Risk Assessment Report for Cloud-Centum
This assignment requires you to plan, conduct and document a risk assessment based on a given scenario.
13 Pages3442 Words497 Views
Added on 2023-06-14
About This Document
This report analyzes the network system of Cloud-Centum, a cloud service provider organization, and provides a detailed risk assessment report. It includes methods of risk assessment, proposed model, advantages of risk assessment, determining risk, owner specification, threats, vulnerabilities, and risk assessment.
Risk Assessment Report for Cloud-Centum
This assignment requires you to plan, conduct and document a risk assessment based on a given scenario.
Added on 2023-06-14
ShareRelated Documents
Risk assessment report
Contents
Introduction.................................................................................................................................................1
Risk assessment methods........................................................................................................................1
Proposed Model......................................................................................................................................2
Advantages of risk assessment................................................................................................................2
Risk Assessment..........................................................................................................................................2
Determining risk..........................................................................................................................................3
Owner specification.....................................................................................................................................4
Threats........................................................................................................................................................6
Vulnerabilities..............................................................................................................................................7
Risk Assessment..........................................................................................................................................9
Risk identification........................................................................................................................................9
Benefits:....................................................................................................................................................10
Preventive measures.................................................................................................................................10
Summary...................................................................................................................................................11
Recommendation......................................................................................................................................11
References.................................................................................................................................................11
Introduction
In recent years the cloud computing became an integral part of any organization, May it belongs to any
business field including manufacturing, banking, education system, hospitals or government sector. All
these organizations maintain a basic infrastructure which consists of hardware, software and networking
equipment. The objective of this document is to analyze the network system of a cloud service provider
organization named Cloud-Centum. The company provides various cloud services such as storage, virtual
services for individual clients and for other organizations as well. The main output of this assessment is a
detailed risk assessment report.
According to ENISA, to analyze the risk assessment in a cloud computing environment, a use case must
be used and the goal should be identify and represent all the risks is a structured presentable format in a
table which includes the likelihood of risks, impact level and the references all possible vulnerabilities.
Risk assessment methods
To assess the risk in a cloud computing environment, following methods can be used:
1
Introduction.................................................................................................................................................1
Risk assessment methods........................................................................................................................1
Proposed Model......................................................................................................................................2
Advantages of risk assessment................................................................................................................2
Risk Assessment..........................................................................................................................................2
Determining risk..........................................................................................................................................3
Owner specification.....................................................................................................................................4
Threats........................................................................................................................................................6
Vulnerabilities..............................................................................................................................................7
Risk Assessment..........................................................................................................................................9
Risk identification........................................................................................................................................9
Benefits:....................................................................................................................................................10
Preventive measures.................................................................................................................................10
Summary...................................................................................................................................................11
Recommendation......................................................................................................................................11
References.................................................................................................................................................11
Introduction
In recent years the cloud computing became an integral part of any organization, May it belongs to any
business field including manufacturing, banking, education system, hospitals or government sector. All
these organizations maintain a basic infrastructure which consists of hardware, software and networking
equipment. The objective of this document is to analyze the network system of a cloud service provider
organization named Cloud-Centum. The company provides various cloud services such as storage, virtual
services for individual clients and for other organizations as well. The main output of this assessment is a
detailed risk assessment report.
According to ENISA, to analyze the risk assessment in a cloud computing environment, a use case must
be used and the goal should be identify and represent all the risks is a structured presentable format in a
table which includes the likelihood of risks, impact level and the references all possible vulnerabilities.
Risk assessment methods
To assess the risk in a cloud computing environment, following methods can be used:
1
What-if analysis: It is a type of brainstorming technique, in which the probability of threats and
vulnerabilities are identified and what would go wrong, if it would happen should also be find
out.
Checklist: The known threats or problems must be listed and verified. In this method, the quality
assessment will depend on the checklist.
Combination of what-if and checklist: In this method above both methods can be used in a
suitable combination. This is the most creative approach of risk assessment.
Hazard and operability study (HAZOP): It is a more detailed process of risk assessment. It needed
a strong leadership. It is time consuming and costly also.
Failure mode and effect analysis (FMEA): In this method of risk assessment, we can start from
any selected system and then thoroughly analyze each part of the system.
Fault tree analysis: In this method, we can start from a potentially affected event and then
analyze every possible cause behind it.
To maintain the security goal of the company, this report is being used to analyze the whole existing
architecture which is provided by the team of the organization. The outcome of this document is the
detailed risk assessment report.
Proposed Model
To accomplish the task, we will use the combination of checklist and security matrix assessment method
in this report. We will focus on all the possible threats and vulnerability and represent it in form of
matrix.
Advantages of risk assessment
The main benefits of risk assessment includes:
Minimized Cost
Enhanced scalability
Continuation plan in business
Collaboration
Flexible services
Timely automated updates
Risk Assessment
According to given infrastructure layout of company, the assessment of risk must be strongly adhere on
the ISO standards. Risk is unavoidable part for a cloud service provider organization as the data is
tremendously increasing day by day and it is important to identify the threats and vulnerabilities for any
company to maintain its goodwill in IT world (Vohradsky, 2017). According to ISO 31000, the risk
assessment must be based on governance policies, management reporting policies and planning of
analyzing mitigate risks. Risk assessment in a specific cloud service infrastructure is simple on one hand
but challenging on the other hand as, the security related business decisions are based on the
assessment of severity of business risk and the economical expenses which might be done to mitigate
2
vulnerabilities are identified and what would go wrong, if it would happen should also be find
out.
Checklist: The known threats or problems must be listed and verified. In this method, the quality
assessment will depend on the checklist.
Combination of what-if and checklist: In this method above both methods can be used in a
suitable combination. This is the most creative approach of risk assessment.
Hazard and operability study (HAZOP): It is a more detailed process of risk assessment. It needed
a strong leadership. It is time consuming and costly also.
Failure mode and effect analysis (FMEA): In this method of risk assessment, we can start from
any selected system and then thoroughly analyze each part of the system.
Fault tree analysis: In this method, we can start from a potentially affected event and then
analyze every possible cause behind it.
To maintain the security goal of the company, this report is being used to analyze the whole existing
architecture which is provided by the team of the organization. The outcome of this document is the
detailed risk assessment report.
Proposed Model
To accomplish the task, we will use the combination of checklist and security matrix assessment method
in this report. We will focus on all the possible threats and vulnerability and represent it in form of
matrix.
Advantages of risk assessment
The main benefits of risk assessment includes:
Minimized Cost
Enhanced scalability
Continuation plan in business
Collaboration
Flexible services
Timely automated updates
Risk Assessment
According to given infrastructure layout of company, the assessment of risk must be strongly adhere on
the ISO standards. Risk is unavoidable part for a cloud service provider organization as the data is
tremendously increasing day by day and it is important to identify the threats and vulnerabilities for any
company to maintain its goodwill in IT world (Vohradsky, 2017). According to ISO 31000, the risk
assessment must be based on governance policies, management reporting policies and planning of
analyzing mitigate risks. Risk assessment in a specific cloud service infrastructure is simple on one hand
but challenging on the other hand as, the security related business decisions are based on the
assessment of severity of business risk and the economical expenses which might be done to mitigate
2
the risk factors (Smith, 2014). It includes the cost of hardware, software and expert manpower to
implement the security against risk.
Risk/cost optimization in risk assessment
Determining risk
There are number of methodologies available to determine the risk, and follows the same cycle to carry
the process (Fan, 2012). We are following the strategy of NIST (National institute of standards in
Technology) risk assessment. It was described in SP80030 NIST SP 80039. According to ISO, the security
risks are prone to exploit vulnerabilities of the assets of an organization. As per the NIST’s risk
assessment method, the steps included in the process of risk analysis are:
Characterization of System
Identification of Threats
Identification of Vulnerabilities
Controlled analysis
Likelihood probability
Analyze the impacts
Determine the risks
Recommended measures to control
Activities as per NIST SP880030 regarding Risk assessment
3
implement the security against risk.
Risk/cost optimization in risk assessment
Determining risk
There are number of methodologies available to determine the risk, and follows the same cycle to carry
the process (Fan, 2012). We are following the strategy of NIST (National institute of standards in
Technology) risk assessment. It was described in SP80030 NIST SP 80039. According to ISO, the security
risks are prone to exploit vulnerabilities of the assets of an organization. As per the NIST’s risk
assessment method, the steps included in the process of risk analysis are:
Characterization of System
Identification of Threats
Identification of Vulnerabilities
Controlled analysis
Likelihood probability
Analyze the impacts
Determine the risks
Recommended measures to control
Activities as per NIST SP880030 regarding Risk assessment
3
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Risk Assessment for CloudXYZ Security Network Architecturelg...
|15
|2929
|491
Risk Management in Emirates: Cloud Computing Risks and Recommendationslg...
|15
|3373
|378
Assignment on Information Security Cloud Computinglg...
|8
|2070
|158
IT Risk Managementlg...
|13
|3585
|456
Information Security Managementlg...
|9
|2997
|41
Paper on Risk Assessment Methodologieslg...
|6
|995
|206