Towards a Legal Risk Assessment

Corrales Compagnucci, Marcelo

doi:10.1007/978-981-15-0349-8_9

Marcelo Corrales Compagnucci³

Part of the book series: Perspectives in Law, Business and Innovation ((PLBI))

801 Accesses

Abstract

This chapter presents an SLA brokering framework that includes innovative risk-aware assessment techniques which facilitate the clarification of database and “ownership” rights of data and evaluate the probability of SLA failure. It uses the web service agreement specification (WS-Agreement) as a template and extends prior work on risk metrics from the OPTIMIS project to facilitate SLA creation between service consumers and providers within typical cloud brokerage scenarios. However, since the WS-Agreement allows for an automated mechanism between only two parties and does not cover the use of an intermediary within the agreement process, I use the specific work carried out in the AssessGrid project that includes a brokerage mechanism and pays considerable attention to addressing a risk assessment.

“Life, risk and technology are getting more intimate than ever…” (Ciborra 2007, p. 27).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 139.00; Price excludes VAT (USA)

Softcover Book: USD 179.99; Price excludes VAT (USA)

Hardcover Book: USD 179.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
The work of Claudio Ciborra, see Gutwirth and Hildebrandt (2010, p. 33).
2.
See, generally, Ciborra (2005).
3.
For details about artificial intelligence (AI) and expert systems, see Jackson (1998).
4.
Ciborra (2007, p. 27).
5.
For details about the evolution of grid infrastructure technologies, see Jones and Bird (2013, pp. 160) et seq.
6.
Kasemsap and Sunandha (2015, p. 33).
7.
Teng and Magoules (2010, p. 126).
8.
Shantz (2005, p. 511).
9.
Ciborra (2009, p. 78).
10.
Drissi et al. (2013, p. 143).
11.
See Gourlay et al. (2008, pp. 437–443).
12.
See Andrieux et al. (2007), Gourlay et al. (2008, p. 438). More specifically, for negotiating and creating SLAs, I use the WSAG4 J framework developed at Fraunhofer Institute SCAI. The WSAG4 J is a tool that helps to create and manage SLAs in distributed systems and has been fully implemented as part of the Open Grid Forum (OGF) WS-Agreement standard.
13.
The Advanced Risk Assessment and Management for Trustable Grids project (AssessGrid), was founded by the EU Commission under the FP6 IST framework (contract no. 031772).
14.
Djemame et al. (2011a, p. 1558).
15.
See Kirkham et al. (2012a, p. 1063).
16.
Mahmood (2014) (ed).
17.
Non-functional requirements present a systematic approach that provides quality to the software system. They define the criteria used in the system operation, which is specified in the system architecture . For a comprehensive explanation of non-functional requirements. See, generally, Chung et al. (2000), Chung and Sampaio do Prado Leite (2009).
18.
Li and Singh (2014, p. 670).
19.
For this definition, see American Heritage Dictionary.
20.
Garner (2014, p. 1524).
21.
See Gourlay et al. (2009, p. 36).
22.
Plain English ISO 31000:2018, Risk Management Dictionary [online]. Available at:
http://www.praxiom.com/iso-31000-terms.htm. Accessed May 10 2019.
23.
Garner (2014, p. 1525) (ed).
24.
Sangrasi et al. (2012, pp. 445–452).
25.
See Nwankwo (2014).
26.
See ISO 31000:2009 risk management standard sets out the principles and guidelines on risk management that can be applied to any type of risk in any field of industry or sector [online]. Available at: https://www.iso.org/obp/ui/#iso:std:43170:en. Accessed May10 2019.
27.
See, generally, Lund et al. (2011).
28.
For details, see also the 2007 OCTAVE Allegro version. See Caralli (2007).
29.
See, generally, Lund et al. (2011).
30.
Cattedu and Hogben (2009) (eds).
31.
ISO 22307:2008 is a privacy impact assessment for financial services and banking management tools. It recognizes the importance to mitigate risks associated to consumer data utilizing automated and networked systems [online]. Available at: https://www.iso.org/standard/40897.html. Accessed May 10 2019.
32.
See Corrales (2012); see, also, generally, Wright and De Hert (2012) (eds), Pearson and Yee (2013) (eds).
33.
ISO/IEC WD 29134 PIA methodology [online]. Available at: https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=62289. Accessed May 10 2019.
34.
ISO/IEC 29101:2013 Information Technology —Security Techniques—Privacy Architecture Framework [online]. Available at: https://www.iso.org/standard/45124.html. Accessed May 10 2019.
35.
ISO/IEC NP 19086–4 (2019) Information Technology—Cloud Computing —Service Level Agreement (SLA) framework and technology—Part 4 Security and Privacy [online]. Available at: https://www.iso.org/standard/68242.html. Accessed May 10 2019.
36.
ENISA has played a crucial role in providing stakeholders an overview of the main risks involved in cloud computing . See Cattedu and Hogben (2009).
37.
Djemame et al. (2011b, p. 119).
38.
Kirkham et al. (2013, p. 7).
39.
Djemame et al. (2011b, p. 119).
40.
Djemame et al. (2011b, p. 119).
41.
Djemame et al. (2011b, p. 119).
42.
Djemame et al. (2011b, p. 119).
43.
Khan et al. (2012, p. 122).
44.
Djemame et al. (2013, p. 3).
45.
Khan et al. (2012, p. 122).
46.
Khan et al. (2012, p. 122).
47.
Khan et al. (2012, p. 122).
48.
Khan et al. (2012, p. 122).
49.
Khan et al. (2012, p. 122).
50.
See Vraalsen et al. (2005, pp. 45–60).
51.
Khan et al. (2012, p. 123), Djemame et al. (2013, p. 12).
52.
Susskind (1998, p. 290). According to Susskind: “While legal problem solving will not be eliminated in tomorrow’s legal paradigm, it will nonetheless diminish markedly in significance. The emphasis will shift towards legal risk management supported by proactive facilities, which will be available in the form of legal information services and procedures. As citizens learn to seek legal guidance more regularly and far earlier than in the past, many potential legal difficulties will be dissolved before needing to be resolved. Where legal problems of today are often symptomatic of delayed legal input, earlier consultation should result in users understanding and identifying their risks and controlling them before any questions of escalation.”
53.
Wahlgren (2007, p. 91).
54.
Burnett (2005, pp. 61–67).
55.
Rejas-Muslera et al. (2007, pp. 118–124).
56.
Bradshaw et al. (2010, pp. 31–32).
57.
Batre et al. (2007, p. 193).
58.
Draft White Paper on Legal Options for the Exchange of Data through the GEOSS Data -CORE (2011). Group on Earth Observations [online]. Available at: https://www.earthobservations.org/documents/dsp/draft_white_paper_geoss_legal_interoperability_30_october_2011.pdf. Accessed May 10 2019.
59.
White Paper, Mechanisms to Share Data as Part of GEOSS Data -CORE, p. 3.
60.
White Paper, Mechanisms to Share Data as Part of GEOSS Data -CORE, p. 3.
61.
White Paper, Mechanisms to Share Data as Part of GEOSS Data -CORE, p. 3.
62.
White Paper, Mechanisms to Share Data as Part of GEOSS Data -CORE, p. 3.
63.
Summary White Paper, Legal Options for the Exchange of Data through the GEOSS Data -CORE, p. 2, Data Sharing Task Force, Group on Earth Observations.
64.
Summary White Paper, Legal Options for the Exchange of Data through the GEOSS Data -CORE, p. 19.
65.
Sundara Rajan (2011, p. 286).
66.
DG Internal Market and Services Working Paper, First Evaluation of Directive 96/9/EC on the Legal Protection of Databases , p. 4.
67.
Majkic (2014), preface.
68.
Dean (2014, p. 10).
69.
Ridley (2015, p. 79).
70.
Ridley (2015, p. 79).
71.
See, generally, Sakr and Gaber (2014) (eds).
72.
Unstructured data is the subset of information. For example: text mining in the medical field. See Holzinger et al. (2013, p. 13).
73.
Semi-structured data such as XML. See Ishikawa (2015), preface. See, also, generally, Kitchin (2014).
74.
Krishnan (2013, p. 5).
75.
Vashist (2015, p. 1).
76.
Lohr (2015).
77.
See, generally, OECD (2007) Principles and Guidelines for Access to Research Data from Public Funding [online]. Available at: http://www.oecd.org/sti/inno/38500813.pdf. Accessed May 10 2019.
78.
Davison (2003, p. 97).
79.
With the exception of Mexico, South Korea and Russia.
80.
See Kousiouris et al. (2013, pp. 61–72). In this work, the authors refer mainly to data protection issues, however, the same principles and ideas underlying the geographic location and data transfers may apply to database rights .
81.
See, generally, Jentzsch (2007, p. 27).
82.
See ARTIST R12 Certification Model.
83.
See Wu et al. (2013, pp. 235–244), Jrad (2014, p. 4).
84.
Or in countries such as Mexico, South Korea and Russia as these countries have also database rights similar the EU Database Directive.
85.
See GEOSS-data Core project.
86.
Djemame et al. (2011a, p. 1561).
87.
Djemame et al. (2011a, p. 1561).
88.
Djemame et al. (2011a, p. 1561).
89.
Djemame et al. (2011a, pp. 1559–1560).
90.
See, generally, Stone (2005, p. 14).
91.
Fellows (2013), Gourlay et al. (2008, p. 438).
92.
Fellows (2013), Gourlay et al. (2008, p. 438), Fellows (2014).
93.
Djemame et al. (2011a, pp. 1559–1560).
94.
Djemame et al. (2011a, p. 1561).
95.
Djemame et al. (2011b, p. 122).
96.
Djemame et al. (2012, pp. 9–10).
97.
Djemame et al. (2012, pp. 9–10).
98.
Djemame et al. (2012, pp. 9–10).
99.
Djemame et al. (2012, pp. 9–10).
100.
Djemame et al. (2012, pp. 9–10).
101.
Djemame et al. (2012, pp. 9–10).
102.
In computer science and software development, rule-based systems (also known as “expert-systems”) are used to store and analyze information in useful ways that tell you what to do in different situations. They are often used as the basis for AI programing and systems to find answers to various problems. See, generally, Grosan and Abraham (2011, pp. 149–185), Toosizadeh and Farshchi (2011).
103.
Plug-in, add-in or add-on extensions are all synonyms for software components.
104.
Djemame et al. (2011b, pp. 121–122).
105.
Kirkham et al. (2012a, p. 1067).
106.
Djemame et al. (2011b, p. 125).
107.
See ISO 31000:2009; ISO 27000 standards; ISO Guide 73:2009.
108.
Cattedu and Hogben (2009).
109.
Summer et al. (2004, p. 6).
110.
Djemame et al. (2011a, p. 1570).
111.
Leber and Hermann (2013, p. 406).
112.
Djemame (2016, pp. 265–278).
113.
Taubenberger (2011, p. 260).
114.
Sharif and Basri (2011, p. 222).
115.
Lund et al. (2011, p. 131).
116.
Luiijf (2016, p. 69).
117.
Grossman and Seehusen (2015, p. 23), Lund et al. (2011, p. 137).
118.
Beckers (2015, p. 457).
119.
Lund et al. (2011, p. 137).
120.
Lund et al. (2011, p. 137). This figure has been taken from the risk management of HAI and slightly adapted by the author.
121.
Lund et al. (2011, p. 137).
122.
Many people are already using the so-called “personal cloud” like Apple’s iCloud or Dropbox or Amazon Cloud Storage or Evernote. This also includes the employees of a company or an organization who use these applications to manage their daily work activities. See Radizeski (2012, p. 22). In this sense, a “personal cloud” system is also readily available for everyone to use it.
123.
This example was mentioned in Chap. 2 of this book.
124.
See Griffith (2012), Chaps. 1 and 2 with further references.
125.
Barnatt (2010, p. 11), Rosenberg and Mateos (2011, p. 5).
126.
See, generally, Smoot and Tan (2012), introduction.
127.
For details of the risk model, see Djemame et al. (2011b, pp. 119–126).
128.
Djemame et al. (2012, pp. 11–12).
129.
Djemame et al. (2012, pp. 11–12).
130.
Djemame et al. (2012, pp. 11–12).
131.
See Kirkham et al. (2012a, pp. 1063–1069), Alhadeff et al. (2010, pp. 1–122).
132.
Kirkham et al. (2012b, pp. 156–160).
133.
Kirkham et al. (2012b, pp. 156–160).
134.
Kirkham et al. (2012b, pp. 156–160). The results of this risk assessment are carried out using different formulas. For example, the results of the risk calculation are ranked using the Euclidean Distance norm.
135.
Kirkham et al. (2012b, pp. 156–160).
136.
See Chap. 8 of this book.
137.
See Article 29 Data Protection Working Party, Working Document on Genetic Data . Adopted on March 17, 2004, pp. 1–14, [online]. Available at: https://iapp.org/media/pdf/knowledge_center/wp91_Genetic-Data_03-2004.pdf . Accessed May 10 2019.
138.
See Forgó et al. (2010).
139.
Gough and Nettleton (2010, p. 149).
140.
Kattan et al. (2011, p. 199).
141.
Williams (2013, p. 187), Bonewell (2006, p. 1178).
142.
For this term see ISO 27000 definitions [online]. Available at: https://www.praxiom.com/iso-27000-definitions.htm. Accessed 10 May 2019.
143.
Khan et al. (2012, p. 124).

References

Alhadeff J et al (2010) Requirements: privacy, governance and contractual options, pp 1–122, TAS3 Deliverable, WP6, D6.1, Version 3.0 http://cordis.europa.eu/docs/projects/cnect/7/216287/080/deliverables/002-TAS3D06p1Privacyre-quirementsv3p0.pdf. Accessed May 10, 2019
Andrieux A et al (2007) Web Services Agreement Specification (WS-Agreement), Global Forum American Heritage Dictionary https://www.ahdictionary.com/word/search.html?q=risk&submit.x=872&submit.y=. Accessed May 10, 2019
Barnatt C (2010) A brief guide to cloud computing: an essential guide to the next computing revolution. Kindle Edition, s.l, p 11
Google Scholar
Batre D et al (2007) Gaining Users’ Trust by Publishing Failure Probabilities. Security and Privacy in Communications Networks and the Workshops, SecureComm 2007. Proceedings of the Third International Conference on Security and Privacy in Communication Networks, Nice, p 193
Google Scholar
Beckers K (2015) Pattern and security requirements: engineering-based establishment of security standards. Springer, Cham, p 457
Google Scholar
Bonewell D (2006) Security and privacy for data warehouses: opportunity or threat? In: Tipton H, Krause M (eds) Information security management handbook, 5th edn. Auerbach Publications, Boca Ratón, p 1178
Google Scholar
Bradshaw S, Millard C, Waelden I (2010) Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services, Queen Mary School of Law Legal Studies Research Paper No. 63/2010, pp. 31–32 http://ssrn.com/abstract01662374. Accessed May 10, 2019
Burnett R (2005) Legal risk management for the it industry. Comput Law Secur Report 21(1):61–67
Article Google Scholar
Caralli R et al (2007) Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process, Technical Report. Software Engineering Institute, Carnegie Mellon, s.l
Google Scholar
Cattedu D, Hogben G (2009) Cloud Computing: Benefits, Risks and Recommendations for Information Security, ENISA (European Network and Information Security Agency) http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_down-load/fullReport. Accessed May 10 2019
Chung L et al (2000) Non-functional requirements in software engineering. Springer, New York
Book Google Scholar
Chung L, Sampaio do Prado Leite J (2009) On non-functional requirements in software engineering. In: Borgida A et al (eds) Conceptual modeling: foundations and applications, Essays in Honor of John Mylopoulos, Lecture Notes in Computer Science/Information Systems and Applications, incl. Internet/Web, and HCI (Book 5600). Springer, Berlin
Chapter Google Scholar
Ciborra C (2005) Digital Technologies and the Duality of Risk, Centre for Analysis of Risk and Regulation. London School of Economics and Political Science, London
Google Scholar
Ciborra C (2007) Digital technologies and risk: a critical review. In: Hanseth O, Ciborra C (eds) Risk, complexity and ICT. Edgar Elgar Publishing, Cheltenham, p 27
Google Scholar
Ciborra C (2009) Imbrication of representations: risks and digital technologies. In: Avgerou C, Lanzara F, Willcocks L (eds) Bricolage, care and information systems: Claudio Ciborra’s legacy in information systems research. Palgrave MacMillan, New York, p 78
Chapter Google Scholar
Corrales M (2012) Privacy risk impact assessment: a new requirement for safer clouds. Beck-Online, ZD-Aktuell, p 03036
Google Scholar
Davison M (2003) The legal protection of databases. Cambridge University Press, Cambridge, p. 97
Google Scholar
Dean J (2014) Big data, data mining and machine learning: value creation for business leaders and practitioners. Wiley, Hoboken, p 10
Google Scholar
Djemame K et al (2011a) Brokering of risk-aware service level agreements in grids. Concurr Comput: Pract Exp 23(13):1558–1582
Article Google Scholar
Djemame K et al (2011b) A risk assessment framework and software toolkit for cloud service ecosystems, The Second International Conference on Cloud Computing, GRIDs, and Virtualization, p 119 http://www.optimis-project.eu/content/risk-assessment-framework-and-software-toolkit-cloud-service-ecosystems. Accessed May 10, 2019
Djemame K et al (2012) Legal issues in the cloud: towards a risk inventory. Philos Trans R Soc A 371(1983)
Google Scholar
Djemame K et al (2013) Legal issues in clouds: towards a risk inventory. Phil Trans R Soc A 371(1983) https://royalsocietypublishing.org/doi/full/10.1098/rsta.2012.0075. Accessed May 10, 2019
Article Google Scholar
Djemame K (2016) A risk assessment framework for cloud computing. IEEE Trans Cloud Comput 4(3):265–278
Article Google Scholar
Drissi S, Houmani H, Medromi H (2013) Survey: risk assessment for cloud computing. Int J Adv Comput Sci Appl (IJACSA) 4(12):143–148
Google Scholar
Fellows W (2013) Cloud Brokers: Now Seeking Ready-to-Pay Customers, 451 Research https://451research.com/report-long?icid=2666. Accessed May 10, 2019
Fellows W (2014) Cloud Brokers: Making ITaaS a Practical Reality? 451 Research https://451research.com/images/Marketing/451_CloudBrokers_2014_ExecOverview.pdf. Accessed May 10, 2019
Forgó N et al (2010) Ethical and legal requirements for transnational genetic research. Beck, Munich
Book Google Scholar
Garner B (ed) (2014) Black’s Law dictionary, 10th edn. Thomson Reuters, St. Paul
Google Scholar
Gouch J, Nettleton D (2010) Managing the documentation maze: answers to questions you didn’t even know. Wiley, Hoboken, p 149
Google Scholar
Gough J, Nettleton D (2010) Managing the documentation maze: answers to questions you didn’t even know. Wiley, Hoboken
Google Scholar
Gourlay I et al (2008) Reliability and risk in grid resource brokering. In: Second IEEE International Conference on Digital Ecosystems and Technologies (IEEE DEST 2008)
Google Scholar
Gourlay I, Djemame J, Padgett J (2009) Evaluating provider reliability in grid resource brokering. In: 11th IEEE international conference on high performance computing and communications, p 36 https://ieeexplore.ieee.org/document/5166974. Accessed May 10, 2019
Griffith R (2012) A short introduction to cloud computing: everything you need to know in around 1000 Words, locs. 21 and 29. Kindle Edition
Google Scholar
Grosan C, Abraham A (2011) Ruled-Based Expert Systems. In: Grosan C, Abraham C (eds) Intelligent systems: a modern approach, intelligent systems reference library, vol 17. Springer, Berlin, pp 149–185
Chapter Google Scholar
Grossman J, Seehusen F (2015) Combining security risk assessment and security testing based on standards. In: Seehusen F et al (eds) Risk assessment and risk-driven testing, third international workshop, RISK 2015, Berlin Germany. Springer, Cham, p 23
Google Scholar
Gutwirth S, Hildebrandt M (2010) Some caveats on profiling. In: Gutwirth S, Poullet Y, Paul de Hert P (eds) Data Protection in a Profiled World. Springer, Dordrecht, p 33
Chapter Google Scholar
Holzinger A et al (2013) Combining HCI, natural language processing, and knowledge discovery—potential of ibm content analytics as an assistive technology in the biomedical field. In: Holzinger A, Pasi G (eds) Human computer interaction and knowledge discovery in complex, unstructured, big data, third international workshop, HCI-KDD 2013, Maribor, Slovenia, July 2013, Proceedings. Springer, Heidelberg, p 13
Chapter Google Scholar
Ishikawa H (2015) Social big data mining. CRC Press, Boca Ratón
Book Google Scholar
Jackson P (1998) Introduction to expert systems, 3rd edn. Addison-Wesley, Harlow
Google Scholar
Jentzsch N (2007) Financial privacy: an international comparison of credit reporting systems, 2nd edn. Springer, Berlin, p 27
Google Scholar
Jones B, Bird I (2013) Data-intensive production grids. In: Critchlow T, Kleese van Dam K (eds) Data-intensive science. Chapman & Hall (CRC Press), Boca Ratón, pp 160 et seq
Google Scholar
Jrad F (2014) A service broker for intercloud computing, Doctoral Thesis, Karlsruhe Institute of Technology, KIT, p 4 http://d-nb.info/1054989486/34. Accessed May 10, 2019
Kasemsap K, Sunandha S (2015) The role of cloud computing adoption in global business. In: Chang V, Walter R, Wills G (eds) Delivery and adoption of cloud computing services in contemporary organizations. Information Science Reference (IGI Global), Hershey, p 33
Google Scholar
Kattan I, Nunu A, Saleh K (2011) A stochastic model for improving information security in supply chain systems. In: Wang J (ed) Supply chain optimization, management and integration: emerging applications. Business Science Reference, Hershey, p 199
Google Scholar
Khan A et al (2012) Security risks and their management in cloud computing. In: 2012 IEEE 4th international conference on cloud computing technology and science, IEEE computer society, p 122 https://ieeexplore.ieee.org/document/6427574. Accessed May 10, 2019
Kirkham T et al (2012a) Assuring data privacy in cloud transformations, trust, security and privacy in computing and communications (TrustCom). In: 2012 IEEE 11th international conference on digital object identifier, pp 1063–1069 https://ieeexplore.ieee.org/iel5/6294581/6295938/06296092.pdf. Accessed May 10, 2019
Kirkham T et al (2012b) Risk based SLA management in clouds: a legal perspective, The 7th International Conference for Internet Technology and Secured Transactions, IEEE (ICITST 2012), pp 156–160 https://ieeexplore.ieee.org/document/6470934. Accessed May 10, 2019
Kirkham T et al (2013) Richer requirements for better clouds. In: 2013 IEEE international conference on cloud computing technology and science. IEEE Computer Society, p 7. https://ieeexplore.ieee.org/document/6735388?section=abstract. Accessed May 10, 2019
Kitchin R (2014) The data revolution: big data, open data. Data Infrastructures & Their Consequences. Sage Publications Ltd., Los Angeles
Google Scholar
Kousiouris G et al (2013) A cloud provider description schema for meeting legal requirements in cloud federation scenarios. In: Douligeris et al (eds) Collaborative, Trusted and Privacy-Aware e/m-Services, 12th IFIP WG 6.11 conference on e-business, e-services, and esociety, I3E 2013, Athens, Greece, Apr 25–26 2013, Proceedings. Springer, Heidelberg
Google Scholar
Krishnan K (2013) Data warehousing in the age of big data. Elsevier, Amsterdam, p 5
Chapter Google Scholar
Li T, Singh M (2014) Hybrid trust framework for loss of control in cloud management. In: Jeong H et al (eds) Advances in computer science and its applications: CSA 2013. Springer, Heidelberg, p 670
Google Scholar
Leber D, Hermann J (2013) Decision analysis methods for selecting consumer services with attribute value uncertainty. In: Lee M et al (eds) Risk assessment and evaluation of predictions. Springer, New York, p 406
Chapter Google Scholar
Lohr S (2015) Data-ism: the revolution transforming decision making, consumer behavior, and almost everything else. HarperCollins Publishers, New York
Google Scholar
Lund M, Solhaug B, Stolen K (2011) Model-driven risk analysis: the CORAS approach. Springer, Heidelberg, p 131 et seq
Chapter Google Scholar
Luiijf E (2016) Threats in industrial control systems. In: Colbert E, Kott A (eds) Cybersecurity of SCADA and other industrial control systems. Springer, Cham, p 69
Google Scholar
Mckelvey N et al (2015) Cloud computing and security in the future. In: Zhu S, Hill R. Trovati M (eds) Guide to security assurance for cloud computing. Springer, Cham, p 100
Google Scholar
Mahmood Z (2014) (ed) Continued rise of the cloud: advances and trends in cloud computing. Springer, London
Google Scholar
Majkic Z (2014) Big data integration theory: theory and methods of database mappings, programming languages, and semantics. Springer, Cham
Book Google Scholar
Nwankwo S (2014) Developing a Risk Assessment Methodology for Data Protection, IRI Blog https://blog.iri.uni-hannover.de/index.php/2014/12/17/developing-a-risk-assessment-methodology-for-data-protection/. Accessed May 10, 2019
Pearson S, Yee G (2013) (eds) Privacy and security for cloud computing, computer communications and networks series. Springer, London
Google Scholar
Radizeski P (2012) Sellecom 2: selling cloud services, Rad-Info, Inc. Lulu.com, p 22
Google Scholar
Rejas-Muslera R, Cuadraro-Gallego J, Rodriguez D (2007) Defining a legal risk management strategy: process, legal risk and lifecycle. In: Abrahamsson P et al (eds) Software process improvement, vol 2007. Lecture Notes in Computer Science, Programming and Software Engineering, Proceeding of the 14th European Software Process Improvement Conference, EuroSPI 2007, Potsdam, Germany, September. Springer, Berlin, pp 118–124
Chapter Google Scholar
Ridley E (2015) Big data and risk assessment. In: Kalyvas J, Overly M (eds) Big data: a business and legal guide. CRC Press, Boca Ratón, p 79
Chapter Google Scholar
Rosenberg J, Mateos A (2011) The cloud at your service: the when, how, and why of enterprise cloud computing. Manning Publications Co., Greenwich, p 1
Google Scholar
Sakr S, Gaber M (2014) (eds) Large scale and big data: processing and management. CRC Press, Boca Ratón
Google Scholar
Sangrasi A, Djemame K, Jokhio I (2012) Aggregating Node Level Risk Assessment in Grids Using an R-out-of-N Model. In: Chowdhry B et al (eds) Emerging trends and applications in information communication technologies: second international multi topic conference, IMTIC 2012, Jamshoro, Pakistan, March 2012, proceedings, communications in computer and information science, vol 281. Springer, Heidelberg, pp 445–452
Chapter Google Scholar
Shantz J (2005) Beyond risk and boredom: reflections on claudio ciborra and sociology. Eur J Inf Syst 14:510–514
Article Google Scholar
Sharif A, Basri S (2011) Software risk assessment: a review on small and medium software projects. In: Zain J, Mohd W, El-Qawasmeh E (eds) Software engineering and computer systems, Second International Conference ICSECS 2011, Kuantan, Pahang, Malaysia, June 2011, Proceedings Part 2. Springer, Heidelberg, p 222
Google Scholar
Smoot S, Tan N (2012) Private cloud computing: consolidation, virtualization, and service-oriented infrastructure. Elsevier, Waltham
Google Scholar
Stone R (2005) The modern law of contract, 6th edn. Cavendish Publishing, London, p 14
Google Scholar
Summer J, Ross T, Ababouchi L (2004) Application of risk assessment in the fish industry, FAO Fisheries Technical Paper No. 442, Part 1, p 6
Google Scholar
Sundara Rajan M (2011) Moral rights: principles, practice and new technology. Oxford University Press, Oxford, p 286
Google Scholar
Susskind R (1998) The future of law. Oxford University Press, Oxford, p 290
Google Scholar
Taubenberger S (2011) Problem analysis of traditional it-security risk assessment methods—an experience report from the insurance and auditing domain. In: Camensich J et al (eds) future challenges in security and privacy for academia and industry, 26th IFIP TC 11 international information security conference, SEC 2011, Lucerne Switzerland, June 2011, Proceedings. Springer, Heidelberg, p 260
Google Scholar
Teng F, Magoules F (2010) Future of grids resources management. In: Frederic Magoules (ed) Fundamentals of grid computing: theory, algorithms and technologies. Chapman and Hall (CRC Press), Boca Ratón, p 126
Google Scholar
Toosizadeh S, Farshchi R (2011) Ruled-based programming for building expert systems: how do you create an expert system? LAP Lambert Academic Publishing, s.l
Google Scholar
Vashist R (2015) Cloud Computing infrastructure for massive data: a gigantic task ahead. In: Hassanien A et al (eds) Big data in complex systems: challenges and opportunities, studies in big data, Vol 9. Springer, Cham, p 1
Google Scholar
Vraalsen F et al (2005) Specifying legal risk scenarios using the CORAS threat modeling language: experiences and the way forward. In: Herrmann P, Issarny V, Shiu S (eds) Trust management, third international conference, iTrust 2005, Paris, France, May 23–26, 2005. Proceedings, Series Vol 3477. Springer, Berlin, pp 45–60
Google Scholar
Wahlgren P (2007) Legislative Techniques, p. 91, In: Wintgens L (ed) Legislation in Context: Essays in Legisprudence, Applied Legal Philosophy. Ashgate Pub Co., Hampshire
Google Scholar
Williams P (2013) Information security governance: a risk assessment approach to health information systems protection. In: Hovenga E, Grain H (eds) Health information governance in a digital environment. IOS Press, Amsterdam, p 187
Google Scholar
Wright D, De Hert P (2012) (eds) Privacy impact assessment, law, governance and technology series, vol 6. Springer, Dordrecht
Google Scholar
Wu L et al (2013) Automated SLA negotiation framework for cloud computing. In: Cluster, cloud and grid computing (CCGrid), 2013 13th IEEE/ACM international symposium, May 2013, pp 235–244 https://ieeexplore.ieee.org/document/6546098. Accessed May 10, 2019

Download references

Author information

Authors and Affiliations

Centre for Advanced Studies in Biomedical Innovation Law (CeBIL), University of Copenhagen, Copenhagen, Denmark
Dr. Marcelo Corrales Compagnucci

Authors

Dr. Marcelo Corrales Compagnucci
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marcelo Corrales Compagnucci .

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Corrales Compagnucci, M. (2020). Towards a Legal Risk Assessment. In: Big Data, Databases and "Ownership" Rights in the Cloud. Perspectives in Law, Business and Innovation. Springer, Singapore. https://doi.org/10.1007/978-981-15-0349-8_9

Download citation

DOI: https://doi.org/10.1007/978-981-15-0349-8_9
Published: 03 November 2019
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0348-1
Online ISBN: 978-981-15-0349-8
eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics