logo

IT Risk Assessment | Case Study

22 Pages5807 Words240 Views
   

Added on  2020-04-07

IT Risk Assessment | Case Study

   Added on 2020-04-07

ShareRelated Documents
Running head: IT RISK ASSESSMENT CASE STUDYIT Risk Assessment Case Study(Aztek Australian Finance Industry)Name of the StudentName of the UniversityAuthor Note
IT Risk Assessment | Case Study_1
1IT RISK ASSESSMENT CASE STUDYTable of ContentsExecutive Summary.........................................................................................................................2Industry Regulation or Compliance.................................................................................................4Security Posture...............................................................................................................................5Operational Categories................................................................................................................7Threats, Vulnerabilities and Consequences Assessment.................................................................9Risk Severity Matrix..................................................................................................................13Data Security Issues.......................................................................................................................13Solution of the Issues Related to the Data Security...................................................................15Conclusion.....................................................................................................................................17References:....................................................................................................................................18Appendix:......................................................................................................................................22
IT Risk Assessment | Case Study_2
2IT RISK ASSESSMENT CASE STUDYExecutive SummaryIn this new world of technology cloud computing is playing very important role intransforming this world into digital world. Technologies like Big Data and Cloud computing areenhancing the performance of the organization through improving the operational activities inbetter and efficient manner. The aim of this report is to assist Aztek on the threats and risks thatcould be raised due to the implementation of Cloud Computing within the organization. Aztek isa financial industry and most of the finance industries are adopting cloud computing for thebetterment of the organization but yet many of the industries are lacking in adopting it. However,this could change the face of file transfer and management system in much cost effective mannerand help the Aztek to improve the quality of services in very few time and investment.Cloud computing can be stated as “pay-per-use model for enabling available, convenient,on-demand network access to a shared pool of configurable computing resources (e.g.., network,servers, storage, applications, and services) that can be rapidly provisioned and released withminimal management effort or service provider interaction (Erl, Cope & Naserpour, 2015). Thiscloud model promotes availability and is comprised of five key characteristics, three deliverymodels and four deployment models” (Bansal & Sharma, 2015). It has the flexibility thatprovides feature of scaling up or down accessed through pooled computing resources throughusing the multi-tenant model that can be metered and billed as per the usage of the organization.There are mainly three delivery models for the cloud computing that can be listed as:Information as a service (IaaS), Platform as a service (PaaS), and Software as a service (SaaS).The vendors for the respective service providers are Google Docs and salesforce.com for SaaS,Microsoft Azure and Google App Engine for PaaS, and Amazon EC2, Rackspace, and NYSE
IT Risk Assessment | Case Study_3
3IT RISK ASSESSMENT CASE STUDYEuronext CMCP for the IaaS (Sreeramaneni, Seo & Chan, 2017). These cloud service can bedelivered through three models that can be described as: Public cloud: This is a cloud servicethat is being offered and available for everyone over the internet. Private Cloud: This is serviceis available for the trusted users of the industries. This is either managed by the cloud provider ororganization itself. Community Cloud: It is accessible to the members or individuals of a widercommunity that is composition of more than one industry or firm. Hybrid Cloud: It can bedescribed as the mix of private and public cloud and mitigates the challenges that occur in theindividual deployments. Aztex should deploy Hybrid model in manner to keep data andinformation secured and protected (Rani & Ranjan, 2014). This will let the organization avail allthe services and minimize the risks related to the data security. The following report emphasis on the regulation and compliance of the agreements andservices offered by the cloud service provider along with the existing policies of theorganization. This report also states various Australian laws or policies that could beimplemented or considered while implementing Cloud Computing within the organization. Allperspective should be clear between the service provider and the service consumer related to theinformation security to the information that is being transferred to the cloud. Security posture hasbeen also explained in this report in relation with the IT infrastructure of the Aztek. For themanagement of information security six P’s concept has also been proposed in this report. Thisreport presents a risk assessment for the threats, vulnerabilities and issues raised due to thisinnovative change in the organization. Aztek should consider following risk assessment beforeand after implementing cloud computing within the organization.
IT Risk Assessment | Case Study_4
4IT RISK ASSESSMENT CASE STUDYIndustry Regulation or ComplianceCloud Computing or hosting cloud applications for the operational activities within thefinance industries can be described as a new delivery and sourcing model that is capable ofsharing many legal issues. That give birth many legal challenges for the implementation of thistechnology in the existing system of the firm or the organization that can be listed as: first andthe top most prior challenge is the legal compliance issues between the services and protectionprovided by the third party, is compatible with the existing policies of the organization or not.Second is the Service Legal Agreements or service level performance that should be againaligning with the existing policies of the firm (Gangwar & Date, 2016). Cross-border issuesraises when the cloud service provider’s main database system or IT infrastructure is situated inother country and the consumer is availing those services from outside the country. Dataprotection usage and rights that is one of the most important aspects for any sector of theorganization including the financial industries that are availing cloud computing services fortheir firm or the organization (Srinivasan, 2014). Transition and transition that is often very hardonce the organization is connected to the service provider, it becomes much complex to leavethem and move to another service provider including the rise in budget. For Australian finance industries there are specific laws that could be related to thecyberspace and cloud computing that can be listed as:Copyright Amendment (Digital Agenda) Act 2000 (Cth) - intellectual propertyArchives Act, FOI Act Spam Act 2003Privacy Act 1988 & Privacy Amendment (Private Sector) Act 2000 (Cth)Electronic Transactions Acts (Selvadurai, 2013)
IT Risk Assessment | Case Study_5
5IT RISK ASSESSMENT CASE STUDYTelecommunications (Interception) Act 1979 (Cth)Cybercrime Act 2001 (Cth)The policy should be based on considering the impact and consequences on the stakeholders.Internal stake holders such as manager of the Aztec, their staffs, and boards or heads should gothoroughly to the agreement made between the service provider and the government policies(Almosry, Grundy & Muller, 2016). However, this will alternatively affect the externalstakeholders, which are government agencies, financiers, suppliers and many others.Security PostureImplementing cloud computing into the existing system and using cloud hostedapplication could lead to issues to the security of the information and data that is beingtransferred on the cloud. Information related to operational activities and sensitive informationrelated o the employee and transactions of the organization will mitigate on the cloud. Databreaches and other malicious attack could hamper these data and information and priority shouldbe given on mitigating such issues (Rittinghouse & Ransome, 2016). However these securityissues could managed by application of the principles of information security management thatcould be explained as six P’s:Planning: It can be stated as the first and most important approach towards InformationSecurity Management. This step includes modelling of the strategies that could be implementedin manner to support the information strategy that involves designing, creating and implementingof the strategies respectively. There are various types of information security planning thatincludes: Business continuity planning, Incident response planning, Policy planning, Security
IT Risk Assessment | Case Study_6

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Cloud Computing Security PDF
|13
|3038
|39

Cloud Computing Adoption - Assignment
|22
|6043
|213

Cloud Systems and Applications: Literature Review
|14
|3230
|363

Benefits of using Cloud Computing : Assignment
|14
|851
|46

Cloud Computing: Types, Advantages and Disadvantages
|6
|901
|325

Cloud Based Infrastructure for MetaSoft
|10
|561
|335