P. Mell and T. Grance, The NIST Definition of Cloud Computing. NIST SP, pp.800-145, 2011.

D. Catteddu and G. Hogben, Cloud Computing: Benefits, Risks and Recommendations for Information Security, ENISA, 2009.
DOI : 10.1007/978-3-642-16120-9_9

T. Grance and W. Jansen, Guidelines on Security and Privacy in Public Cloud Computing, NIST SP, pp.800-144, 2011.

M. Theoharidou, A. Mylonas, and D. Gritzalis, A Risk Assessment Method for Smartphones, Proc. of the 27 th IFIP International Information Security and Privacy Conference, pp.428-440, 2012.
DOI : 10.1007/978-3-642-30436-1_36

A. Mylonas, A. Kastania, and D. Gritzalis, Delegate the smartphone user? Security awareness in smartphone platforms, Computers & Security, vol.34, issue.3, pp.xx-xx, 2013.
DOI : 10.1016/j.cose.2012.11.004

K. Dahbur, B. Mohammad, and A. B. Tarakji, A survey of risks, threats and vulnerabilities in cloud computing, Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications, ISWSA '11, pp.1-6, 2011.
DOI : 10.1145/1980822.1980834

B. Chhabra and B. Taneja, ???Cloud Computing: Towards Risk Assessment???, CCIS 169, pp.84-91, 2011.
DOI : 10.1016/j.future.2008.12.001

M. Carroll, A. Van-der-merwe, and P. Kotze, Secure cloud computing: Benefits, risks and controls, 2011 Information Security for South Africa, 2011.
DOI : 10.1109/ISSA.2011.6027519

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.232.2868

Z. Xiao and Y. Xiao, Security and Privacy in Cloud Computing, IEEE Communications Surveys & Tutorials, vol.15, issue.2, 2013.
DOI : 10.1109/SURV.2012.060912.00182

H. Y. Tsai, M. Siebenhaar, A. Miede, Y. Huang, and R. Steinmetz, Threat as a Service?: Virtualization's Impact on Cloud Security, IT Professional, vol.14, issue.1, pp.32-37, 2012.
DOI : 10.1109/MITP.2011.117

X. Luo, L. Yang, L. Ma, S. Chu, and H. Dai, Virtualization Security Risks and Solutions of Cloud Computing via Divide-Conquer Strategy, 2011 Third International Conference on Multimedia Information Networking and Security, pp.637-641, 2011.
DOI : 10.1109/MINES.2011.54

M. Srinivasan, K. Sarukesi, P. Rodrigues, S. Manoj, and A. Revathy, State-of-the-art cloud computing security taxonomies, Proceedings of the International Conference on Advances in Computing, Communications and Informatics, ICACCI '12, pp.470-476, 2012.
DOI : 10.1145/2345396.2345474

I. Iec, Information technology -Security techniques -Information security risk management, ISO/IEC27005:2011, 2011.

. Cloud-security-alliance, Security Guidance for Critical Areas of Focus in Cloud Computing

H. Wang, F. Liu, and H. Liu, A Method of the Cloud Computing Security Management Risk Assessment, Zeng (Ed.) Advances in Computer Science and Engineering, AISC 141, pp.609-618, 2012.
DOI : 10.1007/978-3-642-27948-5_81

B. Martens and F. Teuteberg, Decision-making in cloud computing environments: A cost and risk based approach. Information System Frontiers, pp.871-893, 2012.

M. Kantarcioglu, A. Bensoussan, and H. Singru, Impact of security risks on cloud computing adoption, 2011 49th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp.670-674, 2011.
DOI : 10.1109/Allerton.2011.6120232

B. Johnson and Y. Qu, A Holistic Model for Making Cloud Migration Decision: A Consideration of Security, Architecture and Business Economics, 2012 IEEE 10th International Symposium on Parallel and Distributed Processing with Applications, pp.435-441, 2012.
DOI : 10.1109/ISPA.2012.63

J. Morin, J. Aubert, and B. Gateau, Towards Cloud Computing SLA Risk Management: Issues and Challenges, 2012 45th Hawaii International Conference on System Sciences, pp.5509-5514, 2012.
DOI : 10.1109/HICSS.2012.602

URL : http://archive-ouverte.unige.ch/unige:23364

B. Kaliski and W. Pauley, Toward risk assessment as a service in cloud environments, Proc. of the 2 nd USENIX Conference on Hot Topics in Cloud Computing, 2010.

S. Mazur, E. Blasch, Y. Chen, and V. Skormin, Mitigating Cloud Computing security risks using a self-monitoring defensive scheme, Proceedings of the 2011 IEEE National Aerospace and Electronics Conference (NAECON), pp.39-45, 2011.
DOI : 10.1109/NAECON.2011.6183074

URL : http://www.dtic.mil/get-tr-doc/pdf?AD=ADA556175

X. Zhang, N. Wuwong, H. Li, and X. Zhang, Information Security Risk Management Framework for the Cloud Computing Environments, 2010 10th IEEE International Conference on Computer and Information Technology, pp.1328-1334, 2010.
DOI : 10.1109/CIT.2010.501

P. Saripalli and B. Walters, QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security, 2010 IEEE 3rd International Conference on Cloud Computing, pp.280-288, 2010.
DOI : 10.1109/CLOUD.2010.22

P. Wang, W. Lin, P. Kuo, H. Lin, and T. Wang, Threat risk analysis for cloud security based on Attack-Defense Trees, Proc. of the 8 th International Conference on Computing Technology & Information Management, pp.106-111, 2012.

M. Hussain and H. Abdulsalam, SECaaS, Proceedings of the Second Kuwait Conference on e-Services and e-Systems, KCESS '11, pp.1-4, 2011.
DOI : 10.1145/2107556.2107564

H. Al-aqrabi, L. Liu, J. Xu, R. Hill, N. Antonopoulos et al., Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing, 2012 IEEE 15th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops, pp.124-129, 2012.
DOI : 10.1109/ISORCW.2012.31

S. Dritsas, B. Tsoumas, V. Dritsou, P. Konstantopoulos, and D. Gritzalis, OntoSPIT: SPIT management through ontologies, Computer Communications, vol.32, issue.1, pp.203-212, 2009.
DOI : 10.1016/j.comcom.2008.10.004

M. Theoharidou and D. Gritzalis, Common Body of Knowledge for Information Security, IEEE Security and Privacy Magazine, vol.5, issue.2, pp.64-67, 2007.
DOI : 10.1109/MSP.2007.32

P. Kotzanikolaou, M. Theoharidou, and D. Gritzalis, Assessing n-order dependencies between critical infrastructures, International Journal of Critical Infrastructures, vol.9, issue.1/2, pp.93-110, 2013.
DOI : 10.1504/IJCIS.2013.051606

M. Theoharidou, P. Kotzanikolaou, and D. Gritzalis, Risk assessment methodology for interdependent critical infrastructures, International Journal of Risk Assessment and Management, vol.15, issue.2/3, pp.128-148, 2011.
DOI : 10.1504/IJRAM.2011.042113

M. Theoharidou, P. Kotzanikolaou, and D. Gritzalis, A multi-layer Criticality Assessment methodology based on interdependencies, Computers & Security, vol.29, issue.6, pp.643-658, 2010.
DOI : 10.1016/j.cose.2010.02.003

P. Kotzanikolaou, M. Theoharidou, and D. Gritzalis, Cascading Effects of Common-Cause Failures in Critical Infrastructures, Proc. of the 7 th IFIP International Conference on Critical Infrastructure Protection, 2013.
DOI : 10.1007/978-3-642-45330-4_12

URL : https://hal.archives-ouvertes.fr/hal-01456884

S. Dritsas, J. Mallios, M. Theoharidou, G. Marias, and D. Gritzalis, Threat Analysis of the Session Initiation Protocol Regarding Spam, 2007 IEEE International Performance, Computing, and Communications Conference, pp.426-433, 2007.
DOI : 10.1109/PCCC.2007.358923