IT Risk Assessment Case Study: Cloud Computing in Aztek Finance
VerifiedAdded on 2020/04/07
|22
|5807
|240
Case Study
AI Summary
This case study provides a comprehensive IT risk assessment for Aztek, an Australian finance industry, considering the adoption of cloud computing. The report begins with an executive summary, followed by an analysis of industry regulations and compliance relevant to cloud implementation. It assesses Aztek's security posture, focusing on operational categories and proposing a 'six P's' framework for information security management. The study identifies potential threats, vulnerabilities, and their consequences, presenting a risk severity matrix and addressing data security issues. Solutions for these issues are proposed. The report concludes with a summary of findings and recommendations, referencing relevant literature and including an appendix. The case study emphasizes the importance of a hybrid cloud model to maintain data security and minimize risks, considering both internal and external stakeholders, and the legal and compliance aspects of cloud adoption. The report also highlights the importance of security controls (management, operational, and technical) in mitigating potential risks. The assessment provides a detailed analysis of the challenges and opportunities associated with cloud computing in the financial sector.
Running head: IT RISK ASSESSMENT CASE STUDY
IT Risk Assessment Case Study
(Aztek Australian Finance Industry)
Name of the Student
Name of the University
Author Note
IT Risk Assessment Case Study
(Aztek Australian Finance Industry)
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
IT RISK ASSESSMENT CASE STUDY
Table of Contents
Executive Summary.........................................................................................................................2
Industry Regulation or Compliance.................................................................................................4
Security Posture...............................................................................................................................5
Operational Categories................................................................................................................7
Threats, Vulnerabilities and Consequences Assessment.................................................................9
Risk Severity Matrix..................................................................................................................13
Data Security Issues.......................................................................................................................13
Solution of the Issues Related to the Data Security...................................................................15
Conclusion.....................................................................................................................................17
References:....................................................................................................................................18
Appendix:......................................................................................................................................22
IT RISK ASSESSMENT CASE STUDY
Table of Contents
Executive Summary.........................................................................................................................2
Industry Regulation or Compliance.................................................................................................4
Security Posture...............................................................................................................................5
Operational Categories................................................................................................................7
Threats, Vulnerabilities and Consequences Assessment.................................................................9
Risk Severity Matrix..................................................................................................................13
Data Security Issues.......................................................................................................................13
Solution of the Issues Related to the Data Security...................................................................15
Conclusion.....................................................................................................................................17
References:....................................................................................................................................18
Appendix:......................................................................................................................................22
2
IT RISK ASSESSMENT CASE STUDY
Executive Summary
In this new world of technology cloud computing is playing very important role in
transforming this world into digital world. Technologies like Big Data and Cloud computing are
enhancing the performance of the organization through improving the operational activities in
better and efficient manner. The aim of this report is to assist Aztek on the threats and risks that
could be raised due to the implementation of Cloud Computing within the organization. Aztek is
a financial industry and most of the finance industries are adopting cloud computing for the
betterment of the organization but yet many of the industries are lacking in adopting it. However,
this could change the face of file transfer and management system in much cost effective manner
and help the Aztek to improve the quality of services in very few time and investment.
Cloud computing can be stated as “pay-per-use model for enabling available, convenient,
on-demand network access to a shared pool of configurable computing resources (e.g.., network,
servers, storage, applications, and services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction (Erl, Cope & Naserpour, 2015). This
cloud model promotes availability and is comprised of five key characteristics, three delivery
models and four deployment models” (Bansal & Sharma, 2015). It has the flexibility that
provides feature of scaling up or down accessed through pooled computing resources through
using the multi-tenant model that can be metered and billed as per the usage of the organization.
There are mainly three delivery models for the cloud computing that can be listed as:
Information as a service (IaaS), Platform as a service (PaaS), and Software as a service (SaaS).
The vendors for the respective service providers are Google Docs and salesforce.com for SaaS,
Microsoft Azure and Google App Engine for PaaS, and Amazon EC2, Rackspace, and NYSE
IT RISK ASSESSMENT CASE STUDY
Executive Summary
In this new world of technology cloud computing is playing very important role in
transforming this world into digital world. Technologies like Big Data and Cloud computing are
enhancing the performance of the organization through improving the operational activities in
better and efficient manner. The aim of this report is to assist Aztek on the threats and risks that
could be raised due to the implementation of Cloud Computing within the organization. Aztek is
a financial industry and most of the finance industries are adopting cloud computing for the
betterment of the organization but yet many of the industries are lacking in adopting it. However,
this could change the face of file transfer and management system in much cost effective manner
and help the Aztek to improve the quality of services in very few time and investment.
Cloud computing can be stated as “pay-per-use model for enabling available, convenient,
on-demand network access to a shared pool of configurable computing resources (e.g.., network,
servers, storage, applications, and services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction (Erl, Cope & Naserpour, 2015). This
cloud model promotes availability and is comprised of five key characteristics, three delivery
models and four deployment models” (Bansal & Sharma, 2015). It has the flexibility that
provides feature of scaling up or down accessed through pooled computing resources through
using the multi-tenant model that can be metered and billed as per the usage of the organization.
There are mainly three delivery models for the cloud computing that can be listed as:
Information as a service (IaaS), Platform as a service (PaaS), and Software as a service (SaaS).
The vendors for the respective service providers are Google Docs and salesforce.com for SaaS,
Microsoft Azure and Google App Engine for PaaS, and Amazon EC2, Rackspace, and NYSE
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
IT RISK ASSESSMENT CASE STUDY
Euronext CMCP for the IaaS (Sreeramaneni, Seo & Chan, 2017). These cloud service can be
delivered through three models that can be described as: Public cloud: This is a cloud service
that is being offered and available for everyone over the internet. Private Cloud: This is service
is available for the trusted users of the industries. This is either managed by the cloud provider or
organization itself. Community Cloud: It is accessible to the members or individuals of a wider
community that is composition of more than one industry or firm. Hybrid Cloud: It can be
described as the mix of private and public cloud and mitigates the challenges that occur in the
individual deployments. Aztex should deploy Hybrid model in manner to keep data and
information secured and protected (Rani & Ranjan, 2014). This will let the organization avail all
the services and minimize the risks related to the data security.
The following report emphasis on the regulation and compliance of the agreements and
services offered by the cloud service provider along with the existing policies of the
organization. This report also states various Australian laws or policies that could be
implemented or considered while implementing Cloud Computing within the organization. All
perspective should be clear between the service provider and the service consumer related to the
information security to the information that is being transferred to the cloud. Security posture has
been also explained in this report in relation with the IT infrastructure of the Aztek. For the
management of information security six P’s concept has also been proposed in this report. This
report presents a risk assessment for the threats, vulnerabilities and issues raised due to this
innovative change in the organization. Aztek should consider following risk assessment before
and after implementing cloud computing within the organization.
IT RISK ASSESSMENT CASE STUDY
Euronext CMCP for the IaaS (Sreeramaneni, Seo & Chan, 2017). These cloud service can be
delivered through three models that can be described as: Public cloud: This is a cloud service
that is being offered and available for everyone over the internet. Private Cloud: This is service
is available for the trusted users of the industries. This is either managed by the cloud provider or
organization itself. Community Cloud: It is accessible to the members or individuals of a wider
community that is composition of more than one industry or firm. Hybrid Cloud: It can be
described as the mix of private and public cloud and mitigates the challenges that occur in the
individual deployments. Aztex should deploy Hybrid model in manner to keep data and
information secured and protected (Rani & Ranjan, 2014). This will let the organization avail all
the services and minimize the risks related to the data security.
The following report emphasis on the regulation and compliance of the agreements and
services offered by the cloud service provider along with the existing policies of the
organization. This report also states various Australian laws or policies that could be
implemented or considered while implementing Cloud Computing within the organization. All
perspective should be clear between the service provider and the service consumer related to the
information security to the information that is being transferred to the cloud. Security posture has
been also explained in this report in relation with the IT infrastructure of the Aztek. For the
management of information security six P’s concept has also been proposed in this report. This
report presents a risk assessment for the threats, vulnerabilities and issues raised due to this
innovative change in the organization. Aztek should consider following risk assessment before
and after implementing cloud computing within the organization.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
IT RISK ASSESSMENT CASE STUDY
Industry Regulation or Compliance
Cloud Computing or hosting cloud applications for the operational activities within the
finance industries can be described as a new delivery and sourcing model that is capable of
sharing many legal issues. That give birth many legal challenges for the implementation of this
technology in the existing system of the firm or the organization that can be listed as: first and
the top most prior challenge is the legal compliance issues between the services and protection
provided by the third party, is compatible with the existing policies of the organization or not.
Second is the Service Legal Agreements or service level performance that should be again
aligning with the existing policies of the firm (Gangwar & Date, 2016). Cross-border issues
raises when the cloud service provider’s main database system or IT infrastructure is situated in
other country and the consumer is availing those services from outside the country. Data
protection usage and rights that is one of the most important aspects for any sector of the
organization including the financial industries that are availing cloud computing services for
their firm or the organization (Srinivasan, 2014). Transition and transition that is often very hard
once the organization is connected to the service provider, it becomes much complex to leave
them and move to another service provider including the rise in budget.
For Australian finance industries there are specific laws that could be related to the
cyberspace and cloud computing that can be listed as:
Copyright Amendment (Digital Agenda) Act 2000 (Cth) - intellectual property
Archives Act, FOI Act
Spam Act 2003
Privacy Act 1988 & Privacy Amendment (Private Sector) Act 2000 (Cth)
Electronic Transactions Acts (Selvadurai, 2013)
IT RISK ASSESSMENT CASE STUDY
Industry Regulation or Compliance
Cloud Computing or hosting cloud applications for the operational activities within the
finance industries can be described as a new delivery and sourcing model that is capable of
sharing many legal issues. That give birth many legal challenges for the implementation of this
technology in the existing system of the firm or the organization that can be listed as: first and
the top most prior challenge is the legal compliance issues between the services and protection
provided by the third party, is compatible with the existing policies of the organization or not.
Second is the Service Legal Agreements or service level performance that should be again
aligning with the existing policies of the firm (Gangwar & Date, 2016). Cross-border issues
raises when the cloud service provider’s main database system or IT infrastructure is situated in
other country and the consumer is availing those services from outside the country. Data
protection usage and rights that is one of the most important aspects for any sector of the
organization including the financial industries that are availing cloud computing services for
their firm or the organization (Srinivasan, 2014). Transition and transition that is often very hard
once the organization is connected to the service provider, it becomes much complex to leave
them and move to another service provider including the rise in budget.
For Australian finance industries there are specific laws that could be related to the
cyberspace and cloud computing that can be listed as:
Copyright Amendment (Digital Agenda) Act 2000 (Cth) - intellectual property
Archives Act, FOI Act
Spam Act 2003
Privacy Act 1988 & Privacy Amendment (Private Sector) Act 2000 (Cth)
Electronic Transactions Acts (Selvadurai, 2013)
5
IT RISK ASSESSMENT CASE STUDY
Telecommunications (Interception) Act 1979 (Cth)
Cybercrime Act 2001 (Cth)
The policy should be based on considering the impact and consequences on the stakeholders.
Internal stake holders such as manager of the Aztec, their staffs, and boards or heads should go
thoroughly to the agreement made between the service provider and the government policies
(Almosry, Grundy & Muller, 2016). However, this will alternatively affect the external
stakeholders, which are government agencies, financiers, suppliers and many others.
Security Posture
Implementing cloud computing into the existing system and using cloud hosted
application could lead to issues to the security of the information and data that is being
transferred on the cloud. Information related to operational activities and sensitive information
related o the employee and transactions of the organization will mitigate on the cloud. Data
breaches and other malicious attack could hamper these data and information and priority should
be given on mitigating such issues (Rittinghouse & Ransome, 2016). However these security
issues could managed by application of the principles of information security management that
could be explained as six P’s:
Planning: It can be stated as the first and most important approach towards Information
Security Management. This step includes modelling of the strategies that could be implemented
in manner to support the information strategy that involves designing, creating and implementing
of the strategies respectively. There are various types of information security planning that
includes: Business continuity planning, Incident response planning, Policy planning, Security
IT RISK ASSESSMENT CASE STUDY
Telecommunications (Interception) Act 1979 (Cth)
Cybercrime Act 2001 (Cth)
The policy should be based on considering the impact and consequences on the stakeholders.
Internal stake holders such as manager of the Aztec, their staffs, and boards or heads should go
thoroughly to the agreement made between the service provider and the government policies
(Almosry, Grundy & Muller, 2016). However, this will alternatively affect the external
stakeholders, which are government agencies, financiers, suppliers and many others.
Security Posture
Implementing cloud computing into the existing system and using cloud hosted
application could lead to issues to the security of the information and data that is being
transferred on the cloud. Information related to operational activities and sensitive information
related o the employee and transactions of the organization will mitigate on the cloud. Data
breaches and other malicious attack could hamper these data and information and priority should
be given on mitigating such issues (Rittinghouse & Ransome, 2016). However these security
issues could managed by application of the principles of information security management that
could be explained as six P’s:
Planning: It can be stated as the first and most important approach towards Information
Security Management. This step includes modelling of the strategies that could be implemented
in manner to support the information strategy that involves designing, creating and implementing
of the strategies respectively. There are various types of information security planning that
includes: Business continuity planning, Incident response planning, Policy planning, Security
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
IT RISK ASSESSMENT CASE STUDY
program planning, Disaster recovery planning Technology rollout planning, Personnel planning,
and Risk management planning (Chandra, Challa & Hussain, 2014).
Policy: There should be certain set of guidelines for the Aztec that dedicates the
behaviour within the organization after the migration of data to the cloud and hosting cloud
applications. Recommended policies for the cloud computing adoption for Aztek can be put into
three categories that are; firstly, ISSP (Issue-Specific Security Policy), secondly, EISP
(Enterprise Information Security Policy), SysSPs (System-Specific Policies). Implementation of
these policies before or after adopting cloud computing will help in enhancing the information
security (Rivery et al., 2015).
Programs: The operations involved in the information security management should be
executed as a part of the culture of the organization and should be managed separately. Programs
such as SETA (Security Education Training and Awareness) should be enrolled in the list of the
primary activities within then management system including the physical security programs. This
will help in protecting personal credentials and devices that could be connected to the network of
the cloud (Aikat et al., 2017).
Protection: This could be a vast chapter in the implementation of cloud computing within
the existing system of Aztek as it includes risk assessment of the identified threats and issues,
tools to minimize the identified threat, control, technologies, and protection mechanism. These
mechanisms could be helpful in improving and achieving maximum information security for the
data and then information (Haimes et al., 2015).
People: The stakeholders including internal, external and cloud service provider are the
most critical link for the information security management in the cloud computing adoption.
IT RISK ASSESSMENT CASE STUDY
program planning, Disaster recovery planning Technology rollout planning, Personnel planning,
and Risk management planning (Chandra, Challa & Hussain, 2014).
Policy: There should be certain set of guidelines for the Aztec that dedicates the
behaviour within the organization after the migration of data to the cloud and hosting cloud
applications. Recommended policies for the cloud computing adoption for Aztek can be put into
three categories that are; firstly, ISSP (Issue-Specific Security Policy), secondly, EISP
(Enterprise Information Security Policy), SysSPs (System-Specific Policies). Implementation of
these policies before or after adopting cloud computing will help in enhancing the information
security (Rivery et al., 2015).
Programs: The operations involved in the information security management should be
executed as a part of the culture of the organization and should be managed separately. Programs
such as SETA (Security Education Training and Awareness) should be enrolled in the list of the
primary activities within then management system including the physical security programs. This
will help in protecting personal credentials and devices that could be connected to the network of
the cloud (Aikat et al., 2017).
Protection: This could be a vast chapter in the implementation of cloud computing within
the existing system of Aztek as it includes risk assessment of the identified threats and issues,
tools to minimize the identified threat, control, technologies, and protection mechanism. These
mechanisms could be helpful in improving and achieving maximum information security for the
data and then information (Haimes et al., 2015).
People: The stakeholders including internal, external and cloud service provider are the
most critical link for the information security management in the cloud computing adoption.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
IT RISK ASSESSMENT CASE STUDY
There should be recognition of the roles and the responsibilities of each individual within the
organization and should be motivated toward achieving better information security management.
This section describes about the security personnel and the security of the personnel including
the aspects of the SETA program.
Project Management: This includes controlling and identifying the resources that could
be applied to the project like new infrastructure or more systems within the premises for
adopting cloud computing. Continuously monitoring the progress and motivating the employees
to the target stated by the organization. For this case of cloud adoption information system
cannot be described as a project rather it can be defined as a process in which each element
should be managed as a project (Rao et al., 2016). This should be a chain or series of projects.
Operational Categories
Security of the information while moving towards cloud adoption is also based on the
way of implementation of the technology. There are three common classification based on the
implementation, which can be listed as:
Management controls: Management security control emphasis on using assessment
methods based on the planning made earlier in manner to manage and reduce the risks related to
the data security. It can also be described as the “management controls as administrative
controls.” Most common management controls are: Firstly, Risk assessments that could be
helpful in making quantitative and qualitative analysis of the risks within the cloud adoption in
the organization and will provide helpful output for managing the serious risks. It can be
explained as cost and asset values for implementing cloud computing, and risk assessment for
that for the monetary values is a quantitative risk assessment (McCrie, 2015). However,
IT RISK ASSESSMENT CASE STUDY
There should be recognition of the roles and the responsibilities of each individual within the
organization and should be motivated toward achieving better information security management.
This section describes about the security personnel and the security of the personnel including
the aspects of the SETA program.
Project Management: This includes controlling and identifying the resources that could
be applied to the project like new infrastructure or more systems within the premises for
adopting cloud computing. Continuously monitoring the progress and motivating the employees
to the target stated by the organization. For this case of cloud adoption information system
cannot be described as a project rather it can be defined as a process in which each element
should be managed as a project (Rao et al., 2016). This should be a chain or series of projects.
Operational Categories
Security of the information while moving towards cloud adoption is also based on the
way of implementation of the technology. There are three common classification based on the
implementation, which can be listed as:
Management controls: Management security control emphasis on using assessment
methods based on the planning made earlier in manner to manage and reduce the risks related to
the data security. It can also be described as the “management controls as administrative
controls.” Most common management controls are: Firstly, Risk assessments that could be
helpful in making quantitative and qualitative analysis of the risks within the cloud adoption in
the organization and will provide helpful output for managing the serious risks. It can be
explained as cost and asset values for implementing cloud computing, and risk assessment for
that for the monetary values is a quantitative risk assessment (McCrie, 2015). However,
8
IT RISK ASSESSMENT CASE STUDY
qualitative risk assessment is based on the impact and probability of the risks that have been
identified during the risk assessment. Second component is vulnerability assessment that is an
attempt for discovering the current weaknesses or vulnerabilities. Aztec can implement
additional controls for reducing the risks from these vulnerabilities. Third approach involved in
this control is Penetration tests, which can be stated as the one step further from then
vulnerability assessment that can be helpful in attempting to exploit vulnerabilities that might
occur due to the cloud storage (Layton, 2016). An example stating the situation is that
vulnerability assessment will discover that the server is not up-to-date but the penetration test
will make an attempt in compromising the server through exploiting several of the un-patched
vulnerabilities.
Operational Controls: It could be helpful in ensuring the operational activities that are
being performed using cloud of the Aztek and complying with the overall security plan.
Operation controls that are being controlled by the individuals can be listed as: Firstly,
Awareness and training; it can be a beneficial aspect for maintaining the information security and
minimizing the threats. It could be helpful in understanding password security malware attacks,
phishing, and many more. Second control is the configuration and chain management that
ensures that the systems are properly configured (Rohdes, 2013). Third control includes
contingency plan plans that could ensure the planning and execution are going in right way.
Technical Controls: This includes protecting the data and systems from being breached
by an unwanted intruder or unauthorized use Risk. This includes proper encryption of the
systems, which could be helpful in protecting confidential and sensitive information. Antivirus,
anti-malware, IDSs (Intrusion detection systems), updated firewall, and least privilege are
recommended in this control (Peppard & Ward, 2016).
IT RISK ASSESSMENT CASE STUDY
qualitative risk assessment is based on the impact and probability of the risks that have been
identified during the risk assessment. Second component is vulnerability assessment that is an
attempt for discovering the current weaknesses or vulnerabilities. Aztec can implement
additional controls for reducing the risks from these vulnerabilities. Third approach involved in
this control is Penetration tests, which can be stated as the one step further from then
vulnerability assessment that can be helpful in attempting to exploit vulnerabilities that might
occur due to the cloud storage (Layton, 2016). An example stating the situation is that
vulnerability assessment will discover that the server is not up-to-date but the penetration test
will make an attempt in compromising the server through exploiting several of the un-patched
vulnerabilities.
Operational Controls: It could be helpful in ensuring the operational activities that are
being performed using cloud of the Aztek and complying with the overall security plan.
Operation controls that are being controlled by the individuals can be listed as: Firstly,
Awareness and training; it can be a beneficial aspect for maintaining the information security and
minimizing the threats. It could be helpful in understanding password security malware attacks,
phishing, and many more. Second control is the configuration and chain management that
ensures that the systems are properly configured (Rohdes, 2013). Third control includes
contingency plan plans that could ensure the planning and execution are going in right way.
Technical Controls: This includes protecting the data and systems from being breached
by an unwanted intruder or unauthorized use Risk. This includes proper encryption of the
systems, which could be helpful in protecting confidential and sensitive information. Antivirus,
anti-malware, IDSs (Intrusion detection systems), updated firewall, and least privilege are
recommended in this control (Peppard & Ward, 2016).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
IT RISK ASSESSMENT CASE STUDY
Threats, Vulnerabilities and Consequences Assessment
Following is the list of threats vulnerabilities and consequences along with the impact
probability and severity that could help in later risk severity matrix that could be a beneficial
aspect for the decision-making by the stakeholders:
Sl. No. Risks Explanation Probability Impact Priority
Risk 1. Supply Chain Failure Cloud service provider sometimes
hires the server of another service
provider.
L M M
Risk 2. Interface
compromises
Using cloud hosted application leads
to such issues because the customer
management interfaces of the public
Cloud service providers are mediate
access and accessible to the internet
(Albakri et al., 2014).
M VH H
Risk 3. Conflicts in the
Cloud environment
When the service provider lacks in
providing the offered services and
solutions.
M M M
Risk 4. Lock-in The customer or client got stuck
with single service provider because
moving to other could cost much
more than estimated (Theoharidou,
Tsalis & Gritzalis, 2013).
H M H
Risk 5. Intellectual property
issues
Lacking in proper infrastructure and
risks to the data and information.
L M M
Risk 6. Social Engineering It can be tricked manipulation M H M
IT RISK ASSESSMENT CASE STUDY
Threats, Vulnerabilities and Consequences Assessment
Following is the list of threats vulnerabilities and consequences along with the impact
probability and severity that could help in later risk severity matrix that could be a beneficial
aspect for the decision-making by the stakeholders:
Sl. No. Risks Explanation Probability Impact Priority
Risk 1. Supply Chain Failure Cloud service provider sometimes
hires the server of another service
provider.
L M M
Risk 2. Interface
compromises
Using cloud hosted application leads
to such issues because the customer
management interfaces of the public
Cloud service providers are mediate
access and accessible to the internet
(Albakri et al., 2014).
M VH H
Risk 3. Conflicts in the
Cloud environment
When the service provider lacks in
providing the offered services and
solutions.
M M M
Risk 4. Lock-in The customer or client got stuck
with single service provider because
moving to other could cost much
more than estimated (Theoharidou,
Tsalis & Gritzalis, 2013).
H M H
Risk 5. Intellectual property
issues
Lacking in proper infrastructure and
risks to the data and information.
L M M
Risk 6. Social Engineering It can be tricked manipulation M H M
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
IT RISK ASSESSMENT CASE STUDY
Attacks (Phishing) through sending malicious coding
via mail or any messaging media and
hamper the information saved in the
system (Theoharidou et al., 2013).
Risk 7. Malicious Insider
(Cloud Provider)
Generally formal stakeholders with
credentials can cause such risk.
H VH H
Risk 8. Ineffective deletion
of data or Insecure
Generally data is not deleted
completely from the cloud.
H VH H
Risk 9. Loss of Governance Completely dependent on the service
provider for own data and
information.
VH VH VH
Risk 10. Technical risks Not meeting the infrastructure
requirement leads to such risks
M M M
Risk 11. Intercepting data in
transit
Involvement of an intruder while
data transfer could intercept the
exchange of information (Carlson,
2014).
M H M
Risk 12. Isolation Failure There are chances of failure in data
transfer either not properly uploaded
or not encrypted properly.
H H M
Risk 13. DDOS (Distributed
Denial of Service)
This is a network attack that happens
due to many requests at the same
moment from different applications
or sources (Latif et al., 2014).
M H M
Risk 14. Loss of Losing decryption code is similar to L H M
IT RISK ASSESSMENT CASE STUDY
Attacks (Phishing) through sending malicious coding
via mail or any messaging media and
hamper the information saved in the
system (Theoharidou et al., 2013).
Risk 7. Malicious Insider
(Cloud Provider)
Generally formal stakeholders with
credentials can cause such risk.
H VH H
Risk 8. Ineffective deletion
of data or Insecure
Generally data is not deleted
completely from the cloud.
H VH H
Risk 9. Loss of Governance Completely dependent on the service
provider for own data and
information.
VH VH VH
Risk 10. Technical risks Not meeting the infrastructure
requirement leads to such risks
M M M
Risk 11. Intercepting data in
transit
Involvement of an intruder while
data transfer could intercept the
exchange of information (Carlson,
2014).
M H M
Risk 12. Isolation Failure There are chances of failure in data
transfer either not properly uploaded
or not encrypted properly.
H H M
Risk 13. DDOS (Distributed
Denial of Service)
This is a network attack that happens
due to many requests at the same
moment from different applications
or sources (Latif et al., 2014).
M H M
Risk 14. Loss of Losing decryption code is similar to L H M
11
IT RISK ASSESSMENT CASE STUDY
Cryptographic keys the loss of data as the user will not
be able to recover his or her files.
Risk 15. Service Engine
Compromised
Compromise of the major
component could lead to serious
risks that in general very less
probability (Craig & Shackelford,
2013).
L VH H
Risk 16. EDOS (Economic
Denial of Service)
Manipulation with the budget
planning by an unauthorized user
could create distance for the users in
availing the complete service that is
being offered by the service
provider.
L H M
Risk 17. Cloud-specific
network related
technical attacks or
failures
This could cause serious issues
while exchanging the files means
either uploading or downloading, by
consumer or the service provider.
The loss in internet connection or
failure in establishing proper
network. Natural calamities and low
bandwidth network are the main
reasons for this cause.
M M M
Risk 18. Natural Disasters Calamities like earthquakes,
flooding, tsunamis and many others
could affect the infrastructure of the
service provider and will
VL H M
IT RISK ASSESSMENT CASE STUDY
Cryptographic keys the loss of data as the user will not
be able to recover his or her files.
Risk 15. Service Engine
Compromised
Compromise of the major
component could lead to serious
risks that in general very less
probability (Craig & Shackelford,
2013).
L VH H
Risk 16. EDOS (Economic
Denial of Service)
Manipulation with the budget
planning by an unauthorized user
could create distance for the users in
availing the complete service that is
being offered by the service
provider.
L H M
Risk 17. Cloud-specific
network related
technical attacks or
failures
This could cause serious issues
while exchanging the files means
either uploading or downloading, by
consumer or the service provider.
The loss in internet connection or
failure in establishing proper
network. Natural calamities and low
bandwidth network are the main
reasons for this cause.
M M M
Risk 18. Natural Disasters Calamities like earthquakes,
flooding, tsunamis and many others
could affect the infrastructure of the
service provider and will
VL H M
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 22
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.