IT Risk Assessment Report: Cloud Computing at Aztek Finance
VerifiedAdded on 2020/04/01
|24
|6053
|130
Report
AI Summary
This report presents an IT risk assessment for Aztek, an Australian finance industry, focusing on the challenges and risks associated with cloud computing adoption. The executive summary highlights the importance of data and information security, emphasizing Australian policies, compliance, and service agreements. The report explores the benefits of cloud computing while acknowledging potential threats and vulnerabilities. It covers industry regulations, security postures, and the "Six P's" of information security management (Planning, Policy, Programs, Protection, People, Project Management). Operational, management, and technical controls are examined to enhance data security. A risk severity matrix is proposed, and measures to mitigate data security issues are discussed. The report emphasizes the need for Aztek to address these concerns to ensure a secure and compliant cloud implementation. It provides valuable insights into risk assessment, mitigation strategies, and the importance of aligning cloud adoption with organizational and regulatory requirements. The report concludes with a focus on data security issues and measures to mitigate them.
Running head: IT RISK ASSESSMENT (AZTEK)
IT Risk Assessment
(Aztek)
Name of the Student
Name of the University
Author Note
IT Risk Assessment
(Aztek)
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
IT RISK ASSESSMENT AZTEK
Executive summary
The purpose of this report is to explain the issues that are related to the data and information
security and provide a risk assessment report for the Aztec organization in manner to assess the
issues. The main focus of this report is to provide assistance on the threats and issues that could
be raised due to the cloud adoption in an Australian finance industry. This report put emphasis
on the Australian policy and their compliance with the organizational policy the agreement that
is about to made between the cloud service provider and the consumer. Several threats and issues
should be considered by both the service provider and the service consumer in manner to
enhance the information security. In the following report the three controls and six P’s of the
information security system has been also introduced in manner to enhance the data security of
the information. A risk severity matrix has also been proposed in this report that is based on the
rating provided to the threats, and vulnerabilities table. This report provides all the necessary
information that is needed to assess the issues that could raised due to the implementation of
Cloud Computing within the system of the organization.
IT RISK ASSESSMENT AZTEK
Executive summary
The purpose of this report is to explain the issues that are related to the data and information
security and provide a risk assessment report for the Aztec organization in manner to assess the
issues. The main focus of this report is to provide assistance on the threats and issues that could
be raised due to the cloud adoption in an Australian finance industry. This report put emphasis
on the Australian policy and their compliance with the organizational policy the agreement that
is about to made between the cloud service provider and the consumer. Several threats and issues
should be considered by both the service provider and the service consumer in manner to
enhance the information security. In the following report the three controls and six P’s of the
information security system has been also introduced in manner to enhance the data security of
the information. A risk severity matrix has also been proposed in this report that is based on the
rating provided to the threats, and vulnerabilities table. This report provides all the necessary
information that is needed to assess the issues that could raised due to the implementation of
Cloud Computing within the system of the organization.
2
IT RISK ASSESSMENT AZTEK
Table of Contents
Introduction......................................................................................................................................3
Cloud Computing............................................................................................................................4
Industry Regulation or Compliance.................................................................................................5
Security Posture...............................................................................................................................7
Six P’s of Information Security Management.............................................................................7
Planning...................................................................................................................................7
Policy.......................................................................................................................................7
Programs..................................................................................................................................8
Protection.................................................................................................................................8
People......................................................................................................................................9
Project Management................................................................................................................9
Operational Categories................................................................................................................9
Management controls.............................................................................................................10
Operational Controls..............................................................................................................11
Technical Controls.................................................................................................................11
Threats, Vulnerabilities and Consequences Assessment 2461......................................................12
Risk Severity Matrix..................................................................................................................16
Data Security Issues.......................................................................................................................16
Measures to Mitigate Data Security Issues................................................................................18
Conclusion.....................................................................................................................................19
IT RISK ASSESSMENT AZTEK
Table of Contents
Introduction......................................................................................................................................3
Cloud Computing............................................................................................................................4
Industry Regulation or Compliance.................................................................................................5
Security Posture...............................................................................................................................7
Six P’s of Information Security Management.............................................................................7
Planning...................................................................................................................................7
Policy.......................................................................................................................................7
Programs..................................................................................................................................8
Protection.................................................................................................................................8
People......................................................................................................................................9
Project Management................................................................................................................9
Operational Categories................................................................................................................9
Management controls.............................................................................................................10
Operational Controls..............................................................................................................11
Technical Controls.................................................................................................................11
Threats, Vulnerabilities and Consequences Assessment 2461......................................................12
Risk Severity Matrix..................................................................................................................16
Data Security Issues.......................................................................................................................16
Measures to Mitigate Data Security Issues................................................................................18
Conclusion.....................................................................................................................................19
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
IT RISK ASSESSMENT AZTEK
Introduction
World is moving towards becoming completely digital world and Cloud Computing is
making big contribution in this transformation. Everyone is connected to the internet and is
becoming the integral part of the life for every individual or the organization. Cloud Computing
also works through connecting to the internet network and helping in promoting the industries to
be more efficient in calculation and improving the business. Rapid rise in technology usage has
led to the necessity of any third party to be involved into the system for managing those data and
information related to the operational activities, information about the employees and the
customers, and transactional matters data etc. This implementation set free the organization from
the burden of managing the information and data. This makes the organization to be completely
relied on the third party and if any error or misplace happens there is one to be blamed for the
mistake and the organization can look after other serious concerns.
Cloud Computing is improving the way of working for the financial industries however,
still there are certain industries lacking behind in adopting Cloud Computing services. More than
80% of the financial industries have already adopted Cloud Computing however, it can be said
that most them are still not aware of the services that Cloud Computing can offer. Based on the
survey made by () There are around 50% of the Australian finance industries that are using
hybrid Cloud Computing service that can be stated as the hybrid of the public Cloud and private
Cloud services that will be discussed later in this report. Whereas, 40% of the industries among
the financial industries with Cloud Computing services system have in-house IT infrastructure
for managing the information and data related to the operational activities.
IT RISK ASSESSMENT AZTEK
Introduction
World is moving towards becoming completely digital world and Cloud Computing is
making big contribution in this transformation. Everyone is connected to the internet and is
becoming the integral part of the life for every individual or the organization. Cloud Computing
also works through connecting to the internet network and helping in promoting the industries to
be more efficient in calculation and improving the business. Rapid rise in technology usage has
led to the necessity of any third party to be involved into the system for managing those data and
information related to the operational activities, information about the employees and the
customers, and transactional matters data etc. This implementation set free the organization from
the burden of managing the information and data. This makes the organization to be completely
relied on the third party and if any error or misplace happens there is one to be blamed for the
mistake and the organization can look after other serious concerns.
Cloud Computing is improving the way of working for the financial industries however,
still there are certain industries lacking behind in adopting Cloud Computing services. More than
80% of the financial industries have already adopted Cloud Computing however, it can be said
that most them are still not aware of the services that Cloud Computing can offer. Based on the
survey made by () There are around 50% of the Australian finance industries that are using
hybrid Cloud Computing service that can be stated as the hybrid of the public Cloud and private
Cloud services that will be discussed later in this report. Whereas, 40% of the industries among
the financial industries with Cloud Computing services system have in-house IT infrastructure
for managing the information and data related to the operational activities.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
IT RISK ASSESSMENT AZTEK
This report focuses on the assessment of the risks that could be raised during and/or after
the implementation of the Cloud Computing within the Aztek that is an Australian finance
industry. This report also emphasis on the regulations and policy introduced by the Australian
Government that could be incorporated and considered while making the agreement with a
vendor or any third party for the Cloud services. Compliance of the policy related to the
organization, government , and service provider all should be on the same track in manner to
make the agreement legally approved and be secured from any law allegations that could hamper
the reputation of any organization. However, despite of all the advantages and benefits, there are
certain risks to the information security in this implementation that cannot be neglected. Data
security should be the prior concern for any organization as the information can be referred as
the backbone for any organization in any sector. Related to the risks and concerns that could be
raised due to this implementation a risk assessment has been proposed in this report that could be
helpful in rating the risks (which risk should be mitigated first and which should be concerned
for later) and based on that how information security system can be enhanced. Very important
concern related to the data security has been explained in this report with the solutions that are
capable of mitigating such issues.
Cloud Computing
Cloud computing can be stated as on-demand service that helps the user in enabling
convenient, on-demand, and available network access to a bunch of configurable Computing
devices such as servers, applications, networks, storage, and many other services. Establishing
configuration for this implementation needs very minimal management effort and could be
established rapidly. “This Cloud model promotes availability and is comprised of five key
characteristics, three delivery models and four deployment models” (Erl, Cope & Naserpour,
IT RISK ASSESSMENT AZTEK
This report focuses on the assessment of the risks that could be raised during and/or after
the implementation of the Cloud Computing within the Aztek that is an Australian finance
industry. This report also emphasis on the regulations and policy introduced by the Australian
Government that could be incorporated and considered while making the agreement with a
vendor or any third party for the Cloud services. Compliance of the policy related to the
organization, government , and service provider all should be on the same track in manner to
make the agreement legally approved and be secured from any law allegations that could hamper
the reputation of any organization. However, despite of all the advantages and benefits, there are
certain risks to the information security in this implementation that cannot be neglected. Data
security should be the prior concern for any organization as the information can be referred as
the backbone for any organization in any sector. Related to the risks and concerns that could be
raised due to this implementation a risk assessment has been proposed in this report that could be
helpful in rating the risks (which risk should be mitigated first and which should be concerned
for later) and based on that how information security system can be enhanced. Very important
concern related to the data security has been explained in this report with the solutions that are
capable of mitigating such issues.
Cloud Computing
Cloud computing can be stated as on-demand service that helps the user in enabling
convenient, on-demand, and available network access to a bunch of configurable Computing
devices such as servers, applications, networks, storage, and many other services. Establishing
configuration for this implementation needs very minimal management effort and could be
established rapidly. “This Cloud model promotes availability and is comprised of five key
characteristics, three delivery models and four deployment models” (Erl, Cope & Naserpour,
5
IT RISK ASSESSMENT AZTEK
2015). There are various benefits of this service as it is much flexible and able to provide scaling
flexibility through using multi-tenant model, which can be billed and metered according to the
usage made by the organization. Cloud Computing services are being delivered through
mainly three delivery models that are; SaaS (Software as a Service), PaaS (Platform as a
Service), and IaaS (Infrastructure as a Service) (Bansal & Sharma, 2015). There are various
vendors in the market that are capable of providing such services that can be listed as:
Salesforce.com, Google Docs, and many others provides services for SaaS, Google App Engines,
Microsoft Azure, and others for PaaS, and Rackspace, NYSE Euronext CMPC, Amazon EC2,
and many others provide service for the IaaS. There are many delivery models that are being
offered by the vendors but there are mainly three models that most of the industries are using that
can be listed as: Public Cloud, Private Cloud, and Hybrid cloud.
Public cloud: This service is available for every individual that is connected to the internet.
Private Cloud: This is service is available for the trusted users of the industries that are being
managed by either the organization or the Cloud service provider.
Community Cloud: “It is accessible to the members or individuals of a wider community that is
composition of more than one industry or firm” (Rani & Ranjan, 2014).
Hybrid Cloud: This is the most favorable service for the industries because of its flexibility and
information security that has been a challenge in the above services. This is the recommended
service for the Aztek that should be incorporate within the organization.
IT RISK ASSESSMENT AZTEK
2015). There are various benefits of this service as it is much flexible and able to provide scaling
flexibility through using multi-tenant model, which can be billed and metered according to the
usage made by the organization. Cloud Computing services are being delivered through
mainly three delivery models that are; SaaS (Software as a Service), PaaS (Platform as a
Service), and IaaS (Infrastructure as a Service) (Bansal & Sharma, 2015). There are various
vendors in the market that are capable of providing such services that can be listed as:
Salesforce.com, Google Docs, and many others provides services for SaaS, Google App Engines,
Microsoft Azure, and others for PaaS, and Rackspace, NYSE Euronext CMPC, Amazon EC2,
and many others provide service for the IaaS. There are many delivery models that are being
offered by the vendors but there are mainly three models that most of the industries are using that
can be listed as: Public Cloud, Private Cloud, and Hybrid cloud.
Public cloud: This service is available for every individual that is connected to the internet.
Private Cloud: This is service is available for the trusted users of the industries that are being
managed by either the organization or the Cloud service provider.
Community Cloud: “It is accessible to the members or individuals of a wider community that is
composition of more than one industry or firm” (Rani & Ranjan, 2014).
Hybrid Cloud: This is the most favorable service for the industries because of its flexibility and
information security that has been a challenge in the above services. This is the recommended
service for the Aztek that should be incorporate within the organization.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
IT RISK ASSESSMENT AZTEK
Industry Regulation or Compliance
Several legal issues might affect the reputation of the organization if not properly
followed to the Australian policy and regulations. Hosting Cloud application and using Cloud
Computing services from the third party as a new source and delivery model and that is based on
the conditions made by the third party. There should be proper compliance of the conditions that
are being made by the service provider should with the policies and regulations made for the
organization. This is one of the critical situations that should be considered before complying
Cloud services with the existing policy of the organization. Another challenge related to the
implementation of Cloud Computing into the existing system is that the Service Legal
Agreements that should clear, compatible with the existing policy of the organization, should
cover the information security (Gangwar & Date, 2016). Most of the consumers prefer outsider
service provider in manner to be much secured from data exchange between the competitors that
led to the Cross-border issues. This could even lead to the seizing of data and information due to
the regulations and policies of other country and change in government and many other factors.
There are certain laws presented by the Australian government that could be incorporated within
the Aztek finance industry in manner to protect the information (Srinivasan, 2014). Following
are the list of policies related to the Cloud Computing, Big Data, and cyberspace:
Archives Act, FOI Act
Copyright Amendment (Digital Agenda) Act 2000 (Cth) - intellectual property
Spam Act 2003
Electronic Transactions Acts (Selvadurai, 2013) (Almosry, Grundy & Muller, 2016).
Cybercrime Act 2001 (Cth)
Privacy Act 1988 & Privacy Amendment (Private Sector) Act 2000 (Cth)
IT RISK ASSESSMENT AZTEK
Industry Regulation or Compliance
Several legal issues might affect the reputation of the organization if not properly
followed to the Australian policy and regulations. Hosting Cloud application and using Cloud
Computing services from the third party as a new source and delivery model and that is based on
the conditions made by the third party. There should be proper compliance of the conditions that
are being made by the service provider should with the policies and regulations made for the
organization. This is one of the critical situations that should be considered before complying
Cloud services with the existing policy of the organization. Another challenge related to the
implementation of Cloud Computing into the existing system is that the Service Legal
Agreements that should clear, compatible with the existing policy of the organization, should
cover the information security (Gangwar & Date, 2016). Most of the consumers prefer outsider
service provider in manner to be much secured from data exchange between the competitors that
led to the Cross-border issues. This could even lead to the seizing of data and information due to
the regulations and policies of other country and change in government and many other factors.
There are certain laws presented by the Australian government that could be incorporated within
the Aztek finance industry in manner to protect the information (Srinivasan, 2014). Following
are the list of policies related to the Cloud Computing, Big Data, and cyberspace:
Archives Act, FOI Act
Copyright Amendment (Digital Agenda) Act 2000 (Cth) - intellectual property
Spam Act 2003
Electronic Transactions Acts (Selvadurai, 2013) (Almosry, Grundy & Muller, 2016).
Cybercrime Act 2001 (Cth)
Privacy Act 1988 & Privacy Amendment (Private Sector) Act 2000 (Cth)
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
IT RISK ASSESSMENT AZTEK
Telecommunications (Interception) Act 1979 (Cth)
Security Posture
As stated in the above discussion implementation of Cloud Computing within the
organization could lead several issues related to the information and data and for this, there is a
need of information management system within the organization. There are several issues, which
will be discussed later in this report. First concern should be given on managing information
security in manner to minimize or eliminate the threats that will be raised (Rittinghouse &
Ransome, 2016). Six P’s of the information management system could be much helpful in
managing these threats and issues.
Six P’s of Information Security Management
Planning
This is the very first step in the information security management that states to create
model and step on how to determine the threats. Which sector should be given the most priority
and which should not, proper planning of assessment should also be made earlier including the
budget and cost that will be spent on the risk identification and risk assessment. Common steps
in this approach are designing, creating and implementing the strategies within a fixed interval of
time (Chandra, Challa & Hussain, 2014). The types of information security can be described as
Policy planning, Business continuity planning, Security program planning, Incident response
planning, Technology rollout planning, Risk management planning, and Disaster recovery
planning Personnel planning
IT RISK ASSESSMENT AZTEK
Telecommunications (Interception) Act 1979 (Cth)
Security Posture
As stated in the above discussion implementation of Cloud Computing within the
organization could lead several issues related to the information and data and for this, there is a
need of information management system within the organization. There are several issues, which
will be discussed later in this report. First concern should be given on managing information
security in manner to minimize or eliminate the threats that will be raised (Rittinghouse &
Ransome, 2016). Six P’s of the information management system could be much helpful in
managing these threats and issues.
Six P’s of Information Security Management
Planning
This is the very first step in the information security management that states to create
model and step on how to determine the threats. Which sector should be given the most priority
and which should not, proper planning of assessment should also be made earlier including the
budget and cost that will be spent on the risk identification and risk assessment. Common steps
in this approach are designing, creating and implementing the strategies within a fixed interval of
time (Chandra, Challa & Hussain, 2014). The types of information security can be described as
Policy planning, Business continuity planning, Security program planning, Incident response
planning, Technology rollout planning, Risk management planning, and Disaster recovery
planning Personnel planning
8
IT RISK ASSESSMENT AZTEK
Policy
One of the most important aspect as stated earlier related to the rules, regulations, and
laws of the Australian government and the service provider and consumer. There is the
possibility that the agreement that is being offered by the service provider does not fulfil the
requirements of the policies made by the organization or industry itself. The Aztec that will be
dedicating to the change in behaviour after migrating to Cloud Computing services should also
introduce a set of guidelines. For Aztec following are the list of policies that can be
recommended are (Rivery et al., 2015): Issue-Specific Security Policy (ISSP), Enterprise
Information Security Policy (EISP), System-Specific Policies (SysSPs). Before and/or after
implementing Cloud Computing Aztec should follow these policies.
Programs
Aztec should consider the programs related to the Information Security Management as
the integral part of the organization and should be executed as a culture of the organization.
Some programs like SETA Security Education Training and Awareness, technology use
motivational, and many others should be enrolled with the operational activities within the
system (Aikat et al., 2017). These will be helpful in improving the security system of the
management including the physical security, phishing attack and others identification before it
hampers the organization. This will help in ensuring that the attacks are at least identifiable by
the employees.
Protection
Protection in the very most concern as it will cover from the physical security, IT
infrastructure and many others, including encryption of data and information. Other concerning
factors that are included in this section are risk assessment for the issues and threats that have
IT RISK ASSESSMENT AZTEK
Policy
One of the most important aspect as stated earlier related to the rules, regulations, and
laws of the Australian government and the service provider and consumer. There is the
possibility that the agreement that is being offered by the service provider does not fulfil the
requirements of the policies made by the organization or industry itself. The Aztec that will be
dedicating to the change in behaviour after migrating to Cloud Computing services should also
introduce a set of guidelines. For Aztec following are the list of policies that can be
recommended are (Rivery et al., 2015): Issue-Specific Security Policy (ISSP), Enterprise
Information Security Policy (EISP), System-Specific Policies (SysSPs). Before and/or after
implementing Cloud Computing Aztec should follow these policies.
Programs
Aztec should consider the programs related to the Information Security Management as
the integral part of the organization and should be executed as a culture of the organization.
Some programs like SETA Security Education Training and Awareness, technology use
motivational, and many others should be enrolled with the operational activities within the
system (Aikat et al., 2017). These will be helpful in improving the security system of the
management including the physical security, phishing attack and others identification before it
hampers the organization. This will help in ensuring that the attacks are at least identifiable by
the employees.
Protection
Protection in the very most concern as it will cover from the physical security, IT
infrastructure and many others, including encryption of data and information. Other concerning
factors that are included in this section are risk assessment for the issues and threats that have
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
IT RISK ASSESSMENT AZTEK
been identified, protection mechanism, control, and technologies. The activities that are included
in this section will be helpful in enhancing the security system for the information and data that
is about to be uploaded into the cloud (Haimes et al., 2015).
People
The fifth P is the information security management that concerns about the stakeholders
that are connected to the organization in any way. It can be said that it is most critical link for
achieving the maximum information security management after the implementation of the Cloud
Computing within the system of Aztec. Each individual is contributed with proper roles and
responsibilities in the information security management are the focus of this approach. It can also
be stated as the approach is “security personnel and the security of the personnel including the
aspects of the SETA program”.
Project Management
This approach discusses on the identification and controlling that could be incorporated
within the IT infrastructure and within the wok environment for managing the threats related to
the threats and issues with Cloud adoption and how to mitigate them. Another activity that makes
it important is regular audit on the technologies and monitoring the employees’ report card on
the production and many more management. Rao et al. (2016) stated, “For this case of Cloud
adoption information system cannot be described as a project rather it can be defined as a process
in which each element should be managed as a project.” All the activities should be chained or
interconnected to each other and should be a series of project.
IT RISK ASSESSMENT AZTEK
been identified, protection mechanism, control, and technologies. The activities that are included
in this section will be helpful in enhancing the security system for the information and data that
is about to be uploaded into the cloud (Haimes et al., 2015).
People
The fifth P is the information security management that concerns about the stakeholders
that are connected to the organization in any way. It can be said that it is most critical link for
achieving the maximum information security management after the implementation of the Cloud
Computing within the system of Aztec. Each individual is contributed with proper roles and
responsibilities in the information security management are the focus of this approach. It can also
be stated as the approach is “security personnel and the security of the personnel including the
aspects of the SETA program”.
Project Management
This approach discusses on the identification and controlling that could be incorporated
within the IT infrastructure and within the wok environment for managing the threats related to
the threats and issues with Cloud adoption and how to mitigate them. Another activity that makes
it important is regular audit on the technologies and monitoring the employees’ report card on
the production and many more management. Rao et al. (2016) stated, “For this case of Cloud
adoption information system cannot be described as a project rather it can be defined as a process
in which each element should be managed as a project.” All the activities should be chained or
interconnected to each other and should be a series of project.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
IT RISK ASSESSMENT AZTEK
Operational Categories
This section covers the controls of the management, operation technology for enhancing
the security o the data and information that are being migrated to the cloud. These three controls
have been discussed as following:
Management controls
This security control focuses on assessing the risks in a management way that includes
planning, initiating, execution, evaluation and regular audit (Layton, 2016). It can also be
described as administrative controls in manner to improve the information security management.
The actives that are comprised in management controls are:
Risk Assessments: Risk assessment is an activity that can be helpful in making
quantitative and qualitative analysis of the risks within the Cloud adoption in the organization.
This also plays an important role in prioritising the risks that are most important or least
important. In this case, quantitative analysis can be described as the monetary value of the assets
and budget values for the technologies and related issues while implementing Cloud Computing
within the organization (McCrie, 2015). Whereas, qualitative risk assessment can be stated as “it
is based on the impact and probability of the risks that have been identified during the risk
assessment.”
Vulnerability Assessment: It can be described as an attempt towards discovering the
current weaknesses or vulnerabilities to the information security. It can be recommended that
Aztec should implement additional controls in manner to reduce or eliminate the threats and
issues related to the information security.
IT RISK ASSESSMENT AZTEK
Operational Categories
This section covers the controls of the management, operation technology for enhancing
the security o the data and information that are being migrated to the cloud. These three controls
have been discussed as following:
Management controls
This security control focuses on assessing the risks in a management way that includes
planning, initiating, execution, evaluation and regular audit (Layton, 2016). It can also be
described as administrative controls in manner to improve the information security management.
The actives that are comprised in management controls are:
Risk Assessments: Risk assessment is an activity that can be helpful in making
quantitative and qualitative analysis of the risks within the Cloud adoption in the organization.
This also plays an important role in prioritising the risks that are most important or least
important. In this case, quantitative analysis can be described as the monetary value of the assets
and budget values for the technologies and related issues while implementing Cloud Computing
within the organization (McCrie, 2015). Whereas, qualitative risk assessment can be stated as “it
is based on the impact and probability of the risks that have been identified during the risk
assessment.”
Vulnerability Assessment: It can be described as an attempt towards discovering the
current weaknesses or vulnerabilities to the information security. It can be recommended that
Aztec should implement additional controls in manner to reduce or eliminate the threats and
issues related to the information security.
11
IT RISK ASSESSMENT AZTEK
Penetration Tests: A further approach after the vulnerability assessment that is capable
of exploiting vulnerabilities that will be raised due to the application of Cloud storage. Example
of penetration test and vulnerability assessment is “the server is not up-to-date but the
penetration test will make an attempt in compromising the server through exploiting several of
the un-patched vulnerabilities.”
Operational Controls
This emphasizes on controlling the operations that are being performed while the
implementation of Cloud Computing and migration towards Cloud storage and complying them
with the whole security plan. Following is the list of activities that are being controlled by the
personnel:
Awareness and training is the very first activity that can be a beneficial aspect for
managing the information security through eliminating or minimizing the threats
and issues to the extent level (Rohdes, 2013). Various attacks will be pre-
determined by the employees through this program such as nature of secured
password, phishing, malicious attack etc.
Other control focuses on the chain management and configuration within the
systems of the organization.
Last control includes contingency plan plans monitoring the progress of the whole
project.
Technical Controls
Technical Control emphasizes on protecting the computers and servers from unauthorized
user or intruders or hackers. Proper encryption to the files and data before uploading to the Cloud
IT RISK ASSESSMENT AZTEK
Penetration Tests: A further approach after the vulnerability assessment that is capable
of exploiting vulnerabilities that will be raised due to the application of Cloud storage. Example
of penetration test and vulnerability assessment is “the server is not up-to-date but the
penetration test will make an attempt in compromising the server through exploiting several of
the un-patched vulnerabilities.”
Operational Controls
This emphasizes on controlling the operations that are being performed while the
implementation of Cloud Computing and migration towards Cloud storage and complying them
with the whole security plan. Following is the list of activities that are being controlled by the
personnel:
Awareness and training is the very first activity that can be a beneficial aspect for
managing the information security through eliminating or minimizing the threats
and issues to the extent level (Rohdes, 2013). Various attacks will be pre-
determined by the employees through this program such as nature of secured
password, phishing, malicious attack etc.
Other control focuses on the chain management and configuration within the
systems of the organization.
Last control includes contingency plan plans monitoring the progress of the whole
project.
Technical Controls
Technical Control emphasizes on protecting the computers and servers from unauthorized
user or intruders or hackers. Proper encryption to the files and data before uploading to the Cloud
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 24
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.