Running head: CLOUD ARCHITECTURE RISK ASSESSMENT CLOUD ARCHITECTURE RISK ASSESSMENT Name of the student:Name of the university:Author note:
1CLOUD ARCHITECTURE RISK ASSESSMENT Executive summary:The cloud architecture has several primary and secondary assets which constitutes the overallarchitecture. The asset poses security threats for the network and the cloud system. The securityconcern can be network security, data security and overall system security due to data theft and illegalaccess of the customer database. In order to provide security assessment for the proposed architectural model the ISO 27001 model isrecommended. There are various benefits of using the ISO 27001 standards for the risk assessment. Theadvantages are the improved security measures, standard security report, identifications of flaws in thecloud system and standard security assessment which is independent and unbiased thus increasing thereliability of the assessment.In order to deal with the sensitive data of the customers, there are various legal constraintsimposed on the operations. These kind of legal constrains affect the business flow in various levels. Inorder to avoid the legal issues of dealing with the customer data, certifications for the security system isvery necessary. The certifications must be well recognized to increase the authenticity of the securitysystem and The ISO 27001 provides that necessary assurance of the security standards that assuresmooth business operation. It is important to have certified security hallmark for the security system. The prime benefit ofhaving a security system that has international certifications is that it increases the confidence of thecustomer in the system as well as in the organization. It assures the customers that the data they areproviding to the organization is safe and secure. It also reduces the necessity for conducting onsitesecurity audits that is not only lengthy but costly as well.
2CLOUD ARCHITECTURE RISK ASSESSMENT Table of ContentsExecutive summary:....................................................................................................................................1Introduction:...............................................................................................................................................3Risk Assessment:.........................................................................................................................................4Owner specification:...............................................................................................................................4Type of assets:.........................................................................................................................................5Threats for each asset:............................................................................................................................6Threats with cloud storage:................................................................................................................6Threats with virtual servers:...............................................................................................................6Threats with firewall:..........................................................................................................................6Threats with the intranet:...................................................................................................................6Threats with web and mail servers:....................................................................................................7Threats with the firmware and the admin and user pc:......................................................................7Vulnerabilities for each asset:.................................................................................................................8Level computation, using Boston gird:..................................................................................................10Impact table specification:....................................................................................................................11Risk identification with the risk level, using Boston grid:......................................................................12Reference:.................................................................................................................................................13
3CLOUD ARCHITECTURE RISK ASSESSMENT Introduction:The risk assessment of the proposed cloud architecture will be done using the ISO 27001standards. It is a standard method used for the security risk analysis and gives a clear overview of thesecurity related factors. There are various benefits of using the ISO 27001 standards for the riskassessment. The advantages are the improved security measures, standard security report, identificationsof flaws in the cloud system and standard security assessment (Alebrahim et al. 2015)The standard provides a systematic approach to examine the risk of the implemented informationsecurity system with a reference to the associated threats, vulnerabilities and impact of the threat that isunique to the organization (Kurnianto, Isnanto and Widodo 2018). Based on the analysis, it provides the most effective solutions to address those needs that willimprove the security of the system. It also provides the continuous assessments of security infrastructureto meet with issues related to the system infrastructure. The ISO 27001 is well a well recognized international standard for security assessment thatfollows the criteria mentioned above. The certification, being independent and unbiased increases theauthenticity. The certification provides a systematic and scientific overview of the existing informationsecurity practices (Hoy and Foley 2015). The assessment report first discuses about the owner specifications that basically describes aboutthe hardware and software specifications used for the cloud system design. The threats associated witheach asset have also been discussed in the report. The Vulnerabilities associated with those assets has alsobeen highlighted with official CVE number. The Boston grid method has been used to compute the risklevel. The impact table specification has been provided in the report. With the help of the Boston grid therisk associated with the project has been identified with the appropriate risk level. The report concludeswith the overall findings of the report with a justification for the chosen security measure.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Cloud Architecture Risk Assessment - ISO 27001 Standardslg...
|15
|3032
|114
Risk Assessment on Network Infrastructure of CONVXYZlg...
|27
|3351
|91
Cloud Architecture Risk Assessmentlg...
|19
|3285
|104
Information Security Management for CloudXYZ: Risk Assessment and Mitigationlg...
|18
|3419
|275
Risk Assessment for CloudXYZ Company using ISO/IEC 27001 Management of Information Securitylg...
|15
|3591
|117
Network Management Security: Vulnerability and Threat Assessmentlg...