Emerging of cloud computing with flexibility, improve accessing data, and cost-saving makes this technology accessible and growing fast. As a result of the emergence of cloud computing bring interest to industries to used cloud computing. Although cloud computing brings so many benefits to customers, the previous study reveals that cloud computing penetration in the Healthcare area is still low. With effective cloud risk assessment methodology will gain the confidence to cloud users in this technology. Study in cloud risk assessment methodology still infant and the complexity in identifying security risk still debating. This paper explores the risk assessment process by highlighting the method in the risk evaluation process. Risk evaluation is an essential phase in the risk assessment process. It compares the result from the risk analysis process and determines whether to accept or tolerate the risk criteria to decide on the risk analysis. In this study, the Nominal Group Technique (NGT) is introduced to compare risk analysis results in the earlier phase. Since risk evaluation based on organizational objectives, external and internal context and stakeholders' views, NGT is promising for effective results. This study not only contributing to the prioritizing list of risks and threats in a systematical manner but indirectly NGT process makes stakeholders aware of the current cloud security risk situation in the organization. Equal opportunity expressing views in this focus group discussion is hope can generate a brilliant solution in risk assessment results.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.