Security risk management on information systems provides security guarantees while controlling costs. But security risk assessments can be very complex, especially in a cloud context where data is distributed over multiple environments. To prevent costs from becoming the only cloud selection factor, while disregarding security, the authors propose a method for performing multiple cloud security risk assessments. In this paper, they present a broker framework for balancing costs against security risks. Their framework selects cloud offers and generates deployment-ready business processes in a multi-cloud environment.