logo

Information Security Management for CloudXYZ: Risk Assessment and Mitigation

This assignment requires students to plan, conduct and document a risk assessment based on a given scenario, using applicable standards and methods for information security and risk management. Students are also required to find and evaluate appropriate published information to remain up-to-date about threats, vulnerabilities and patches.

18 Pages3419 Words275 Views
   

Added on  2023-06-13

About This Document

This report focuses on the development of a security system for Cloud XYZ, UK, for securing the storage and virtual service for customers connected with the organization. It includes risk assessment, owner specification, assets, threats, vulnerability, risk likelihood, and impact table.

Information Security Management for CloudXYZ: Risk Assessment and Mitigation

This assignment requires students to plan, conduct and document a risk assessment based on a given scenario, using applicable standards and methods for information security and risk management. Students are also required to find and evaluate appropriate published information to remain up-to-date about threats, vulnerabilities and patches.

   Added on 2023-06-13

ShareRelated Documents
Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author’s Note
Information Security Management for CloudXYZ: Risk Assessment and Mitigation_1
1
INFORMATION SECURITY MANAGEMENT
Abstract
The report is prepared for the development of the security system for the Cloud XYZ, UK for securing
the storage and the virtual service for the customer connected with the organization. The loss of the
organization should be mitigated with the prevention of the malfunction and modification of the
data for prevention of the illegal user to access the resources of the organization. The personnel
responsible with the risk should be identified for the identification of the roles and responsibility for
the assessment of the risk. The network diagram of the organization is used for the analysis of the
risk and vulnerability such that the risk can be mitigated for the improvement of the security of the
current network framework. The security of the server and the demilitarized zone is analysed for
protecting the resources of the organization. The network resources are categorized as primary and
secondary assets and the threats for each of the asset are analysed for the identification of its
impact on the security of the organizational network.
Information Security Management for CloudXYZ: Risk Assessment and Mitigation_2
2
INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction...........................................................................................................................................3
Risk Assessment....................................................................................................................................4
Owner Specification...........................................................................................................................5
Assets................................................................................................................................................6
Threats for each assets......................................................................................................................8
Vulnerability for each assets............................................................................................................11
Risk Likelihood.................................................................................................................................12
Risk Impact table.............................................................................................................................12
Risk Identification with level............................................................................................................13
Summary and Recommendations........................................................................................................15
Bibliography.........................................................................................................................................16
Information Security Management for CloudXYZ: Risk Assessment and Mitigation_3
3
INFORMATION SECURITY MANAGEMENT
Introduction
There are different ISO standards that are used as a baseline for the security of the
information in an organization. The ISO standards is used for avoiding breaches in the network,
reassuring the customers, gaining an edge and access new market opportunities. It is internationally
recognized and applied for management of the safety practices and used as a systematic approach
for increasing reliability and enforcement of the security controls. There are different standards of
IOS such as ISO/IEC 17025, ISO 9001, ISO/IEC 27001 and ISO 50001. The standards are used for
different purpose such as ISO/IEC 17025 is used for testing and calibration, ISO 9001 is used for
management of the quality, ISO/IEC 27001 is used for management of the information security and
ISO 50001 is used for the management of energy.
Thus for the analysis of the security of the CloudXYZ ISO/IEC 27001 is applied and it helps the
organization to securely store the information. The use if the ISO standard helps in increase the
security of the data residing in the cloud platform. For the development of the network framework
an authentication server should be used for permitting the user to connect with the database. The
user needs to authenticate with the system for the management of the virtual server and ISO/IEC
27001 is used for the identification of the potential risk associated with the system. The privacy
policy is assessed and the risk associated with it is eliminated for meeting the standard of the
information security management. For analysis of the risk the following steps are performed and are
given below:
Step#1: Analysis of the risk associated with the system
Step#2: Evaluation of the risk management system
Step#3: Selection of the risk management methodology
Step#4: Implementation of the risk management strategy and techniques
Step#5: Monitoring the current system and eliminate the errors for reducing the risk
Information Security Management for CloudXYZ: Risk Assessment and Mitigation_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Risk Assessment for CloudXYZ Company using ISO/IEC 27001 Management of Information Security
|15
|3591
|117

Cloud Architecture Risk Assignment PDF
|15
|2969
|384

Cloud Architecture Risk Assessment - ISO 27001 Standards
|15
|3032
|114

Risk Assessment on Network Infrastructure of CONVXYZ
|27
|3351
|91

ISO/IEC 27001 Cybersecurity Framework for Riot Games, Inc. 1.
|2
|406
|70

Information Systems Risk Management - PDF
|8
|2075
|102