RiskAssessmentforCloudComputing11.xlsx
Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper
Cloud Computing App Inventory
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The information provided be
|
|
| low |
serves as the important insights on the type of apprilcations, sowafre and essnetila programs thta are required for successful management of online viting sytem by the BallotOnline. This information is vital to both the entire orgnization, cloud service provider and information technology team to monitor, assesss and evalaute any potentila risks and vulnarabilities assocoated with such programs/software and other applciations
Name of Application or System |
Operating System |
Category (
| online voting |
Application,
Business |
Application, Data Center Application, Biomedical Application, Web Application, etc)
Description |
BigPulse |
|
|
| Hosted (Cloud Based) |
online voting
Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper
Managing elections |
SurveyLegend |
Hosted (Cloud Based) Business
Conducting and managing surveys |
Eligo |
Hosted (Cloud Based)
olinne voting |
Manage electronic votes |
AssociationVoting tools |
Hosted (Cloud Based)
web based. |
provide proxy voting services |
Cloud Computing
Risk |
Assessment
Cloud Computing Risk Assessment Module |
This worksheet has been intentiionally creted to help information technology management team for BallotOline company togther with
|
|
| cloud vendors |
to understand major risks abd vulnarability issues thta could cause devastating impacts it their bussiness. as provided below, risk assessment worksheet has hiloghted wide range of risks and security threats thta could affect BallotOline company bussunes and other essenatila operations upon aopting cloud servcies. it also provide exstenive description of the severity of the risk identified along with possible technologies that are put in place to mitgate such risks whenever they are anticpated, noticed or occur. also the risk assessment matrix shown below has provided more details about cloud security best practices that should be adopted by BallotOnline company to approriately deal with each of the risks and vulnarabilities identified. it is
| high |
ly recommednded for BallotOnline company to strictly take note of the risk associated with adoption of cloud servcies and perhaps deploy the best security approches to mitigate such risks before cybercriminals access and harms its key computing resources.
As vulnerabilities are discovered you can record them and evaluate the level of risk using this report. |
Vulnerability
Name |
Risk
Description |
Threat
Source |
Existing
Controls |
Likelihood
of Occurrence |
|
| Impact |
Severity
Risk
Level |
Potential Best Practice Control |
Comments |
Organizational Owner |
Describe a particular weakness or flaw in your security that could be exploited by a threat source to cause a security violation or breach. |
Describe, in business terms, the type of harm to the organization if this vulnerability is exploited by a threat source. |
Describe the threats that could take advantage of this vulnerability. Consider the 4 categories of threats: Adversarial, Accidental, Structural, Environmental; as well as more specific examples such as external / internal, users, visitors, virus, natural hazard, etc. |
Describe the safeguards already in place that reduce this risk. Consider physical, technical and administrative safeguards. |
Very
|
|
|
|
|
|
|
|
|
|
|
|
|
| High |
, High,
|
|
|
|
|
|
| Moderate |
,
|
| Low |
,
| Very Low |
mkroll: mkroll:
See
Likelihood, Impact, Risk
tab for defintions
|
|
|
| Very High |
, High, Moderate, Low, Very Low
mkroll: mkroll:
See Likelihood, Impact, Risk tab for defintions
Very High, High, Moderate, Low, Very Low
mkroll: mkroll:
See Likelihood, Impact, Risk tab for defintions
Give a recommendation for the best new safeguard(s) that can reduce the risk from this vulnerability further. |
Need to assign an owner (accountability and follow-up) |
Unauthorized Access |
May compromise data or lead to data loss. |
interanal and externals users. |
| access control |
High High High
Obtain assurances that cloud provider conducts periodic risk assessments, including information about who conducts risk assessment, how often, and whether such assessments include penetration testing. |
weak passwords and Compromised Credentials often results into unauthrized access |
Insecure Interfaces/APIs |
May lead to routing attacks or and uthentication attacks |
Adverserial, accidental, structural and environmental. |
|
| None |
low High High
Use tokens along with Use encryption and signatures. |
Inadequate validation and bad coding results to Insecure APIs |
|
|
| IT security manager |
Hijacking of Accounts |
Lead to data Encryption and holding it for ransom |
| Adversarial outsider (e.g., hacker) |
Information sent to cloud provider is encrypted in transit |
| moderate |
High Low
povide End Point Security |
sysytem vuknrabilties and Third-Party Access.are major causes of account hijacking |
IT security manager
Lack of Visibility |
negatiiveky impacts network perfimance. |
strcutural and envirnemental |
| none |
high High Moderate
Add AI and ML tools to faclitate centralized monitoring |
inadquate Knowledge and Expertise results into lack of visibility |
cloud vendors
External Sharing of Data |
lead to security and personal data breaches |
Adversarial outsider (e.g., hacker) none Moderate High Moderate
share the encrypted version of the data. |
cloud vendors should control how data os shared |
cloud vendors
Malicious Insiders |
loss of confidential data. |
internal users |
access control low High Moderate
Institute policy and provide training that users may not share passwords with anyone |
adopt access control measures |
Departmenatl IT securiyy managers |
Cyberattacks |
Unauthorized person access and comprimise data. |
Adversarial insider or outsider |
None high High Moderate
Implement strict password. Establish and enforce account management policies and practices. |
configure approruate securty measures |
IT security manager
Denial of Service Attacks |
Authorized user access data and withholds it for ransom demand |
Users |
Robust security practices to monitor and filter unwanted traffic. |
moderate High High
Combine firewalls, VPN, anti-spam and other security layers. |
monitor system vulnarabilities |
IT security manager
Abuse of Cloud Services |
confidenatil data is access and compromosed. |
structural and adverarial |
None low High Moderate
Enable Multi-Factor Authentication. With limited access to sensitive data |
implement access cntrol measures |
cloud vendors
Adoption of cloud computing can results to wide range of business compliance issues. Among these issues include; data security responsibility. Many organization believe that share responsibility models means that data security responsibility is also shared. as per security compliance regulations, it is an exclusive responsibility of business entities to to own data security responsibility to secure sentive customer data. this can be achieved via increased data security awareness. Ballot Online as an organization need to develop security awareness program that provide more knowledge to its IT experts on the relevant regulations the company need to comply with to avoid legal issues. another compliance issues to consider in this case is improper access control due to indiscriminate sharing of login credentials among the staff members. this can be avoided by imposing least privileges approach where employees will be only allowed to only access resources they need to execute their duties. finally there are issues and concerns with cloud buckets an aspect that make data vulnerable and susceptible to cyber criminals. |
Likelihood, Impact, Risk
Definitions of Key Terms: Likelihood, Impact, Risk |
Risk
Risk is described as bed as a scenario that exposes people, animals ,bussiness and environment to danger. |
Likelihood |
Likelihood is defined as the probality at which a certain event may occur over a specified period of time. |
Likelihood Level |
Likelihood Definition
Anticipated frequency of occurrence is: |
Very High
Almost 98% likelihood of risk occurrence via accidents, errors or natural events in every year. |
High
May originate from Error, accident, or act of nature . Likelihood is 80% annually. |
Moderate
Error, accident, or act of nature is somewhat likely to occur; occurrence is 45% per year |
Low
results from either Error, accident, or act of nature and can heppens once or twice a year. |
Very Low
reults for errors and natural events but only once in over 10 years |
Impact
impact is defined as the severity of consequences caused by security breach or natural ly occuring disasters. Such imapcts my neggaitively affect the public, bussness entities, groups of people, employees, countries or even envirobement. |
The following are adverse impacts that should be considered when scoring: |
Type of Impact |
Impact
Harm to Operations |
Halt bussiness operations. |
Harm to Assets |
> theft of bussiness secret.
> data comprimise
> Damage to computing infrastructure
> Data loss
> Loss of intellectual property. |
Harm to Individuals |
> loss of confiention and personal data.
> Reputational damage
> identify theft. |
Harm to Other Organizations |
> Reputational damage
> Lawsuits and fines
> Loss of trust and contracts.
> Increases financila costs.
> triggers enemity among companies.
> Damage to trust.
|
Harm to the nation |
> Damage to or incapacitation of a critical infrastructure sector.
> Loss of government continuity of operations.
> erodes trust and good relatiship.
> loss of bussiness continuity with other nations
> Results to economic damage |
Magnitude of Impact |
Impact Definition |
Very High
these are events whose consequences lead to massive loss of finance, assets and other valuable items. May also cause death and other forms of destruction |
High
These events normaly cause major negative impacts such as fincial loses, damge to property and injuries. |
Moderate
moderate risks or threats only affets productivity by impacting oragnizations vision, mission and objectives. It only disprupts bussness activities for a short while. |
Low
These are minor risk whose impacts often cause litlle or no harm to oragnizational operations |
Very Low
Very low risk have no significant impacts to a bussiness. Bussines oeprationsl continues as Normal while relevant authriuties works on the issues to |
Turn in your highest-quality paper
Get a qualified writer to help you with
“ DoneDont Purchase, Click On This File And It Will Download Automatically ”
Get high-quality paper
NEW! AI matching with writer