Risk Management in Cloud Environments: Methodology and Tools

The aim of this article is to identify and evaluate methodologies and tools supporting risk management in cloud environments, with particular emphasis on compliance with GDPR and SCCO. The study employed a mixed-methods approach, combining a literature review, legal analysis, surveys and interviews with 42 representatives from universities, public institutions, and the private sector, and case studies. Quantitative data were analyzed using descriptive statistics and correlation analysis, while qualitative data were examined through thematic analysis. The findings show the dominance of ISO/IEC 27005 (45%), limited adoption of OCTAVE (25%) and MEHARI (20%), and widespread use of spreadsheets (50%) as risk assessment tools. Advanced solutions such as DevSecOps (30%) and SIEM integration (25%) are implemented by a minority of organizations. Compliance levels are moderate: SCCO (70%) and GDPR (75%). Systematic risk management approaches significantly improve operational resilience and regulatory compliance. Organizations should prioritize automation, integration of tools with security systems, and training focused on SCCO and GDPR. Future research should evaluate tool effectiveness across sectors and explore the role of artificial intelligence in automating security processes.