Cloud Security Risk Management
Added on 2020-05-11
27 Pages7358 Words48 Views
|
|
|
Running Head: Security Management
Investigation,
Report, Policy
Document
Investigation,
Report, Policy
Document
Security Management System
Table of Contents
Introduction to the Security Management..................................................................................2
Principles of the Security Management.....................................................................................2
Methodologies of the Private Cloud Provider............................................................................3
Design........................................................................................................................................4
Implementation..........................................................................................................................5
Security Issues............................................................................................................................5
Security Risks and Mitigation Techniques................................................................................7
Legal Considerations, Standards, ethical considerations...........................................................8
Potential Benefits of the proposed Security Management for all Stakeholders.........................8
Applications of the current Security Principles and Current methodologies.............................9
Security Tools used to applied in the Mitigation Techniques..................................................10
Mitigation Techniques..........................................................................................................10
Strategies Used for Mitigation the risks of the company are:..............................................11
Security Policies.......................................................................................................................12
Human Factors, laws and Regulations for the Best Practice...................................................13
Coherent in the Security Management Application.................................................................13
Conclusion................................................................................................................................13
References................................................................................................................................15
1
Table of Contents
Introduction to the Security Management..................................................................................2
Principles of the Security Management.....................................................................................2
Methodologies of the Private Cloud Provider............................................................................3
Design........................................................................................................................................4
Implementation..........................................................................................................................5
Security Issues............................................................................................................................5
Security Risks and Mitigation Techniques................................................................................7
Legal Considerations, Standards, ethical considerations...........................................................8
Potential Benefits of the proposed Security Management for all Stakeholders.........................8
Applications of the current Security Principles and Current methodologies.............................9
Security Tools used to applied in the Mitigation Techniques..................................................10
Mitigation Techniques..........................................................................................................10
Strategies Used for Mitigation the risks of the company are:..............................................11
Security Policies.......................................................................................................................12
Human Factors, laws and Regulations for the Best Practice...................................................13
Coherent in the Security Management Application.................................................................13
Conclusion................................................................................................................................13
References................................................................................................................................15
1
Security Management System
Introduction to the Security Management
It is the core responsibility of the superior authority of the organisation that holds the
responsibility to manage the organisation security. It is necessary to ensure the system
organisational data and information as well as to protect the information by the proper risk
assessment and the purpose of having the strategic goals and the main objectives is to keep
the management secure form any vulnerable activities. The organisation generally acquire to
enable the tools used for the investing, personnel perform the business operations to meet and
identified the security needs which is mainly implemented in the organisation for the well-
designed structure of the company, it is necessary to have the proper roles and responsibilities
for the well-designed tasks as well as to have the proper mechanisms for measuring the
review and performances. It safety is not the end to the any organisation it is necessary to
have the proper suitability of the sustainable access for balancing the security in the
organisation. Safety and security management are relatively increasing in the as the one
element in the organisation to overall balance the risk management which mainly involve the
financial accountings, legal risks and the information security (Annan et al., 2012). The
relationship between the risk and security is mostly similar to the linguistic turn and to offer
the qualities being offered to address the responsibilities in the organisation in the systematic
manner. The security aid works is generally faced by the workers in the company. The
security management also introduce the domain for introducing some critical documents such
as policies, procedures and guidelines. These are generally great for the main to spell out the
importance in the organisation for managing their security practices and dealing with the
essential resources in the organisation. It mainly helps in assessing to the risks and to analyse
the threats on the resources and mainly determine where the protective mechanisms should be
used and placed. It is necessary that the employees should be trained for the security to have
an appropriate idea for having the good place for giving the training to them for practising in
2
Introduction to the Security Management
It is the core responsibility of the superior authority of the organisation that holds the
responsibility to manage the organisation security. It is necessary to ensure the system
organisational data and information as well as to protect the information by the proper risk
assessment and the purpose of having the strategic goals and the main objectives is to keep
the management secure form any vulnerable activities. The organisation generally acquire to
enable the tools used for the investing, personnel perform the business operations to meet and
identified the security needs which is mainly implemented in the organisation for the well-
designed structure of the company, it is necessary to have the proper roles and responsibilities
for the well-designed tasks as well as to have the proper mechanisms for measuring the
review and performances. It safety is not the end to the any organisation it is necessary to
have the proper suitability of the sustainable access for balancing the security in the
organisation. Safety and security management are relatively increasing in the as the one
element in the organisation to overall balance the risk management which mainly involve the
financial accountings, legal risks and the information security (Annan et al., 2012). The
relationship between the risk and security is mostly similar to the linguistic turn and to offer
the qualities being offered to address the responsibilities in the organisation in the systematic
manner. The security aid works is generally faced by the workers in the company. The
security management also introduce the domain for introducing some critical documents such
as policies, procedures and guidelines. These are generally great for the main to spell out the
importance in the organisation for managing their security practices and dealing with the
essential resources in the organisation. It mainly helps in assessing to the risks and to analyse
the threats on the resources and mainly determine where the protective mechanisms should be
used and placed. It is necessary that the employees should be trained for the security to have
an appropriate idea for having the good place for giving the training to them for practising in
2
Security Management System
the workplace (Bulgurcu, Cavusoglu & Benbasat, 2010). The main aim of the employee is to
have the main objective and the goal to ensure the confidentiality, integrity and the
availability of the resources and assets and to the information.
Principles of the Security Management
The principles are used for the specific terminology across the field in the organisation
management. The principle has their own language for which it is closely related to the
organisation needs. The principles have the limited scope and the complexity for the enabling
to the wider space of the business populations to have the business concepts to implement in
the organisation. The basic principles of the organisation is still the same in today scenario
has not be changed. The principles had the implementation in the certain areas in the
organisation. There are various principles and the guidelines is been used for implementing in
the organisation. The principles of the organisation is based on the main theory and is been
derived into the several parts of the accessing in the organisation (Chen et al., 2013).
1. Confidentiality- This is another word used for privacy of user data. There are some
parameters which is been set at a place to ensure confidentially of sensitive user
content to save this information from reaching in wrong hands. So this is to be
ensured that this information is having only restricted access and given only to limited
users .This data can be categorized according to its sensitivity and it may not fall in
unwanted hands which may misuse it .This data is to be safeguarded and it involve
special skills training to categorizing data as well as accessing of data by authorized
users.
2. Integrity- This is to safeguard the assets along with taking care of their accuracy and
completeness. Integrity of an information means that the information collected is must
3
the workplace (Bulgurcu, Cavusoglu & Benbasat, 2010). The main aim of the employee is to
have the main objective and the goal to ensure the confidentiality, integrity and the
availability of the resources and assets and to the information.
Principles of the Security Management
The principles are used for the specific terminology across the field in the organisation
management. The principle has their own language for which it is closely related to the
organisation needs. The principles have the limited scope and the complexity for the enabling
to the wider space of the business populations to have the business concepts to implement in
the organisation. The basic principles of the organisation is still the same in today scenario
has not be changed. The principles had the implementation in the certain areas in the
organisation. There are various principles and the guidelines is been used for implementing in
the organisation. The principles of the organisation is based on the main theory and is been
derived into the several parts of the accessing in the organisation (Chen et al., 2013).
1. Confidentiality- This is another word used for privacy of user data. There are some
parameters which is been set at a place to ensure confidentially of sensitive user
content to save this information from reaching in wrong hands. So this is to be
ensured that this information is having only restricted access and given only to limited
users .This data can be categorized according to its sensitivity and it may not fall in
unwanted hands which may misuse it .This data is to be safeguarded and it involve
special skills training to categorizing data as well as accessing of data by authorized
users.
2. Integrity- This is to safeguard the assets along with taking care of their accuracy and
completeness. Integrity of an information means that the information collected is must
3
Security Management System
be useful as well as complete and accurate. It helps in maintaining the integrity of
information so that only certain users are authorized and accessed that information,
and this information is altered and updated only by certain user. So in meantime
basically integrity of information can be maintained by updating security patches of
the server on which information is stored and only authorized personnel’s can alter or
delete this information when needed (Coffee, Sale & Henderson, 2015).
3. Availability- Phenomena when Information can be remotely accessed from anywhere
when demanded is known as Availability. Information of an enterprise is specified at
the time when it is required, it must be accessed quickly but sometimes it is not
available when needed or some irrelevant data is provided. Relevant hardware is
applied so that the information can be accessed by Information assurance professional
significantly .In old time’s information is secured and locked up and never allowed to
accessed by authorized users which is not evenly accessed every time required .This is
an important truth that security is compromised when accessibility comes to place. So
it is important to balance between these two aspects in information technology.
Methodologies of the Private Cloud Provider
A system and the method is been used for disclosing the private cloud computing and for
developing and deploying to the various applications being used in implementing the
methodologies in the organisation. It provides the storage capacity with the capabilities to
store wand to process the data to the data centers. Company use the cloud platform for storing
the different files and data of the company on it. Basically the security issues are being raised
by the customers regarding to the data and to the information.
There are various phases for implementing the methodologies for the security strategies and
to the cloud services. There are various sections in which the security is used for
4
be useful as well as complete and accurate. It helps in maintaining the integrity of
information so that only certain users are authorized and accessed that information,
and this information is altered and updated only by certain user. So in meantime
basically integrity of information can be maintained by updating security patches of
the server on which information is stored and only authorized personnel’s can alter or
delete this information when needed (Coffee, Sale & Henderson, 2015).
3. Availability- Phenomena when Information can be remotely accessed from anywhere
when demanded is known as Availability. Information of an enterprise is specified at
the time when it is required, it must be accessed quickly but sometimes it is not
available when needed or some irrelevant data is provided. Relevant hardware is
applied so that the information can be accessed by Information assurance professional
significantly .In old time’s information is secured and locked up and never allowed to
accessed by authorized users which is not evenly accessed every time required .This is
an important truth that security is compromised when accessibility comes to place. So
it is important to balance between these two aspects in information technology.
Methodologies of the Private Cloud Provider
A system and the method is been used for disclosing the private cloud computing and for
developing and deploying to the various applications being used in implementing the
methodologies in the organisation. It provides the storage capacity with the capabilities to
store wand to process the data to the data centers. Company use the cloud platform for storing
the different files and data of the company on it. Basically the security issues are being raised
by the customers regarding to the data and to the information.
There are various phases for implementing the methodologies for the security strategies and
to the cloud services. There are various sections in which the security is used for
4
Security Management System
implementing the security policies and controls which helps in minimizing the threats and
risks in the cloud data services where the data is been saved. It is been used in all the forms
and all types of attacks which are intruded in the database. It is based on to detect the various
types of threats, attacks and vulnerabilities for detecting into the database Coronel & Morris,
2016).
There are various steps used for implementing the security strategies for the cloud services.
1. It is used for predicting the attacks and accessing the risks to prevent the database stored in
the cloud services.
2. It is essential to know each type of threat been intruded in the database.
3. Apply the various methodologies used for implementing the techniques and tools used for
detecting the threats in the database and in the system.
4. Applying the proactive strategies which are a predefined set of the steps taken to prevent
from the attacks before they damage the whole data in the database files and to the systems.
5. Determining the various vulnerabilities and threats that specify the attacks being exploit
and discovered, current policies and controls are used and altered for implementing and
minimizing the threats.
6 It is necessary to design the contingency plan which mainly helps in developing an
alternative plan if in case the attacks penetrate from the system and to the data security or any
other assets. This plan mainly helps in restoring the databases in a timely manner (De Lange,
Von Solms& Gerber, 2016).
5
implementing the security policies and controls which helps in minimizing the threats and
risks in the cloud data services where the data is been saved. It is been used in all the forms
and all types of attacks which are intruded in the database. It is based on to detect the various
types of threats, attacks and vulnerabilities for detecting into the database Coronel & Morris,
2016).
There are various steps used for implementing the security strategies for the cloud services.
1. It is used for predicting the attacks and accessing the risks to prevent the database stored in
the cloud services.
2. It is essential to know each type of threat been intruded in the database.
3. Apply the various methodologies used for implementing the techniques and tools used for
detecting the threats in the database and in the system.
4. Applying the proactive strategies which are a predefined set of the steps taken to prevent
from the attacks before they damage the whole data in the database files and to the systems.
5. Determining the various vulnerabilities and threats that specify the attacks being exploit
and discovered, current policies and controls are used and altered for implementing and
minimizing the threats.
6 It is necessary to design the contingency plan which mainly helps in developing an
alternative plan if in case the attacks penetrate from the system and to the data security or any
other assets. This plan mainly helps in restoring the databases in a timely manner (De Lange,
Von Solms& Gerber, 2016).
5
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents