Cloud computing has become today's most common technology buzzword. Despite the promises of cloud computing to decrease computing implementation costs and deliver computing as a service, which allows clients to pay only for what they need and use, cloud computing also raises many security concerns. Most popular risk assessment standards, such as ISO27005, NIST SP800-30, and AS/NZS 4360, assume that an organization's assets are fully managed by the organization itself and that all security management processes are imposed by the organization. These assumptions, however, do not apply to cloud computing environments. Hence, this paper proposes a security risk assessment framework that can enable cloud service providers to assess security risks in the cloud computing environment and allow cloud clients to contribute in risk assessment. The proposed framework provides a more realistic and accurate risk assessment outcome by considering the cloud clients' evaluation of security risk factors and avoiding the complexity that can result from the involvement of clients in whole risk assessment process.

The term "Cloud Computing" has become very common in our daily life. Cloud computing has emerged with promises to decrease the cost of computing implementation and deliver the computing as service, where the clients pay only for what he needed and used. However, due to the new structure of the cloud computing model, several security concerns have been raised and many other security threats have been needed to be reevaluated according to the cloud structure. Besides, the traditional security risk assessment methods become unfit for cloud computing model due to its new distinguished characteristics. In this paper, we analysis the traditional information security risk assessment methods' ability to assess the security risks in cloud computing environments.