Cloud computing Risk management
alisghAssessment item 3
Risk Management Evaluation
Value: 20%
Due date: 30-May-2015
Return date: 24-May-2015
Submission method options:
Alternative submission
Task
DTGOV uses Microsoft Office 2010 as its office productivity suite and Microsoft Exchange 2010 for email. The DTGOV Exchange instance is running on a cluster of physical servers operating in one of the DTGOV data centres. The DTGOV Information Management Board (IMB), headed by the CIO, has decided to move its office productivity and email suites to a service based model and want to investigate the use of an SaaS office productivity and email suite.
The IMB want to study the use of either Google Docs and Gmail or Microsoft’s Office 365 as a possible SaaS offering for DTGOV and its clients. This will be intended to replace the existing Exchange 2010 data centre infrastructure as well as the Office 2010 installation on all desktop computers.
You have been assigned the task of providing the IMB with both a Risk Management assessment and a Security assessment for this proposed migration. You are to:
- Select either Google Docs/Gmail or Office 365 as the SaaS provider.
- Provide an Information Security assessment on your chosen provider using the techniques proposed by Ramgovind et al, (http://ezproxy.csu.edu.au/login?url=http://dx.doi.org/10.1109/ISSA.2010.5588290) and the ASD Cloud Computing Security Considerations (http://www.asd.gov.au/infosec/cloudsecurity.htm) as your primary references. This assessment should be no more than 2 pages.
- Provide a Risk Management assessment for your chosen provider using the Threat and Risk Assessment Questionnaire (White, P. 2015), as a template. You are to completeonly the following sections of the template:
- Section 6 Data, A. Data Classification
- Section 6 Data, C. Backup
- Section 7. Identity Management
- Section 10 B. VPN
- Section 10. C. Cryptography
- Section 11. Cloud Services
Each section is to be completed with only the following detail:
- Is the question applicable: yes, no or NA
- What do you think are the likely consequences of the risk? (see Appendix B, Consequences for the term to use)
- What do you think is the likelihood of the risk occurring? (see Appendix B, Likelihood for the term to use)
- What is the risk rating for this question? (see Appendix B, Risk Rating for the risk rating)
- Provide a covering one page executive summary to the IMB for these two documents and summarise the risk management and security benefits and drawbacks of the proposed migration of office productivity services to an SaaS model.
Marking Criteria:
Question | Marks |
---|---|
Executive Summary | 10 |
Information Security Assessment | 20 |
Risk Management Assessment | 20 |
Total | 50 |
Spelling, Grammar, Presentation (up to -5 marks) | |
APA Referencing (up to -5 marks) |
Assessment Rubric
Question | HD | DI | CR | PS | FL |
---|---|---|---|---|---|
Executive Summary | Clear & comprehensive summary of Security and Risk assessments that highlights all major issues | Detailed summary of Security and Risk assessments that highlights most major issues | Good summary of Security and Risk assessments that highlights many major issues | Adequate summary of Security and Risk assessments that highlights some major issues | Inadequate or incomplete summary of Security and Risk assessments that highlights few or no major issues |
Information Security Assessment | Clear, comprehensive assessment of InfoSec issues, critical points identified & discussed, | Detailed assessment of InfoSec issues, most critical points identified & discussed, | Good assessment of InfoSec issues, many critical points identified & discussed, | Adequate assessment of InfoSec issues, some critical points identified & discussed, | Inadequate or incomplete assessment of InfoSec issues, few or no critical points identified & discussed, |
Risk Management Assessment | Clear, comprehensive description of Risk Management issues, critical points identified & discussed, | Detailed description of Risk Management issues, many critical points identified & discussed, | Good description of Risk Management issues, many critical points identified & discussed, | Adequate description of Risk Management issues, some critical points identified & discussed, | Inadequate or incomplete description of Risk Management issues, critical points identified & discussed, |
Spelling, Grammar, Presentation | Up to 5 marks may be deducted for poor presentation, spelling and grammar | ||||
APA Referencing | Up to 5 marks may be deducted for not providing or following the proper APA style of referencing. Note that the guide for APA referencing is provided in the Resource Section of the ITC561 Interact site. |
- 9 years ago
- 20
Purchase the answer to view it
- cloud_computing_numbered.docx
- Final Report
- AJS 512 Week 3 Individual Assignment Leading Group Challenges Paper
- ACC 546 Week 1 Individual Assignment Auditing Introduction Letter
- My MathLab Quiz and Homework
- Math Homework
- Acct hmwk
- for kim woods
- SPE 537 Week 1 Individual Assignment Key Issues Paper
- Information Security Governance - Assignment 4 : Week 9
- Econ.. multiple choice Q. from econLab