{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T13:19:15Z","timestamp":1763039955903,"version":"3.45.0"},"reference-count":30,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T00:00:00Z","timestamp":1762992000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>Risk assessment is critical for securing and sustaining operational resilience in cloud computing. Traditional approaches often rely on single-objective or subjective weighting methods, limiting their accuracy and adaptability to dynamic cloud conditions. To address this gap, this study provides a framework for multi-layered decision-making using an Enhanced Hierarchical Holographic Modeling (EHHM) approach for cloud computing security risk assessment. Two methods were used, the Entropy Weight Method (EWM) and Criteria Importance Through Intercriteria Correlation (CRITIC), to provide a multi-factor decision-making risk assessment framework across the different security domains that exist with cloud computing. Additionally, fuzzy set theory provided the respective levels of complexity dispersion and ambiguities, thus facilitating an accurate and objective participation for a cloud risk assessment across asymmetric information. The trapezoidal membership function measures the correlation, rank, and scores, and was applied to each corresponding cloud risk security domain. The novelty of this re-search is represented by enhancing HHM with an expanded security-transfer domain that encompasses the client side, integrating dual-objective weighting (EWM + CRITIC), and the use of fuzzy logic to quantify asymmetric uncertainty in judgments unique to this study. Informed, data-related, multidimensional cloud risk assessment is not reported in previous studies using HHM. The different Integrated Weight measures allowed for accurate risk judgments. The risk assessment across the calculated cloud computing security domains resulted in a total score of 0.074233, thus supporting the proposed model in identifying and prioritizing risk assessment. Furthermore, the scores of the cloud computing dimensions highlight EHHM as a suitable framework to support and assist corporate decision-making in cloud computing security activity and informed risk awareness with innovative activity amongst a turbulent and dynamic cloud computing environment with corporate operational risk.<\/jats:p>","DOI":"10.3390\/computers14110491","type":"journal-article","created":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T12:57:13Z","timestamp":1763038633000},"page":"491","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Decision-Making Model for Risk Assessment in Cloud Computing Using the Enhanced Hierarchical Holographic Modeling"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2244-2526","authenticated-orcid":false,"given":"Auday Qusay","family":"Sabri","sequence":"first","affiliation":[{"name":"Faculty of Computing, Universiti Teknologi Malaysia, Kuala Lumpur 81310, Malaysia"}]},{"given":"Halina Binti Mohamed","family":"Dahlan","sequence":"additional","affiliation":[{"name":"Faculty of Computing, Universiti Teknologi Malaysia, Kuala Lumpur 81310, Malaysia"}]}],"member":"1968","published-online":{"date-parts":[[2025,11,13]]},"reference":[{"key":"ref_1","first-page":"421","article-title":"Cloud Computing Characteristics and Services: A Brief Review","volume":"7","author":"Rashid","year":"2019","journal-title":"Int. J. Comput. Sci. Eng."},{"key":"ref_2","unstructured":"Al Morsy, M., Grundy, J., and M\u00fcller, I. (December, January 30). An Analysis of the Cloud Computing Security Problem Mohamed. Proceedings of the APSEC 2010, Sydney, Australia."},{"key":"ref_3","unstructured":"Del Roc\u00edo, G., and Molina, R. (2020, January 01). A Decision Support System for Corporations Cyber Security Risk Management. Available online: https:\/\/iconline.ipleiria.pt\/bitstream\/10400.8\/2741\/1\/FinalTesis_29_08_2017.pdf."},{"key":"ref_4","first-page":"3382","article-title":"A Survey of Cloud Computing Approaches, Business Opportunities, Risk Analysis and Solving Approaches","volume":"9","author":"Mohamed","year":"2017","journal-title":"Int. J. Adv. Netw. Appl. IJANA"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"7","DOI":"10.24178\/irjece.2017.3.2.07","article-title":"Risk Assessment for Cloud Computing","volume":"3","author":"Sivasubramanian","year":"2017","journal-title":"Int. Res. J. Electron. Comput. Eng."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"3200","DOI":"10.1016\/j.proeng.2011.08.601","article-title":"The new risk assessment model for information system in Cloud Computing Environment","volume":"15","author":"Liu","year":"2011","journal-title":"Procedia Eng."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/MCC.2015.63","article-title":"Offline Risk Assessment of Cloud Service Providers","volume":"2","author":"Madria","year":"2015","journal-title":"IEEE Cloud Comput."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"871","DOI":"10.1007\/s10796-011-9317-x","article-title":"Decision-making in cloud computing environments: A cost and risk based approach","volume":"14","author":"Martens","year":"2012","journal-title":"Inf. Syst. Front."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"745","DOI":"10.1080\/14783363.2017.1337506","article-title":"Failure mode and effect analysis with extended grey relational analysis method in cloud setting","volume":"30","author":"Liu","year":"2019","journal-title":"Total Qual. Manag. Bus. Excell."},{"key":"ref_10","unstructured":"Sun, M. (2014). Risk Assessment-Based Decision Support for the Migration of Applications to the Cloud, Institute of Architecture of Application Systems, University of Stuttgart."},{"key":"ref_11","first-page":"315","article-title":"A review of automated decision support system","volume":"10","author":"Abdulllah","year":"2018","journal-title":"J. Fundam. Appl. Sci."},{"key":"ref_12","first-page":"102","article-title":"A decision process model to support migration to cloud computing","volume":"24","author":"John","year":"2017","journal-title":"Int. J. Bus. Inf. Syst."},{"key":"ref_13","unstructured":"Garg, R., Heimgartner, M., and Stiller, B. (2016, January 23\u201325). Decision support system for adoption of cloud-based services. Proceedings of the CLOSER 2016\u20146th International Conference on Cloud Computing and Services Science, Rome, Italy."},{"key":"ref_14","first-page":"79","article-title":"Security Risk Assessment of Cloud Computing Services in a Networked Environment","volume":"7","author":"Weintraub","year":"2016","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"20349","DOI":"10.1109\/ACCESS.2017.2757605","article-title":"Decision Support System for Risk Assessment and Management Strategies in Distributed Software Development","volume":"5","author":"Aslam","year":"2017","journal-title":"IEEE Access"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"210","DOI":"10.2174\/1874110X01610010210","article-title":"A research for cloud computing security risk assessment","volume":"10","author":"Tang","year":"2016","journal-title":"Open Cybern. Syst. J."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Zhang, W., Zhang, Y., and Qiao, W. (2022). Risk Scenario Evaluation for Intelligent Ships by Mapping Hierarchical Holographic Modeling into Risk Filtering, Ranking and Management. Sustainability, 14.","DOI":"10.3390\/su14042103"},{"key":"ref_18","first-page":"151","article-title":"A delphi-based security risk assessment model for cloud computing in enterprises","volume":"98","author":"Youssef","year":"2020","journal-title":"J. Theor. Appl. Inf. Technol."},{"key":"ref_19","unstructured":"ENISA (2021). ENISA Threat Landscape 2021, ENISA."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"102223","DOI":"10.1016\/j.jairtraman.2022.102223","article-title":"An evaluation of practitioners\u2019 perceptions of a security risk assessment methodology in air traffic management projects","volume":"102","author":"Bernsmed","year":"2022","journal-title":"J. Air Transp. Manag."},{"key":"ref_21","first-page":"101","article-title":"Risk Analysis Technique on Inconsistent Interview Big Data Based on Rough Set Approach","volume":"4","author":"Azim","year":"2016","journal-title":"J. Data Anal. Inf. Process."},{"key":"ref_22","unstructured":"Latif, R., Abbas, H., Assar, S., Ali, Q., Latif, R., Abbas, H., Assar, S., and Ali, Q. (2019). Cloud Computing Risk Assessment: A Systematic Literature Review, Springer."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Li, Q. (2018, January 18\u201320). Data security and risk assessment in cloud computing. Proceedings of the ITM Web of Conferences, Ho Chi Minh City, Vietnam.","DOI":"10.1051\/itmconf\/20181703028"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1016\/j.csi.2014.08.007","article-title":"Scalable risk assessment method for cloud computing using game theory (CCRAM)","volume":"38","author":"Furuncu","year":"2015","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1016\/j.future.2012.05.008","article-title":"Business-driven management of infrastructure-level risks in Cloud providers","volume":"32","author":"Guitart","year":"2014","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"594","DOI":"10.1007\/978-3-319-72389-1_47","article-title":"A security risk management model for cloud computing systems: Infrastructure as a service","volume":"Volume 10656","author":"Jouini","year":"2017","journal-title":"Security, Privacy, and Anonymity in Computation, Communication, and Storage"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Chopra, A., Prasad, P.W.C., Alsadoon, A., Ali, S.H., and Elchouemi, A. (April, January 29). Cloud computing potability with risk assessment. Proceedings of the 2016 4th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering MobileCloud, Oxford, UK.","DOI":"10.1109\/MobileCloud.2016.20"},{"key":"ref_28","first-page":"3564835","article-title":"Effectiveness of Entropy Weight Method in Decision-Making","volume":"2020","author":"Zhu","year":"2020","journal-title":"Math. Probl. Eng."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"76","DOI":"10.31181\/dmame210402076i","article-title":"Specific character of objective methods for determining weights of criteria in MCDM problems: Entropy, CRITIC, SD","volume":"4","author":"Mukhametzyanov","year":"2021","journal-title":"Decis. Mak. Appl. Manag. Eng."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"4164","DOI":"10.1016\/j.eswa.2013.01.030","article-title":"A web based decision support system driven by fuzzy logic for the diagnosis of typhoid fever","volume":"40","author":"Samuel","year":"2013","journal-title":"Expert Syst. Appl."}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/14\/11\/491\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T13:13:44Z","timestamp":1763039624000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/14\/11\/491"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,13]]},"references-count":30,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2025,11]]}},"alternative-id":["computers14110491"],"URL":"https:\/\/doi.org\/10.3390\/computers14110491","relation":{},"ISSN":["2073-431X"],"issn-type":[{"type":"electronic","value":"2073-431X"}],"subject":[],"published":{"date-parts":[[2025,11,13]]}}}