Risk Management in Cloud Migration to AWS
VerifiedAdded on 2019/09/21
|7
|2732
|403
Report
AI Summary
The assignment content discusses the importance of risk management in a system, including preventable risks and external risks. It highlights the need for a robust infrastructure to detect vulnerabilities and ensure security. The content also emphasizes the significance of business continuity planning, particularly in today's competitive market where clients may switch services if they are not satisfied with the quality or cost-effectiveness of the service. Furthermore, it underscores the importance of Access Control mechanisms, such as Role-Based Access Control (RBAC), to ensure secure access to information.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Table of Contents
Introduction 2
Part 1: Vulnerabilities Assessment 3
Bibliography 7
Introduction 2
Part 1: Vulnerabilities Assessment 3
Bibliography 7
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Introduction
The growth of internet is rapidly increasing in the real world. Every one shares their
information via internet. The information should be shared accurately without any error. Patch
management is the part of system which management which involves in testing and installing
patches in the administered system. The error occurs only in this process. When the system gets
an update, it will not accept the patch to test or install. So that OS will not start. The time taken
to restart the OS will be the downtime of the server. The system should hold live migration.
Since the data loss may occur due to the error of patch process, the back up of the data should be
taken. The backup data should be moved to secured location. Two different types of data are
available in the datacenter. One is passive data and active data in the datacenter. So the data
center with the both the container with active and passive datacenter should not save same the
data which is affected. It should hold only the value data from the successful update or it should
be able to rollback the data from the server if there is any flaw in the data or any operation failure
that occurs in the network.
Infrastructure Requirements:
The network system holds the infrastructure that it can handle error in change of the
network. If the system is affected by the patch management process then the whole network
should be passed and it should recover the data from the server automatically. The network
should be able to adopt the available network and manage the change if the server has no active
request and response. It can be managed with the backup of data which is available in the server.
If the active user of the servers is active by the more number of users they can make lot of
transaction on the website. The network must able to take snapshot of the database and should
enter the log of the server so that any changes made in the network would be traceable.
The solution for this patch management process is locking the data in the server. When the
network change happens in the network the system, save the data and won’t let the server to
change the data. Now the local copy of the data is created and it can be compared with the data
saved in the server which is the original data. The changes are measured and the data can be
updated. When the patch management gets updated and the network is running normal they can
update the data with the compared value of the active data with recent transaction of data. Only
some changes might be needed but this will be secured. Because there will not be any conflict in
the data because the pervious data is been locked which is transacted recently. We will have to
wait for the data to get update. There is no threat in conflict error because everything is checked
after the conformation. The changed data in the recent data are changed in the lock data so no
redundancy will come and data will be secured.
The security policy:
The security policy include if network system is accessible. The system should have hierarchy of
access in the network. Not all the people can fix the fault that occurs in the system only some of
The growth of internet is rapidly increasing in the real world. Every one shares their
information via internet. The information should be shared accurately without any error. Patch
management is the part of system which management which involves in testing and installing
patches in the administered system. The error occurs only in this process. When the system gets
an update, it will not accept the patch to test or install. So that OS will not start. The time taken
to restart the OS will be the downtime of the server. The system should hold live migration.
Since the data loss may occur due to the error of patch process, the back up of the data should be
taken. The backup data should be moved to secured location. Two different types of data are
available in the datacenter. One is passive data and active data in the datacenter. So the data
center with the both the container with active and passive datacenter should not save same the
data which is affected. It should hold only the value data from the successful update or it should
be able to rollback the data from the server if there is any flaw in the data or any operation failure
that occurs in the network.
Infrastructure Requirements:
The network system holds the infrastructure that it can handle error in change of the
network. If the system is affected by the patch management process then the whole network
should be passed and it should recover the data from the server automatically. The network
should be able to adopt the available network and manage the change if the server has no active
request and response. It can be managed with the backup of data which is available in the server.
If the active user of the servers is active by the more number of users they can make lot of
transaction on the website. The network must able to take snapshot of the database and should
enter the log of the server so that any changes made in the network would be traceable.
The solution for this patch management process is locking the data in the server. When the
network change happens in the network the system, save the data and won’t let the server to
change the data. Now the local copy of the data is created and it can be compared with the data
saved in the server which is the original data. The changes are measured and the data can be
updated. When the patch management gets updated and the network is running normal they can
update the data with the compared value of the active data with recent transaction of data. Only
some changes might be needed but this will be secured. Because there will not be any conflict in
the data because the pervious data is been locked which is transacted recently. We will have to
wait for the data to get update. There is no threat in conflict error because everything is checked
after the conformation. The changed data in the recent data are changed in the lock data so no
redundancy will come and data will be secured.
The security policy:
The security policy include if network system is accessible. The system should have hierarchy of
access in the network. Not all the people can fix the fault that occurs in the system only some of
the people are able to do the operation process. The security is needed in the environment where
the security of the physical infrastructure will be low. So the system should be secured in every
region. For example, a bank will have many branches based on their type of region. In urban are
the number of visitors in the bank will be more so that the security in the bank will be more
while in sub urban areas in the same branch the security of the system might not be tight because
of the less people visiting the bank. So like that the threat can be occur. If there number of access
to the system is more, threats may occur. If the hacker exploits these things the system could be
compromised.
Problem Solution:
People who need to access these networks should follow necessary protocol in order to increase
the security in the network. For example person should not take any electronic items to the bank
and the clearance ID card should be checked all the time. Person other than an employee should
not use other system without proper permission. Changes done by the employee should be noted
in the log every time. So that if something happens due to changes in the system could be easily
rectified.
Risk management Requirements:
The risk management can be approx prediction in the system. The risk management can’t be
defined accurately. Only we can run test in the risk but we need expert advice to manage the risk.
They have the overall function of the project and how the process will occur and what will be the
chance for losing the system. It should be controlled only by the experts. Some persons are able
to find out this kind of solution because of the experience gathered by them. The risk
management is very much necessary because the risk may occur anytime in the system both at
the starting of the project or the ending of the project the system. It may occur anywhere but
experts should be able to respond to the error automatically or it should be controlled by the
expert who monitors the system.
The requirement of the risk is unpredictable because of the how the preparation is done. There
might be a chance for the error to occur in the system. The risk may arise in the public side or
from the company side. If the worker doesn’t know what he is doing it might not affect him it
might have affected the public or the other department in the same company. It is like making
error in the system without knowing the effect. The error caused by human is unpredictable. We
can figure out the pattern by identifying the error occurrence and type of error occurring should
be noted and where the analysis of the data is collected and the solution to the problem will be
ready before the error occurs. This is how the risk management is reducing the risk but it can be
eliminated. Different types of errors are preventable risk and external risk.
the security of the physical infrastructure will be low. So the system should be secured in every
region. For example, a bank will have many branches based on their type of region. In urban are
the number of visitors in the bank will be more so that the security in the bank will be more
while in sub urban areas in the same branch the security of the system might not be tight because
of the less people visiting the bank. So like that the threat can be occur. If there number of access
to the system is more, threats may occur. If the hacker exploits these things the system could be
compromised.
Problem Solution:
People who need to access these networks should follow necessary protocol in order to increase
the security in the network. For example person should not take any electronic items to the bank
and the clearance ID card should be checked all the time. Person other than an employee should
not use other system without proper permission. Changes done by the employee should be noted
in the log every time. So that if something happens due to changes in the system could be easily
rectified.
Risk management Requirements:
The risk management can be approx prediction in the system. The risk management can’t be
defined accurately. Only we can run test in the risk but we need expert advice to manage the risk.
They have the overall function of the project and how the process will occur and what will be the
chance for losing the system. It should be controlled only by the experts. Some persons are able
to find out this kind of solution because of the experience gathered by them. The risk
management is very much necessary because the risk may occur anytime in the system both at
the starting of the project or the ending of the project the system. It may occur anywhere but
experts should be able to respond to the error automatically or it should be controlled by the
expert who monitors the system.
The requirement of the risk is unpredictable because of the how the preparation is done. There
might be a chance for the error to occur in the system. The risk may arise in the public side or
from the company side. If the worker doesn’t know what he is doing it might not affect him it
might have affected the public or the other department in the same company. It is like making
error in the system without knowing the effect. The error caused by human is unpredictable. We
can figure out the pattern by identifying the error occurrence and type of error occurring should
be noted and where the analysis of the data is collected and the solution to the problem will be
ready before the error occurs. This is how the risk management is reducing the risk but it can be
eliminated. Different types of errors are preventable risk and external risk.
Preventable risk:
Preventable risks are some risks that are preventable by the analysis. The data got from the past
entry are responsible for the preventable risk. They will have the insights of the details and
strategy to solve the risk. It can be handled in facing the real-time problems. Strategy risks are
the risk that may occur when you don’t follow the given protocols. For example if the client
wants to change some procedures in the network or deploy any new software in the networks
these risk will not be tested in the environment. This may lead to the project risk management.
External risks:
External risks are caused by the internal team where they allow other factors in the system. This
will affect the system. Risk requirement depends on the client need. If the client is budget
concerned, the risk assessment can be done effectively. Then it might have to spend more on the
project or rework on the project where he has to invest again.
Problem Solution:
In this problem the backup server should be ready and the data should not be delayed and get the
data after the network comes to a normal stage. The system should adapt to the current
environment where load balancing should be done equally because the back server cannot handle
more data, the load should be distributed among the servers. There may be duplication in the
data. These data must be sorted out from the system because they cause the system to respond
late.
The business community:
The overall business design can be migrated from one server to other server using cloud
migration to the AWS server where processes are done automatically. The server should be
configured without any compatible issue because the Amazon team 3rd party deals with the
configuration problems so the difficulty in setup of the server and maintaining the server may be
solved. They also have the security measures. They can visualize the person who is trying to
access the system and what type of processing is made by them. If any problem arises it can be
solved by visualizing this security process. Server can be controlled by the client. If client needs
any information about their lost data, it can be retrieved by holding the snap of the database
which is done by the third party team. The database will simply roll back to the system if there is
a change or any loss in the system. This will make the work more effectively. Most of the Work
can be automated. If any new version of the software are implemented the system should respond
to the changes for the change in the system. For the effective work, some software firms are
configured automatically to adapt to the system. If there is any error in the system it is handled
by automatic alert system.
In order to continue the business this should be given as a service where the owner will have the
full control of the system. The clients with multi vendor are added through a portal. This will
have the security layer for the clients where the space is allocated separately for each client so
the data collision does not occur. The server will have the data according to the region where
Preventable risks are some risks that are preventable by the analysis. The data got from the past
entry are responsible for the preventable risk. They will have the insights of the details and
strategy to solve the risk. It can be handled in facing the real-time problems. Strategy risks are
the risk that may occur when you don’t follow the given protocols. For example if the client
wants to change some procedures in the network or deploy any new software in the networks
these risk will not be tested in the environment. This may lead to the project risk management.
External risks:
External risks are caused by the internal team where they allow other factors in the system. This
will affect the system. Risk requirement depends on the client need. If the client is budget
concerned, the risk assessment can be done effectively. Then it might have to spend more on the
project or rework on the project where he has to invest again.
Problem Solution:
In this problem the backup server should be ready and the data should not be delayed and get the
data after the network comes to a normal stage. The system should adapt to the current
environment where load balancing should be done equally because the back server cannot handle
more data, the load should be distributed among the servers. There may be duplication in the
data. These data must be sorted out from the system because they cause the system to respond
late.
The business community:
The overall business design can be migrated from one server to other server using cloud
migration to the AWS server where processes are done automatically. The server should be
configured without any compatible issue because the Amazon team 3rd party deals with the
configuration problems so the difficulty in setup of the server and maintaining the server may be
solved. They also have the security measures. They can visualize the person who is trying to
access the system and what type of processing is made by them. If any problem arises it can be
solved by visualizing this security process. Server can be controlled by the client. If client needs
any information about their lost data, it can be retrieved by holding the snap of the database
which is done by the third party team. The database will simply roll back to the system if there is
a change or any loss in the system. This will make the work more effectively. Most of the Work
can be automated. If any new version of the software are implemented the system should respond
to the changes for the change in the system. For the effective work, some software firms are
configured automatically to adapt to the system. If there is any error in the system it is handled
by automatic alert system.
In order to continue the business this should be given as a service where the owner will have the
full control of the system. The clients with multi vendor are added through a portal. This will
have the security layer for the clients where the space is allocated separately for each client so
the data collision does not occur. The server will have the data according to the region where
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
many vendor will upload the data and those data will be stored in the place where no one can
access only the data owner can be used to access the data and administrator should maintain this
data because all the data should not be duplicated in the server and mixed in the storage area
even though they get stored in the same server. When the client call for the data what is stored in
the server should be recalled or reflect at the time of the output. There will not be any problem in
retrieving the relevant data for the client.
Business Continuity Requirements:
The network system should be able the produce the output with maximum throughput with
minimum delay. So for the efficiency, the server must have the data accuracy in the system. The
network should be given as SAAS (Software as a Service) because only company handling this
project should generate month on month revenue. For this most of the companies are given these
services as premium services which are charged on the monthly basis.
Problem with business continuity
In order to give the service effectively the software vendor must give a solution which is
effective as well as cost effective. Nowadays software price are very low because of the
competition around the world, many companies are trying to give the same service with
minimum price with excellent services. The client might tend to switch the service. The quote of
the service and the hidden cost of the service should be transparent to the client. In some
company the service cost are not transparent so that the client should have long term relationship
and the price of the product must be transparent.
The problem with service based company is that maintaining the quality of the product. It seems
that the company is doing well but the same person will not be in the company for a very long
time. So the knowledge of the person changes and then the new employee might not know how
to approach the issues and how to solve the error in the solution.
Problem Solution
The problem is sorted by understanding the client thought and needs from the analysis of past
revenue and how the company has generated revenue. The service methodology should be well
structured. When an employee is going to the new company he must be able to adapt the nature
of the organization and should understand the service requirement of the company to the client
and the policy of the company employee must not breach the company policy in order to safe
guard his job. The company must maintain the policy in order to run properly in the business
continuity plan and the operation cost like labor resources and the technology they are using
should not cost more than the revenue that is being generated in the company.
The ACL access control list (ACL)
There are several types of ACL in the network system. Most commonly used ACL is Role Based
Access Control (RBAC). RBAC list this work with the priority of the people logging in the
system. The system will give only the access of the data to that people. For example in a hospital
access only the data owner can be used to access the data and administrator should maintain this
data because all the data should not be duplicated in the server and mixed in the storage area
even though they get stored in the same server. When the client call for the data what is stored in
the server should be recalled or reflect at the time of the output. There will not be any problem in
retrieving the relevant data for the client.
Business Continuity Requirements:
The network system should be able the produce the output with maximum throughput with
minimum delay. So for the efficiency, the server must have the data accuracy in the system. The
network should be given as SAAS (Software as a Service) because only company handling this
project should generate month on month revenue. For this most of the companies are given these
services as premium services which are charged on the monthly basis.
Problem with business continuity
In order to give the service effectively the software vendor must give a solution which is
effective as well as cost effective. Nowadays software price are very low because of the
competition around the world, many companies are trying to give the same service with
minimum price with excellent services. The client might tend to switch the service. The quote of
the service and the hidden cost of the service should be transparent to the client. In some
company the service cost are not transparent so that the client should have long term relationship
and the price of the product must be transparent.
The problem with service based company is that maintaining the quality of the product. It seems
that the company is doing well but the same person will not be in the company for a very long
time. So the knowledge of the person changes and then the new employee might not know how
to approach the issues and how to solve the error in the solution.
Problem Solution
The problem is sorted by understanding the client thought and needs from the analysis of past
revenue and how the company has generated revenue. The service methodology should be well
structured. When an employee is going to the new company he must be able to adapt the nature
of the organization and should understand the service requirement of the company to the client
and the policy of the company employee must not breach the company policy in order to safe
guard his job. The company must maintain the policy in order to run properly in the business
continuity plan and the operation cost like labor resources and the technology they are using
should not cost more than the revenue that is being generated in the company.
The ACL access control list (ACL)
There are several types of ACL in the network system. Most commonly used ACL is Role Based
Access Control (RBAC). RBAC list this work with the priority of the people logging in the
system. The system will give only the access of the data to that people. For example in a hospital
if a clerk is opening the portal he may be able to view the details but cannot able to edit the
details. In the same way when the doctor opens the portal he can able to edit the patient profile
and edit the fields in the portal because he must make change for giving the accurate result about
the patients. This is how the RBAC play a role in the organization with the ACL. The list will be
updated and maintained in a key place where only the authority person is able to access it. It will
be changed depending upon the time.
Requirement
In a real time example one may share the co-working space so if the hospital is running 24X7
there will be shift in the hospital, doctor will vary according to their shift time. The data
availability is the requirement.
Problem solution
The RABC system fails when someone tries to login with the user name and password. There is
no second layer security so we can use attribute based control list where this is added as the
second layer of security for people who are trying to access the information which they don’t
have permission. In order to access the information to add security, parameters are given to
access the information for login. The attribute may depend on the user information what he
might give as attribute to access the information.
Conclusion:
In order to save the information shared between the clients sharing, the vulnerabilities should be
avoided. If there is any weakness in the system then the security for the information shared is
questionable. So these vulnerabilities should be detected by the infrastructure requirements. Risk
management should be analyzed and measures to be taken. To increase the security level Access
control mechanism should be followed.
details. In the same way when the doctor opens the portal he can able to edit the patient profile
and edit the fields in the portal because he must make change for giving the accurate result about
the patients. This is how the RBAC play a role in the organization with the ACL. The list will be
updated and maintained in a key place where only the authority person is able to access it. It will
be changed depending upon the time.
Requirement
In a real time example one may share the co-working space so if the hospital is running 24X7
there will be shift in the hospital, doctor will vary according to their shift time. The data
availability is the requirement.
Problem solution
The RABC system fails when someone tries to login with the user name and password. There is
no second layer security so we can use attribute based control list where this is added as the
second layer of security for people who are trying to access the information which they don’t
have permission. In order to access the information to add security, parameters are given to
access the information for login. The attribute may depend on the user information what he
might give as attribute to access the information.
Conclusion:
In order to save the information shared between the clients sharing, the vulnerabilities should be
avoided. If there is any weakness in the system then the security for the information shared is
questionable. So these vulnerabilities should be detected by the infrastructure requirements. Risk
management should be analyzed and measures to be taken. To increase the security level Access
control mechanism should be followed.
Bibliography
Chen yanli, Song lingling, Yang geng (2016), “Attribute-Based Access Control for Multi-
Authority systems with constant cipher text in cloud Computing”
Karandeep Kaur, Usvir Kaur (2016), “Various Techniques for Role Based Access Model”
Ben Hal (2016), “Project Infrastructure Requirements”
Jason Chan (2004), “Essentials of Patch Management Policy and Practice”
Business continuity trends and challenges (2017)
Chen yanli, Song lingling, Yang geng (2016), “Attribute-Based Access Control for Multi-
Authority systems with constant cipher text in cloud Computing”
Karandeep Kaur, Usvir Kaur (2016), “Various Techniques for Role Based Access Model”
Ben Hal (2016), “Project Infrastructure Requirements”
Jason Chan (2004), “Essentials of Patch Management Policy and Practice”
Business continuity trends and challenges (2017)
1 out of 7
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.