BA07 Poor Information Security Processes
| Context | Compliance manager works with cloud application |
| Problem | Poor information security processes of cloud provider (design, implementation and operations) |
| Solution | |
| References | OI-2: Poor information security processes operated by the cloud infrastructure provider [SECCRIT]; OI-3: Inadequate incident-response management processes by the cloud infrastructure provider [SECCRIT]; R.3: Compliance challenges [ENISA] |
| Type | ns:type_ThreatPattern |
| Victim | su:comp_CloudApplication |
| Aggressor | su:comp_ComplianceManager |
| Aggr. role | ns:role_Client |
| STRIDE | |
| Threat |