• The Journal of Information Systems
• /
• v.30 no.3
• /
• pp.65-91
• /
• 2021

Purpose In this study, we investigated the impact of perceived risk and switching costs on switching intention to cloud service based on PPM (Pull-Push-Mooring) model. Design/methodology/approach We focused on revealing the switching factors of the switching intention to the cloud services. The switching factors to the cloud services were defined as perceived risk consisting of performance risk, economic risk, and security risk, and switching costs consisting of financial and learning costs. On the PPM model, we defined the pull factors consisting of perceived usefulness and perceived ease of use, and the push factor as satisfaction of the legacy system, and the mooring factor as policy supports. Findings The results of this study as follows; (1) Among the perceived risk factors, performance risk has a negative effect on the ease of use of pull factors, and finally it was found to affect the switching intention to the cloud services. Therefore, cloud service providers need to improve trust in cloud services, service timeliness, and linkage to the legacy systems. And it was found that economic risk and security risk among the perceived risk factors did not affect the switching intention to the cloud services. (2) Of the perceived risk factors, financial cost and learning cost did not affect the satisfaction of the legacy system, which is a push factor. It indicates that the respondents are positively considering switching to cloud service in the future, despite the fact that the respondents are satisfied with the use of the legacy system and are aware of the switching cost to cloud service. (3) Policy support was found to improve the switching intention to cloud services by alleviating the financial and learning costs required for cloud service switching.

• Journal of Information Processing Systems
• /
• v.10 no.2
• /
• pp.240-255
• /
• 2014

Cloud computing has increasingly been drawing attention these days. Each big company in IT hurries to get a chunk of meat that promises to be a whopping market in the future. At the same time, information is always associated with security and risk problems. Nowadays, the handling of these risks is no longer just a technology problem, with a good deal of literature focusing on risk or security management and framework in the information system. In this paper, we find the specific business meaning of the BMIS model and try to apply and leverage this model to cloud risk. Through a previous study, we select and determine the causal risk factors in cloud service, which are also known as CSFs (Critical Success Factors) in information management. Subsequently, we distribute all selected CSFs into the BMIS model by mapping with ten principles in cloud risk. Finally, by using the leverage points, we try to leverage the model factors and aim to make a resource-optimized, dynamic, general risk control business model for cloud service providers.

• Journal of Information Processing Systems
• /
• v.10 no.1
• /
• pp.132-144
• /
• 2014

Information always comes with security and risk problems. There is the saying that, "The tall tree catches much wind," and the risks from cloud services will absolutely be more varied and more severe. Nowadays, handling these risks is no longer just a technology problem. So far, a good deal of literature that focuses on risk or security management and frameworks in information systems has already been submitted. This paper analyzes the causal risk factors in cloud environments through critical success factors, from a business perspective. We then integrated these critical success factors into a business model for information security by mapping out 10 principles related to cloud risks. Thus, we were able to figure out which aspects should be given more consideration in the actual transactions of cloud services, and were able to make a business-level and general-risk control model for cloud computing.

• Journal of Information Processing Systems
• /
• v.12 no.2
• /
• pp.226-233
• /
• 2016

Cloud computing is a distributed computing model that has lot of drawbacks and faces difficulties. Many new innovative and emerging techniques take advantage of its features. In this paper, we explore the security threats to and Risk Assessments for cloud computing, attack mitigation frameworks, and the risk-based dynamic access control for cloud computing. Common security threats to cloud computing have been explored and these threats are addressed through acceptable measures via governance and effective risk management using a tailored Security Risk Approach. Most existing Threat and Risk Assessment (TRA) schemes for cloud services use a converse thinking approach to develop theoretical solutions for minimizing the risk of security breaches at a minimal cost. In our study, we propose an improved Attack-Defense Tree mechanism designated as iADTree, for solving the TRA problem in cloud computing environments.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.35 no.3
• /
• pp.70-76
• /
• 2012

This research tested how the perceived risk and the trust affect the usage intention of the cloud computing. To this end, this research setups a research model and tests it with the statistic tools. In order to build the model, TAM (Technology Acceptance Model) and UTAUT (Unified Theory of Acceptance and Use of Technology) were employed and, the factors such as the perceived risk, the trust and the intention of the cloud computing use were derived. This research finds that the perceived risk does not affect the intention of usage. Also the perceived risk has the negative effect for the trust. Thus this research has the following suggestions.

• Journal of Platform Technology
• /
• v.9 no.2
• /
• pp.10-25
• /
• 2021

Although many studies have been conducted on risk analysis and evaluation in the on-premises environment in information security, studies on effective methodologies of risk analysis and evaluation for cloud computing systems are lacking. In 2015, the Cloud Computing Development Act was enacted, which served as an opportunity to promote the introduction of cloud computing. However, due to the increase in security incidents in the cloud computing system, activation is insufficient. In addition, the cloud computing system is not being actively introduced because of the difficulty in understanding the cloud computing system technology of the person in charge who intends to introduce the cloud computing system. In this regard, this study presented an effective risk analysis and evaluation method by examining the characteristics, concepts, and models of cloud computing systems and analyzing how these characteristics affect risk analysis and evaluation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.1
• /
• pp.406-434
• /
• 2019

In general, an information security approach estimates the risk, where the risk is to occur due to an unusual event, and the associated consequences for cloud organization. Information Security and Risk Management (ISRA) practices vary among cloud organizations and disciplines. There are several approaches to compare existing risk management methods for cloud organizations but their scope is limited considering stereo type criteria, rather than developing an agent based task that considers all aspects of the associated risk. It is the lack of considering all existing renowned risk management frameworks, their proper comparison, and agent techniques that motivates this research. This paper proposes Agent Based Information Security Framework for Hybrid Cloud Computing as an all-inclusive method including cloud related methods to review and compare existing different renowned methods for cloud computing risk issues and by adding new tasks from surveyed methods. The concepts of software agent and intelligent agent have been introduced that fetch/collect accurate information used in framework and to develop a decision system that facilitates the organization to take decision against threat agent on the basis of information provided by the security agents. The scope of this research primarily considers risk assessment methods that focus on assets, potential threats, vulnerabilities and their associated measures to calculate consequences. After in-depth comparison of renowned ISRA methods with ABISF, we have found that ISO/IEC 27005:2011 is the most appropriate approach among existing ISRA methods. The proposed framework was implemented using fuzzy inference system based upon fuzzy set theory, and MATLAB(R) fuzzy logic rules were used to test the framework. The fuzzy results confirm that proposed framework could be used for information security in cloud computing environment.

• Information Systems Review
• /
• v.17 no.1
• /
• pp.117-140
• /
• 2015

Cloud Computing has drawn attention as one of 10 IT strategic technology trends and has various advantages such as cost reduction and enhancing business flexibility. However, corporations hesitate to adopt the service because of unexpected risks. Especially compared to large firm, medium and small ones use public cloud that security risk is high. Meanwhile, real option strategy has drawn attention as the method to hedge uncertainty in IT projects. Therefore, in this study causal relationships among technical, security, relational, and economic risks of cloud service will be investigated. Eventually, this study investigates how those risks influence the intention to choose the real option about the cloud service. For this study, five hypotheses is drawn, and a survey is conducted about the medium and small firms which are currently using cloud service to examine hypotheses. Since the study is at organizational level, 287 questionnaire replies are recalculated to 120 firms. For statistical analysis, Smart PLS and SPSS Statistics18 are used. As a result, technical risk of cloud service has significantly positive influence on security risk. Second, security risk and relational risk of cloud service has significantly positive influence on economic risk. Third, economic risk of cloud service has significantly positive influence on the intention to purchase the delay option or abandon option. Based on this result, this research discussed practical and academic implications and the limitations.

• Journal of Information Technology Applications and Management
• /
• v.24 no.4
• /
• pp.117-131
• /
• 2017

We question whether Korean IT managers consider real options to reduce risks of cloud service implementation. This work investigates the impact of technology risk, relationship risk, economy risk, security risk upon the intention of IT managers to utilize abandon & expansion options. We also analyze moderation effect of centralization level of decision making between these risks and the utilization of real options. Using the survey questionnaire, we empirically find that technology risk, relationship risk and security risk have significant effect upon abandon option and technology risk, relationship risk, and economy upon expansion option. We also find the evidence that centralization level moderates some risks and the direction of moderation effect is to offset the effect of risks on intention to utilize real options.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.229-239
• /
• 2018

This paper analyzes the problems of existing CCTV and discusses cyber security problems of IP-CCTV in cloud computing environment. In order to reduce the risk of simply removing the risk associated with the provision of cloud services, the risk analysis and counter-measures need to be carried out effectively. Therefore, the STRIDE model as the Threat Risk Modeling is used to analyze the risk factors, and Analytic Hierarchy Process(AHP) is used to measure risk priorities based on the analyzed threats.