Hybrid Cloud Architecture Risk Report for Regional Gardens Ltd.
VerifiedAdded on 2019/09/23
|23
|7203
|209
Report
AI Summary
This report provides a comprehensive analysis of a hybrid cloud architecture proposed for Regional Gardens Ltd. The report recommends an AWS hybrid cloud solution, detailing its benefits such as flexibility and scalability, while also acknowledging potential issues like increased infrastructure dependency and security concerns. A risk report identifies potential threats, including encryption issues, denial-of-service attacks, malware, data leakage, and authentication problems, along with a risk register assessing the impact and likelihood of each risk. Treatment strategies and controls are proposed to mitigate these risks, covering encryption protocols, anti-malware tools, data loss prevention, and enhanced network security. The report also includes a migration plan outlining the purpose, approach, and phases involved in transitioning to the hybrid cloud environment, along with critical points and issues to consider. The report emphasizes the importance of robust security measures and a well-defined migration strategy to ensure a successful implementation.
qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmrtyuiopasdfghjklzxcv
Regional Gardens Ltd.
Cloud Computing
5/12/2018
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmrtyuiopasdfghjklzxcv
Regional Gardens Ltd.
Cloud Computing
5/12/2018
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Regional Gardens Ltd.
Table of Contents
Hybrid Cloud Architectures...................................................................................................................2
AWS Hybrid Cloud...........................................................................................................................2
Benefits of the Hybrid Cloud Architecture........................................................................................3
Issues with Hybrid Cloud Architecture..............................................................................................4
Risk Report for Hybrid Cloud & Microservices....................................................................................4
List of Risks Identified......................................................................................................................4
Risk Register.....................................................................................................................................5
Treatment Strategies & Controls.......................................................................................................7
Proposed Information Security Controls................................................................................................8
Administrative Controls....................................................................................................................9
Technical/Logical Controls.............................................................................................................10
Physical Controls.............................................................................................................................11
BCP Changes.......................................................................................................................................12
Application Resilience.....................................................................................................................12
Data Storage and Backup.................................................................................................................12
Disaster Recovery............................................................................................................................13
Hybrid Cloud Administration & SLA Management............................................................................14
Remote Administration....................................................................................................................14
Resource Management....................................................................................................................15
SLA Management............................................................................................................................16
Migration Plan.....................................................................................................................................17
Purpose of the Plan..........................................................................................................................17
Migration Approach........................................................................................................................17
Phases in Migration.........................................................................................................................17
Initiation Phase............................................................................................................................17
Planning Phase.............................................................................................................................17
Execution Phase...........................................................................................................................18
Control Phase...............................................................................................................................18
Closure Phase..............................................................................................................................19
Critical Points & Issues...................................................................................................................19
References...........................................................................................................................................21
1
Table of Contents
Hybrid Cloud Architectures...................................................................................................................2
AWS Hybrid Cloud...........................................................................................................................2
Benefits of the Hybrid Cloud Architecture........................................................................................3
Issues with Hybrid Cloud Architecture..............................................................................................4
Risk Report for Hybrid Cloud & Microservices....................................................................................4
List of Risks Identified......................................................................................................................4
Risk Register.....................................................................................................................................5
Treatment Strategies & Controls.......................................................................................................7
Proposed Information Security Controls................................................................................................8
Administrative Controls....................................................................................................................9
Technical/Logical Controls.............................................................................................................10
Physical Controls.............................................................................................................................11
BCP Changes.......................................................................................................................................12
Application Resilience.....................................................................................................................12
Data Storage and Backup.................................................................................................................12
Disaster Recovery............................................................................................................................13
Hybrid Cloud Administration & SLA Management............................................................................14
Remote Administration....................................................................................................................14
Resource Management....................................................................................................................15
SLA Management............................................................................................................................16
Migration Plan.....................................................................................................................................17
Purpose of the Plan..........................................................................................................................17
Migration Approach........................................................................................................................17
Phases in Migration.........................................................................................................................17
Initiation Phase............................................................................................................................17
Planning Phase.............................................................................................................................17
Execution Phase...........................................................................................................................18
Control Phase...............................................................................................................................18
Closure Phase..............................................................................................................................19
Critical Points & Issues...................................................................................................................19
References...........................................................................................................................................21
1
Regional Gardens Ltd.
Hybrid Cloud Architectures
AWS Hybrid Cloud
Hybrid cloud architecture is defined as the integration of on premise resources along with the
cloud resources. Regional Gardens Ltd. is an organization that needs to preserve it on-
premises technology and include enhanced cloud resources to carry out its business
operations. Hybrid cloud architecture has therefore been proposed for the organization. The
migration of legacy IT system is not easy and its takes time. The selection of the cloud
provider therefore needs to be done in such a manner that the hybrid strategy is successfully
implemented and costly new investments are not required. Amazon Web Services (AWS)
hybrid cloud architecture has been recommended for the organization to simply the business
operations and to allow the company to achieve its business goals.
AWS Hybrid Cloud Architecture
AWS has developed a wide range of hybrid cloud services and activities across the
operations, such as data storage, security, connectivity and networking, deployment of the
applications, management tools, and several others. The AWS hybrid cloud architecture
would allow the organization to integrate the cloud securely and easily with the existing
2
Hybrid Cloud Architectures
AWS Hybrid Cloud
Hybrid cloud architecture is defined as the integration of on premise resources along with the
cloud resources. Regional Gardens Ltd. is an organization that needs to preserve it on-
premises technology and include enhanced cloud resources to carry out its business
operations. Hybrid cloud architecture has therefore been proposed for the organization. The
migration of legacy IT system is not easy and its takes time. The selection of the cloud
provider therefore needs to be done in such a manner that the hybrid strategy is successfully
implemented and costly new investments are not required. Amazon Web Services (AWS)
hybrid cloud architecture has been recommended for the organization to simply the business
operations and to allow the company to achieve its business goals.
AWS Hybrid Cloud Architecture
AWS has developed a wide range of hybrid cloud services and activities across the
operations, such as data storage, security, connectivity and networking, deployment of the
applications, management tools, and several others. The AWS hybrid cloud architecture
would allow the organization to integrate the cloud securely and easily with the existing
2
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Regional Gardens Ltd.
architecture by extending the current investments (Aws, 2018). The AWS hybrid cloud
architecture has been shown in the figure above.
It has been recommended for the organization as it will economically store massive sets of
data and will provide mechanisms to utilize the new cloud-native databases. The customer
will be able to clearly view the data sets and there will be enhanced transparency developed
between the customers and the organization. The backup of the data sets will be possible to
be developed in a cost effective manner. The hybrid cloud architecture comes with a storage
gateway service. The service will seamlessly integrate the existing and newer cloud
components. It follows a multi-protocol storage appliance coupled with extremely efficient
network connection to deliver enhanced performance to the users.
The second layer of the hybrid cloud architecture provides the mechanism to connect the on-
premises and cloud resources with the aid of a common network to develop a single
enterprise environment for enhanced security. The extension of the network connections may
be easily done so that the AWS resources operate the cloud operations as part of the
organization. The physical connectivity may also be extended so that a dedicated and private
network connection may be set-up. Integrated identity and access strategy is another reason
that is present behind the selection of the cloud architecture. The cloud architecture will allow
the creation and management of the various users, user groups, access, permissions, and
identity in extreme detail. There are managed services that are offered by AWS to connect the
resources with Microsoft Active Directory and to merge the policy with the existing set of
tools. The extremely robust hybrid architecture involved integration of the application
development, application deployment, and management strategies across the various
environments. VMware is also one of the close associates of AWS and there is a relationship
that has been developed between AWS and VMware to carry out the cloud operations and
activities.
Benefits of the Hybrid Cloud Architecture
The primary benefit that hybrid cloud architecture will provide to the organization will be in
terms of flexibility and scalability. The business operations of Regional Gardens Ltd. are
continuously changing and there may be increase or decrease in the demands of cloud
services that may be observed in the years to come. The hybrid cloud architecture will allow
the organization with the opportunity to explore the new products and business operations at
all times. One of the primary concerns with cloud platforms is the downtime due to
3
architecture by extending the current investments (Aws, 2018). The AWS hybrid cloud
architecture has been shown in the figure above.
It has been recommended for the organization as it will economically store massive sets of
data and will provide mechanisms to utilize the new cloud-native databases. The customer
will be able to clearly view the data sets and there will be enhanced transparency developed
between the customers and the organization. The backup of the data sets will be possible to
be developed in a cost effective manner. The hybrid cloud architecture comes with a storage
gateway service. The service will seamlessly integrate the existing and newer cloud
components. It follows a multi-protocol storage appliance coupled with extremely efficient
network connection to deliver enhanced performance to the users.
The second layer of the hybrid cloud architecture provides the mechanism to connect the on-
premises and cloud resources with the aid of a common network to develop a single
enterprise environment for enhanced security. The extension of the network connections may
be easily done so that the AWS resources operate the cloud operations as part of the
organization. The physical connectivity may also be extended so that a dedicated and private
network connection may be set-up. Integrated identity and access strategy is another reason
that is present behind the selection of the cloud architecture. The cloud architecture will allow
the creation and management of the various users, user groups, access, permissions, and
identity in extreme detail. There are managed services that are offered by AWS to connect the
resources with Microsoft Active Directory and to merge the policy with the existing set of
tools. The extremely robust hybrid architecture involved integration of the application
development, application deployment, and management strategies across the various
environments. VMware is also one of the close associates of AWS and there is a relationship
that has been developed between AWS and VMware to carry out the cloud operations and
activities.
Benefits of the Hybrid Cloud Architecture
The primary benefit that hybrid cloud architecture will provide to the organization will be in
terms of flexibility and scalability. The business operations of Regional Gardens Ltd. are
continuously changing and there may be increase or decrease in the demands of cloud
services that may be observed in the years to come. The hybrid cloud architecture will allow
the organization with the opportunity to explore the new products and business operations at
all times. One of the primary concerns with cloud platforms is the downtime due to
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Regional Gardens Ltd.
occurrence of security risks or availability issues. There is also a lot of maintenance time that
is demanded by the other cloud platforms in the market. However, hybrid cloud architecture
is stable as it includes the features of private as well as public cloud (Xue & Xin, 2016).
There is highest degree of stability that is promised and comes along with hybrid cloud.
These cloud architectures are also cost-effective in nature and have reduced latency.
Issues with Hybrid Cloud Architecture
There is an increased infrastructure dependency that comes along with hybrid cloud
architecture. For any of the cloud-related issue or outage, there is a lot of reliance on the
internal IT staff. Security is another primary concern that is witnessed with the hybrid cloud
architecture. There may be security issues as lack of encryption, denial of service and
distributed denial of service attacks, malware attacks, data leakage, authentication issues, etc.
that may come up (Jenkins, 2014).
Risk Report for Hybrid Cloud & Microservices
List of Risks Identified
Risk Name Description of the Risk
Encryption Issues The data sets present on the cloud platform may not be
encrypted properly leading to the exposure of information
properties and contents
Denial of Service &
Distributed Denial of
Service Attacks
The malicious entities may launch garbage traffic on the cloud
connections which may disrupt the availability of the service
and the data sets
Malware Attacks There may be attacks of malicious codes, such as viruses,
worms, logic bombs, ransomware, and others
Data Leakage The data and information present on the hybrid cloud
architecture may get leaked in between that may impact the
integrity of the information sets
Unprotected APIs API endpoints may be utilized by the malevolent entities to
expose the sensitive data and information sets
Authentication & Identity
Issues
Access to the sensitive and confidential data sets to the
unauthorized entities due to poor authentication and identity
management
4
occurrence of security risks or availability issues. There is also a lot of maintenance time that
is demanded by the other cloud platforms in the market. However, hybrid cloud architecture
is stable as it includes the features of private as well as public cloud (Xue & Xin, 2016).
There is highest degree of stability that is promised and comes along with hybrid cloud.
These cloud architectures are also cost-effective in nature and have reduced latency.
Issues with Hybrid Cloud Architecture
There is an increased infrastructure dependency that comes along with hybrid cloud
architecture. For any of the cloud-related issue or outage, there is a lot of reliance on the
internal IT staff. Security is another primary concern that is witnessed with the hybrid cloud
architecture. There may be security issues as lack of encryption, denial of service and
distributed denial of service attacks, malware attacks, data leakage, authentication issues, etc.
that may come up (Jenkins, 2014).
Risk Report for Hybrid Cloud & Microservices
List of Risks Identified
Risk Name Description of the Risk
Encryption Issues The data sets present on the cloud platform may not be
encrypted properly leading to the exposure of information
properties and contents
Denial of Service &
Distributed Denial of
Service Attacks
The malicious entities may launch garbage traffic on the cloud
connections which may disrupt the availability of the service
and the data sets
Malware Attacks There may be attacks of malicious codes, such as viruses,
worms, logic bombs, ransomware, and others
Data Leakage The data and information present on the hybrid cloud
architecture may get leaked in between that may impact the
integrity of the information sets
Unprotected APIs API endpoints may be utilized by the malevolent entities to
expose the sensitive data and information sets
Authentication & Identity
Issues
Access to the sensitive and confidential data sets to the
unauthorized entities due to poor authentication and identity
management
4
Regional Gardens Ltd.
Poor IP Protection The protection measures installed for the sensitive and
confidential data sets may not be adequate (An, Zaaba &
Samsudin, 2016)
Weak Security
Management
There may be too many enterprise managers involved that may
lead to the presence of conflicts and inability to develop strong
security policies. This may lead to the presence of security
vulnerabilities
Eavesdropping Attacks The attackers may intrude the network channels and monitor the
network activities to obtain confidential information
Lack of Data Ownership There may be too many data owners involved that may lead to
poor ownership and control leading to the presence of security
vulnerabilities
Insider Threats & Attacks The employees of Regional Gardens may pass on the
information to the unauthorized entities violating the security
norms. This may be deliberate or accidental
Risk Register
Risk Name Impact Score
(Very High – 5
High – 4
Average – 3
Minor – 2
Low – 1)
Likelihood
Score (Very
High – 5
High – 4
Average – 3
Minor – 2
Low – 1)
Risk
Score/Rank
(Impact x
Likelihood)
Treatment & Response
Strategy
Encryption Issues 4 3 12 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Denial of Service &
Distributed Denial of
Service Attacks
5 4 20 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
5
Poor IP Protection The protection measures installed for the sensitive and
confidential data sets may not be adequate (An, Zaaba &
Samsudin, 2016)
Weak Security
Management
There may be too many enterprise managers involved that may
lead to the presence of conflicts and inability to develop strong
security policies. This may lead to the presence of security
vulnerabilities
Eavesdropping Attacks The attackers may intrude the network channels and monitor the
network activities to obtain confidential information
Lack of Data Ownership There may be too many data owners involved that may lead to
poor ownership and control leading to the presence of security
vulnerabilities
Insider Threats & Attacks The employees of Regional Gardens may pass on the
information to the unauthorized entities violating the security
norms. This may be deliberate or accidental
Risk Register
Risk Name Impact Score
(Very High – 5
High – 4
Average – 3
Minor – 2
Low – 1)
Likelihood
Score (Very
High – 5
High – 4
Average – 3
Minor – 2
Low – 1)
Risk
Score/Rank
(Impact x
Likelihood)
Treatment & Response
Strategy
Encryption Issues 4 3 12 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Denial of Service &
Distributed Denial of
Service Attacks
5 4 20 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
5
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Regional Gardens Ltd.
control the risk. Risk
mitigation may be used in
case of occurrence.
Malware Attacks 4 4 16 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Data Leakage 4 4 16 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Unprotected APIs 4 3 12 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Authentication & Identity
Issues
4 2 8 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Poor IP Protection 5 2 10 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Weak Security 4 3 12 Risk avoidance shall be the
6
control the risk. Risk
mitigation may be used in
case of occurrence.
Malware Attacks 4 4 16 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Data Leakage 4 4 16 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Unprotected APIs 4 3 12 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Authentication & Identity
Issues
4 2 8 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Poor IP Protection 5 2 10 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Weak Security 4 3 12 Risk avoidance shall be the
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Regional Gardens Ltd.
Management treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Eavesdropping Attacks 4 4 16 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Lack of Data Ownership 3 3 9 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Insider Threats & Attacks 4 3 12 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Treatment Strategies & Controls
Risk Name Treatment Strategies
Encryption Issues The cryptographic and encryption protocols and algorithms that are
utilized by the organization must ensure that the latest available norms
are used and implemented. Reliable proxy server and secure shell
network must be utilized.
Denial of Service &
Distributed Denial
of Service Attacks
There are anti-denial tools that are available in the market and these
tools must be implemented across the organization. Flow analytics shall
also be used to assess the network flow and the patterns involved in the
7
Management treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Eavesdropping Attacks 4 4 16 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Lack of Data Ownership 3 3 9 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Insider Threats & Attacks 4 3 12 Risk avoidance shall be the
treatment strategy adopted
to prevent, detect, and
control the risk. Risk
mitigation may be used in
case of occurrence.
Treatment Strategies & Controls
Risk Name Treatment Strategies
Encryption Issues The cryptographic and encryption protocols and algorithms that are
utilized by the organization must ensure that the latest available norms
are used and implemented. Reliable proxy server and secure shell
network must be utilized.
Denial of Service &
Distributed Denial
of Service Attacks
There are anti-denial tools that are available in the market and these
tools must be implemented across the organization. Flow analytics shall
also be used to assess the network flow and the patterns involved in the
7
Regional Gardens Ltd.
same.
Malware Attacks Anti-malware tools must be used and deployed across the organization.
Data Leakage The leakage and beaching of information may take place due to security
vulnerabilities. There shall be data loss prevention measures that shall
be used. Also, advanced access control and authentication protocols
shall be utilized so that such occurrences do not take place.
Unprotected APIs The third-parties associated with the organization shall be verified
before they are handed over the security key. Also, the vulnerability
assessment shall be done regularly (Vurukonda & Rao, 2016).
Authentication &
Identity Issues
There shall be multi-path asymmetric and symmetric access control,
role-based and attribute-based access control that shall be used. Multi-
fold authentication using the combination of user credentials, one time
passwords, single sign on, and biometric recognition shall be done.
Poor IP Protection The network security shall be enhanced with the use of installation of
automated network scanner and auditors. System logs shall also be
automatically captured and analysed.
Weak Security
Management
The organization must develop security plans and policies that shall be
followed and implemented and there must be automated tools used to
assess the compliance of the same.
Eavesdropping
Attacks
There are network-based intrusion detection and prevention tools
developed along with automated network monitors that must be
implemented.
Lack of Data
Ownership
The data ownership shall be defined and store in the centralized
repository and the databased and the permissions and rights shall be set
up accordingly.
Insider Threats &
Attacks
The employees of the organization shall be provided with the security
and ethical trainings and there performance shall be monitored using
automated performance assessment tools (Mathkunti, 2014).
Proposed Information Security Controls
There are various security risks and issues that may take place in any of the business
organization. The data sets present with the organization may not be encrypted properly
leading to the exposure of information properties and contents. The malicious entities may
8
same.
Malware Attacks Anti-malware tools must be used and deployed across the organization.
Data Leakage The leakage and beaching of information may take place due to security
vulnerabilities. There shall be data loss prevention measures that shall
be used. Also, advanced access control and authentication protocols
shall be utilized so that such occurrences do not take place.
Unprotected APIs The third-parties associated with the organization shall be verified
before they are handed over the security key. Also, the vulnerability
assessment shall be done regularly (Vurukonda & Rao, 2016).
Authentication &
Identity Issues
There shall be multi-path asymmetric and symmetric access control,
role-based and attribute-based access control that shall be used. Multi-
fold authentication using the combination of user credentials, one time
passwords, single sign on, and biometric recognition shall be done.
Poor IP Protection The network security shall be enhanced with the use of installation of
automated network scanner and auditors. System logs shall also be
automatically captured and analysed.
Weak Security
Management
The organization must develop security plans and policies that shall be
followed and implemented and there must be automated tools used to
assess the compliance of the same.
Eavesdropping
Attacks
There are network-based intrusion detection and prevention tools
developed along with automated network monitors that must be
implemented.
Lack of Data
Ownership
The data ownership shall be defined and store in the centralized
repository and the databased and the permissions and rights shall be set
up accordingly.
Insider Threats &
Attacks
The employees of the organization shall be provided with the security
and ethical trainings and there performance shall be monitored using
automated performance assessment tools (Mathkunti, 2014).
Proposed Information Security Controls
There are various security risks and issues that may take place in any of the business
organization. The data sets present with the organization may not be encrypted properly
leading to the exposure of information properties and contents. The malicious entities may
8
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Regional Gardens Ltd.
launch garbage traffic on the cloud connections which may disrupt the availability of the
service and the data sets. There may be attacks of malicious codes, such as viruses, worms,
logic bombs, ransomware, and others. The data and information present on the cloud
architecture may get leaked in between that may impact the integrity of the information sets.
API endpoints may be utilized by the malevolent entities to expose the sensitive data and
information sets. Access to the sensitive and confidential data sets provided to the
unauthorized entities due to poor authentication and identity management. The protection
measures installed for the sensitive and confidential data sets may not be adequate. There
may be too many enterprise managers involved that may lead to the presence of conflicts and
inability to develop strong security policies. This may lead to the presence of security
vulnerabilities. The attackers may intrude the network channels and monitor the network
activities to obtain confidential information. There may be too many data owners involved
that may lead to poor ownership and control leading to the presence of security
vulnerabilities. The employees of an organization may pass on the information to the
unauthorized entities violating the security norms. This may be deliberate or accidental.
Administrative Controls
The primary responsibility of an organization is to develop an information security plan and
policy that shall be implemented across the organization. The plan and policies must
comprise of the security standards and practices that shall be followed, possible security
risks, impact of these risks on the resources and organizations, and the set of controls that
shall be applied. These plans shall be regularly updated. The responsibility of these tasks
shall be on the Chief Information Security Officer (CIO) along with the other resources in the
security team.
CIO, Security Manager, Security Auditor, and Security Analysts must carry out regular and
frequent security audits and inspections. Such practices will highlight the possible security
loopholes and the areas of improvement. The team must publish the security do(s) and
don’t(s) for the resources and the review reports shall also be shared (Anderson, Baskerville
& Kaul, 2017).
Vulnerability and risk assessment policy shall also be developed according to which there
must be regular assessment of possible security weaknesses in the organization. It would also
be essential to develop risk management plans comprising of the steps as risk identification,
risk assessment, risk evaluation, risk treatment, risk monitoring, and risk closure. The risk
9
launch garbage traffic on the cloud connections which may disrupt the availability of the
service and the data sets. There may be attacks of malicious codes, such as viruses, worms,
logic bombs, ransomware, and others. The data and information present on the cloud
architecture may get leaked in between that may impact the integrity of the information sets.
API endpoints may be utilized by the malevolent entities to expose the sensitive data and
information sets. Access to the sensitive and confidential data sets provided to the
unauthorized entities due to poor authentication and identity management. The protection
measures installed for the sensitive and confidential data sets may not be adequate. There
may be too many enterprise managers involved that may lead to the presence of conflicts and
inability to develop strong security policies. This may lead to the presence of security
vulnerabilities. The attackers may intrude the network channels and monitor the network
activities to obtain confidential information. There may be too many data owners involved
that may lead to poor ownership and control leading to the presence of security
vulnerabilities. The employees of an organization may pass on the information to the
unauthorized entities violating the security norms. This may be deliberate or accidental.
Administrative Controls
The primary responsibility of an organization is to develop an information security plan and
policy that shall be implemented across the organization. The plan and policies must
comprise of the security standards and practices that shall be followed, possible security
risks, impact of these risks on the resources and organizations, and the set of controls that
shall be applied. These plans shall be regularly updated. The responsibility of these tasks
shall be on the Chief Information Security Officer (CIO) along with the other resources in the
security team.
CIO, Security Manager, Security Auditor, and Security Analysts must carry out regular and
frequent security audits and inspections. Such practices will highlight the possible security
loopholes and the areas of improvement. The team must publish the security do(s) and
don’t(s) for the resources and the review reports shall also be shared (Anderson, Baskerville
& Kaul, 2017).
Vulnerability and risk assessment policy shall also be developed according to which there
must be regular assessment of possible security weaknesses in the organization. It would also
be essential to develop risk management plans comprising of the steps as risk identification,
risk assessment, risk evaluation, risk treatment, risk monitoring, and risk closure. The risk
9
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Regional Gardens Ltd.
register shall be prepared for the risks that are identified and shall be updated to incorporate
newer risks in the register.
The employees must be made aware of the security practices that they shall follow through
the organization of the security trainings and sessions. There are deliberate or accidental
occurrences given shape by the employees wherein they transfer the sensitive information
sets to the unauthorized entities (Otero, 2010). The employees must be aware of the possible
outcomes of such a situation and shall also be provided with the ethical trainings and
principles. The ethical codes shall be known to the employees.
Technical/Logical Controls
The organizations in the current times are making use of the schemes, such as remote
working and Bring Your Own Devices (BYOD) at work. Such schemes enhance the
employee satisfaction levels but bring in a lot many device related security issues. The
employees are provided with the ability to access the sensitive data and information
associated with the business on their personal gadgets. The connectivity of such devices to
unsecure networks or exposure of the sensitive information to unauthorized entities may lead
to the emergence of security risks and attacks. For this purpose, there shall be device security
controls, such as device trackers, encryption of the device data, and device logs that shall be
included.
There are certain basic security practices that shall be followed, such as use and
implementation of proxy server and firewalls. The use of weak or poor passwords by the
users is one of the prime reasons that provide the attackers with the ability to give shape to
the security attacks. Such incidents may be avoided by using stronger passwords. The
cryptographic and encryption protocols and algorithms that are utilized by the organization
must ensure that the latest available norms are used and implemented. Reliable proxy server
and secure shell network must be utilized. There are anti-denial tools that are available in the
market and these tools must be implemented across the organization. Flow analytics shall
also be used to assess the network flow and the patterns involved in the same. Anti-malware
tools must be used and deployed across the organization. The leakage and beaching of
information may take place due to security vulnerabilities. There shall be data loss prevention
measures that shall be used. Also, advanced access control and authentication protocols shall
be utilized so that such occurrences do not take place. The third-parties associated with the
organization shall be verified before they are handed over the security key. Also, the
10
register shall be prepared for the risks that are identified and shall be updated to incorporate
newer risks in the register.
The employees must be made aware of the security practices that they shall follow through
the organization of the security trainings and sessions. There are deliberate or accidental
occurrences given shape by the employees wherein they transfer the sensitive information
sets to the unauthorized entities (Otero, 2010). The employees must be aware of the possible
outcomes of such a situation and shall also be provided with the ethical trainings and
principles. The ethical codes shall be known to the employees.
Technical/Logical Controls
The organizations in the current times are making use of the schemes, such as remote
working and Bring Your Own Devices (BYOD) at work. Such schemes enhance the
employee satisfaction levels but bring in a lot many device related security issues. The
employees are provided with the ability to access the sensitive data and information
associated with the business on their personal gadgets. The connectivity of such devices to
unsecure networks or exposure of the sensitive information to unauthorized entities may lead
to the emergence of security risks and attacks. For this purpose, there shall be device security
controls, such as device trackers, encryption of the device data, and device logs that shall be
included.
There are certain basic security practices that shall be followed, such as use and
implementation of proxy server and firewalls. The use of weak or poor passwords by the
users is one of the prime reasons that provide the attackers with the ability to give shape to
the security attacks. Such incidents may be avoided by using stronger passwords. The
cryptographic and encryption protocols and algorithms that are utilized by the organization
must ensure that the latest available norms are used and implemented. Reliable proxy server
and secure shell network must be utilized. There are anti-denial tools that are available in the
market and these tools must be implemented across the organization. Flow analytics shall
also be used to assess the network flow and the patterns involved in the same. Anti-malware
tools must be used and deployed across the organization. The leakage and beaching of
information may take place due to security vulnerabilities. There shall be data loss prevention
measures that shall be used. Also, advanced access control and authentication protocols shall
be utilized so that such occurrences do not take place. The third-parties associated with the
organization shall be verified before they are handed over the security key. Also, the
10
Regional Gardens Ltd.
vulnerability assessment shall be done regularly. There shall be multi-path asymmetric and
symmetric access control, role-based and attribute-based access control that shall be used.
Multi-fold authentication using the combination of user credentials, one time passwords,
single sign on, and biometric recognition shall be done. The network security shall be
enhanced with the use of installation of automated network scanner and auditors. System logs
shall also be automatically captured and analysed. The organization must develop security
plans and policies that shall be followed and implemented and there must be automated tools
used to assess the compliance of the same. There are network-based intrusion detection and
prevention tools developed along with automated network monitors that must be
implemented (Fazlida & Said, 2015). The data ownership shall be defined and store in the
centralized repository and the databased and the permissions and rights shall be set up
accordingly. The employees of the organization shall be provided with the security and
ethical trainings and there performance shall be monitored using automated performance
assessment tools. Disaster recovery is a method that may be used to put check on the damage
that may be caused after the occurrence of the security risk or other disaster. The readiness of
an organization to deal with such situations must be updated at all times. There are automated
backup and disaster recovery tools that shall be set in place.
Physical Controls
With the development of the technical controls and measures, the security architects and team
have started ignoring the importance of physical security controls for an organization.
There must be entry of only the authorized entities that shall be allowed in the premises of a
business organization. Physical security plays a great role in ensuring the same. There must
be security guards and personnel deployed at all of the entry and exit gates and the identity
verification, and bag checking shall be performed while entering and exiting from the
premises.
There shall also be physical security of the sensitive areas, such as server rooms and data
centres that shall be enhanced with security personnel. The monitoring of the security shall be
manually and physically done to avoid the occurrence of any security risk.
11
vulnerability assessment shall be done regularly. There shall be multi-path asymmetric and
symmetric access control, role-based and attribute-based access control that shall be used.
Multi-fold authentication using the combination of user credentials, one time passwords,
single sign on, and biometric recognition shall be done. The network security shall be
enhanced with the use of installation of automated network scanner and auditors. System logs
shall also be automatically captured and analysed. The organization must develop security
plans and policies that shall be followed and implemented and there must be automated tools
used to assess the compliance of the same. There are network-based intrusion detection and
prevention tools developed along with automated network monitors that must be
implemented (Fazlida & Said, 2015). The data ownership shall be defined and store in the
centralized repository and the databased and the permissions and rights shall be set up
accordingly. The employees of the organization shall be provided with the security and
ethical trainings and there performance shall be monitored using automated performance
assessment tools. Disaster recovery is a method that may be used to put check on the damage
that may be caused after the occurrence of the security risk or other disaster. The readiness of
an organization to deal with such situations must be updated at all times. There are automated
backup and disaster recovery tools that shall be set in place.
Physical Controls
With the development of the technical controls and measures, the security architects and team
have started ignoring the importance of physical security controls for an organization.
There must be entry of only the authorized entities that shall be allowed in the premises of a
business organization. Physical security plays a great role in ensuring the same. There must
be security guards and personnel deployed at all of the entry and exit gates and the identity
verification, and bag checking shall be performed while entering and exiting from the
premises.
There shall also be physical security of the sensitive areas, such as server rooms and data
centres that shall be enhanced with security personnel. The monitoring of the security shall be
manually and physically done to avoid the occurrence of any security risk.
11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 23
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.