The traditional risk assessment methods calculate the risk based on the risk likelihood and the risk impact, which are not suitable to be applied in cloud computing environments. Therefore, this study proposes a framework to assess information security risk by using international risk management standard with adoptions of a medical research design and method. The risk management standard is based on BS.ISO/IEC27005:2011, which consists of context establishment, risk identification, risk analysis, risk evaluation, risk treatment, monitoring and review, and communication and consultation. Adopting a retrospective cohort study and a method known as Cox Proportional Hazards (PH) Model under survival analysis method will be applied to identify potential information security threats in cloud computing environments. The survival analysis method is used to identify which factors have significant impact and predict the hazard probabilities for selected risk factors in medical field. The proposed framework will be used software as a service model of cloud computing. Therefore, the contribution of this research will be a framework for performing risk analysis studies to identify information security threats in cloud computing environment using medical research design and method.