Security issues are still preventing wider adoption of cloud computing, especially for businesses which are handling sensitive information. Indeed, by outsourcing its information system (IS), a company can lose control over its infrastructure, its software or even its data. Therefore, new methods and tools need to be defined to respond to this challenge. In this paper we propose to integrate Security Risk Management approaches into Business Process Management to effectively treat security issues at the early phases of the Information System construction. We focus on cloud brokers, emerging actors of the cloud delivery model, who enhance and aggregate existing cloud services to match them with their cloud consumers' requirements. Our main goal is to provide them with tools and techniques to increase the global security level of an IS through different risk treatment strategies.