Abstract:

The aim of the article is to analyze and evaluate risk management methodologies and tools in cloud environments, considering the requirements of the GDPR and the Cybersecurity Cloud Computing Standards (SCCO). The paper uses a mixed approach, including literature review, analysis of legal regulations, and empirical research (surveys, interviews) and case studies. The results indicate the dominance of ISO/IEC 27005, the widespread use of spreadsheets as a basic risk assessment tool, and moderate adoption of DevSecOps solutions and SIEM integration. Organizations declare an average level of compliance with SCCO and GDPR, which indicates the need for further automation and standardization of processes. The article contains practical recommendations and proposals for further research directions.