A risk assessment model for selecting cloud service providers

Journal of Cloud Computing

Advances, Systems and Applications

Table 6 Mapping r _mk of CAIQ questions to ENISA vulnerabilities (excerpt)

Control group	Vulnerabilities mitigated
Audit Planning CO-01	V02, V03, V13, V14, V16, V23, V25, V26, V27, V29, V33, V35, V50
Independent Audits CO-02	V02, V03, V13, V14, V16, V23, V25, V26, V27, V29, V33, V35, V50
Third Party Audits CO-03	V02, V03, V13, V14, V16, V23, V25, V26, V27, V29, V33, V35, V50
Contact/Authority Maintenance CO-04	V14, V21, V29, V30
Information System Regulatory Mapping CO-05	V07, V08, V09, V10
Intellectual Property CO-06	V34, V31, V35, V44
Intellectual Property CO-07	V34, V31, V35, V44
Intellectual Property CO-08	V34, V31, V35, V44