ASSIGNMENT 03 – RISK MANAGEMENT AND SECURITY Student ID: 11580509 Student Name: Sethupathi Dyanprasad E-mail: s.dyanprasad@yahoo.com EXECUTIVE SUMMERY The first part discusses about the suitable delivery and deployment model for the project at hand. A suitable model out of Public or Private or Hybrid model is chosen. Also which out of Iaas,PaaS and SaaS is most suitable for the setup is discussed. The second part deals with the Risk Assessment for the models chosen. The Risk Assessment considers the Risks, Impact the risks can cause, the likelihood the risk can occur, and prevention and contingency plans for the risks. The third part discusses the security factors in cloud computing and how they can be related to this …show more content…
The major risks involved in this migration are discussed in the following. Governance: The vendor requires a third party control over the chosen cloud provider during any issues, which affects the data security. The local system administrator will have little control over the administration, leading to slow recovery and longer downtime. Lock In: The service provider has certain constrains and limits to the services they provide. So immediate modification and customizations to the system can be complicated. Isolation Failure: Shared resources and multi tenancy is a feature in cloud computing. Therefore, failure in quick access memory, storage issues or application latency between users might be common if the system does not have the capacity to support all users.. Compliance Risks: Each company maintains a different set of compliance levels. Therefore, if the entire system is migrated to the cloud, and the company cannot audit the compliance level of the service provider, it might be risky. Management Interface Compromise: Remote access and background processing can put the users’ credentials at risk.. Data Protection: This is by far the main risk involved. Most service providers do not have a clear stand on how the data protection service is carried out. Most of them outsource these services to third parties and unknown locations. It can be a risk if the user is not clear on how the service provider carries this process. Malicious Insider: Hacking and
Servers have better control access and resources to ensure that only authorized clients can access or manipulate data and server updates are administered effectively.
Especially in the public cloud and other deployment models user can choose the different models but the privacy and accountability in the public cloud are not related to cloud service provider and it is causing problems to the organizations.
This case gives us a fundamental understanding of the concept of cloud computing and presents the advantages and issues of this IT infrastructure. This case gives a clear vision of the company’s current situation. Three main questions to consider
Majority of organizations migrate to cloud because it is very easy to deploy, cost efficient and readily available throughout an entity. It may result in cloud environments being applied with low involvement or minimal control by entity's IT department and thus may
Organizations use the Cloud in a variety of different service models (SaaS, PaaS, IaaS) and deployment models (Private, Public, Hybrid). There are a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers (organizations providing software-, platform-, or infrastructure-as-a-service via the cloud) and security issues faced by their customers.In most cases, the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information.
Also reliability is essential and any potential cloud provider would need to ensure they had distributed systems to ensure if a server failure occurred our company would not come to a standstill. Some vendors do allow options to export data and back this up, however if we were to store the data on our own servers also, this would minimise the actual cost savings and almost nullify the need for cloud computing.
To overcome the above issues, use a hybrid cloud infrastructure [2]. It combines public cloud, private cloud and dedicated servers (Figure 1), which works in one platform. It satisfies the purpose of different businesses.
Influencing issues are a variable in the second step, such as; age, gender, routines, the amount they are exposed, and the volume that they are exposed. “A dose-response relationship describes how the possibility and severity of adverse health effects are related to the amount and condition of exposure to an agent” (EPA, 2012, p.1). The third step is the exposure assessment. “Exposure assessment is the process wherein the intensity, frequency, and duration of human exposure to an agent are estimated” (Paustenbach, 2002, p.1). Last, the final step is the risk characterization. The hazardous effect on health is labeled in the final phase. By calculation and educated guesses, the incidence of a health effect under the various conditions of human or animal exposure described in the exposure assessment is defined.
b. Risk Assessment – an examination and determination of the kind and magnitude of a hazard caused by an agent, where a particular group of receptors have been or may be exposed to the agent, and the present or potential future health risk that exists due to the agent. It is the combination of exposure assessment, health, and environmental effect data to estimate risks to human or environmental target organisms that may result from exposure to various hazardous substances.
Prepare the Scope and Objectives of the Risk Management Process section of the Risk Management Plan based on the facts presented in the case study
The first scenario that will be examined is looking at Cloud Computing from the perspective of security. Many small and medium sized businesses utilize the internet and Cloud Computing to conduct business and transfer money from system to system as well as report on financial accounting data. With that being the case, it is crucial that whatever system the business is working with pays very close attention to security needs to ensure that this data is protected from unauthorized sources viewing or manipulating it.
1. Are the security arrangements for data and applications stored in the cloud the responsibility of the user or the vendor?
Proper survey and the complete scenario is taken into consideration about risks in the organization which enables the proper risk assessment. Potential of each threat or risk is evaluated and graded in order to reduce the impact of the risks or reduced the probability of its occurrence.
In this article, we discuss about the different cloud types and models, threats and vulnerabilities of cloud, and how to manage them. The main aim of this literature review is to identify the weak points in cloud computing, minimize the threats and improve the security system. We will also discuss two of the main concepts of cloud – virtualization and multi-tenancy (Mishra, Mathur, Jain, & Rathore, 2013). A brief analysis of each of the threat and security measure is described in the literature review.
Concept of risk, risk assessment, risk management and how uncertainty affects the process will be discussed.