novosibirsk, Russia.","DOI":"10.1109\/APEIE.2018.8545576"},{"key":"ref_118","doi-asserted-by":"crossref","first-page":"592","DOI":"10.1016\/S2212-5671(14)00845-4","article-title":"Cloud Based Business Processes Orchestration","volume":"16","author":"Cristescu","year":"2014","journal-title":"Procedia Econ. Financ."},{"key":"ref_119","first-page":"186","article-title":"A Framework for Cloud Security Risk Management based on the Business Objectives of Organizations","volume":"10","author":"Youssef","year":"2019","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_120","first-page":"201","article-title":"A Cloud Computing Security Assessment Framework for Small and Medium Enterprises","volume":"11","author":"Rupra","year":"2020","journal-title":"J. Inf. Secur."},{"key":"ref_121","doi-asserted-by":"crossref","first-page":"101419","DOI":"10.1016\/j.giq.2019.101419","article-title":"Assessing information security risks in the cloud: A case study of Australian local government authorities","volume":"37","author":"Ali","year":"2020","journal-title":"Gov. Inf. Q."},{"key":"ref_122","doi-asserted-by":"crossref","first-page":"561","DOI":"10.1007\/s13198-020-00985-w","article-title":"A systematic literature review on compliance requirements management of business processes","volume":"11","author":"Mustapha","year":"2020","journal-title":"Int. J. Syst. Assur. Eng. Manag."}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/10\/12\/160\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T07:36:32Z","timestamp":1760168192000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/10\/12\/160"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,26]]},"references-count":122,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2021,12]]}},"alternative-id":["computers10120160"],"URL":"https:\/\/doi.org\/10.3390\/computers10120160","relation":{},"ISSN":["2073-431X"],"issn-type":[{"type":"electronic","value":"2073-431X"}],"subject":[],"published":{"date-parts":[[2021,11,26]]}}}