IT Risk Assessment Aztek | Report
24 Pages6053 Words130 Views
Added on 2020-04-01
IT Risk Assessment Aztek | Report
Added on 2020-04-01
ShareRelated Documents
Running head: IT RISK ASSESSMENT (AZTEK)IT Risk Assessment (Aztek)Name of the StudentName of the UniversityAuthor Note
1IT RISK ASSESSMENT AZTEKExecutive summaryThe purpose of this report is to explain the issues that are related to the data and informationsecurity and provide a risk assessment report for the Aztec organization in manner to assess theissues. The main focus of this report is to provide assistance on the threats and issues that couldbe raised due to the cloud adoption in an Australian finance industry. This report put emphasison the Australian policy and their compliance with the organizational policy the agreement thatis about to made between the cloud service provider and the consumer. Several threats and issuesshould be considered by both the service provider and the service consumer in manner toenhance the information security. In the following report the three controls and six P’s of theinformation security system has been also introduced in manner to enhance the data security ofthe information. A risk severity matrix has also been proposed in this report that is based on therating provided to the threats, and vulnerabilities table. This report provides all the necessaryinformation that is needed to assess the issues that could raised due to the implementation ofCloud Computing within the system of the organization.
2IT RISK ASSESSMENT AZTEKTable of ContentsIntroduction......................................................................................................................................3Cloud Computing............................................................................................................................4Industry Regulation or Compliance.................................................................................................5Security Posture...............................................................................................................................7Six P’s of Information Security Management.............................................................................7Planning...................................................................................................................................7Policy.......................................................................................................................................7Programs..................................................................................................................................8Protection.................................................................................................................................8People......................................................................................................................................9Project Management................................................................................................................9Operational Categories................................................................................................................9Management controls.............................................................................................................10Operational Controls..............................................................................................................11Technical Controls.................................................................................................................11Threats, Vulnerabilities and Consequences Assessment 2461......................................................12Risk Severity Matrix..................................................................................................................16Data Security Issues.......................................................................................................................16Measures to Mitigate Data Security Issues................................................................................18Conclusion.....................................................................................................................................19
3IT RISK ASSESSMENT AZTEKIntroductionWorld is moving towards becoming completely digital world and Cloud Computing ismaking big contribution in this transformation. Everyone is connected to the internet and isbecoming the integral part of the life for every individual or the organization. Cloud Computingalso works through connecting to the internet network and helping in promoting the industries tobe more efficient in calculation and improving the business. Rapid rise in technology usage hasled to the necessity of any third party to be involved into the system for managing those data andinformation related to the operational activities, information about the employees and thecustomers, and transactional matters data etc. This implementation set free the organization fromthe burden of managing the information and data. This makes the organization to be completelyrelied on the third party and if any error or misplace happens there is one to be blamed for themistake and the organization can look after other serious concerns.Cloud Computing is improving the way of working for the financial industries however,still there are certain industries lacking behind in adopting Cloud Computing services. More than80% of the financial industries have already adopted Cloud Computing however, it can be saidthat most them are still not aware of the services that Cloud Computing can offer. Based on thesurvey made by () There are around 50% of the Australian finance industries that are usinghybrid Cloud Computing service that can be stated as the hybrid of the public Cloud and privateCloud services that will be discussed later in this report. Whereas, 40% of the industries amongthe financial industries with Cloud Computing services system have in-house IT infrastructurefor managing the information and data related to the operational activities.
4IT RISK ASSESSMENT AZTEKThis report focuses on the assessment of the risks that could be raised during and/or afterthe implementation of the Cloud Computing within the Aztek that is an Australian financeindustry. This report also emphasis on the regulations and policy introduced by the AustralianGovernment that could be incorporated and considered while making the agreement with avendor or any third party for the Cloud services. Compliance of the policy related to theorganization, government , and service provider all should be on the same track in manner tomake the agreement legally approved and be secured from any law allegations that could hamperthe reputation of any organization. However, despite of all the advantages and benefits, there arecertain risks to the information security in this implementation that cannot be neglected. Datasecurity should be the prior concern for any organization as the information can be referred asthe backbone for any organization in any sector. Related to the risks and concerns that could beraised due to this implementation a risk assessment has been proposed in this report that could behelpful in rating the risks (which risk should be mitigated first and which should be concernedfor later) and based on that how information security system can be enhanced. Very importantconcern related to the data security has been explained in this report with the solutions that arecapable of mitigating such issues. Cloud ComputingCloud computing can be stated as on-demand service that helps the user in enablingconvenient, on-demand, and available network access to a bunch of configurable Computingdevices such as servers, applications, networks, storage, and many other services. Establishingconfiguration for this implementation needs very minimal management effort and could beestablished rapidly. “This Cloud model promotes availability and is comprised of five keycharacteristics, three delivery models and four deployment models” (Erl, Cope & Naserpour,
5IT RISK ASSESSMENT AZTEK2015). There are various benefits of this service as it is much flexible and able to provide scalingflexibility through using multi-tenant model, which can be billed and metered according to theusage made by the organization.Cloud Computing services are being delivered throughmainly three delivery models that are; SaaS (Software as a Service), PaaS (Platform as aService), and IaaS (Infrastructure as a Service) (Bansal & Sharma, 2015). There are variousvendors in the market that are capable of providing such services that can be listed as:Salesforce.com, Google Docs, and many others provides services for SaaS, Google App Engines,Microsoft Azure, and others for PaaS, and Rackspace, NYSE Euronext CMPC, Amazon EC2,and many others provide service for the IaaS. There are many delivery models that are beingoffered by the vendors but there are mainly three models that most of the industries are using thatcan be listed as: Public Cloud, Private Cloud, and Hybrid cloud.Public cloud: This service is available for every individual that is connected to the internet.Private Cloud: This is service is available for the trusted users of the industries that are beingmanaged by either the organization or the Cloud service provider. Community Cloud: “It is accessible to the members or individuals of a wider community that iscomposition of more than one industry or firm” (Rani & Ranjan, 2014). Hybrid Cloud: This is the most favorable service for the industries because of its flexibility andinformation security that has been a challenge in the above services. This is the recommendedservice for the Aztek that should be incorporate within the organization.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Cloud Computing Adoption - Assignmentlg...
|22
|6043
|213
IT Risk Assessment | Case Studylg...
|22
|5807
|240
Risk Management Report Assignmentlg...
|14
|4599
|37
IT Risk and Cloud Computing Assignmentlg...
|12
|5400
|80
Report on Security Issues from Online Medium in Business Enterpriselg...
|14
|5548
|178
IT Risk Management - Report (Doc)lg...
|23
|6055
|34