Information security and risk management
Words: 275
Pages: 1
60
60
DownloadTHREAT AND VULNERABILITY ASSESMENT
By Name
Class (Course)
Instructor (Tutor)
Institution
The City and State
The Date
Threat and Vulnerability Assessment
The risk is commonly described by a combination of a threat and vulnerability, affecting an asset (Rev, 2012, pg. 13). When transferring a whole database of student details to the clouds to be accessed by a group of lecturers and tutors, there are bound to be threats and vulnerability.
Top security risks
There will be loss of governance: When the student database is transferred to the cloud control on some security issues shifts to the cloud provider thus a gap in security as a result of lack of commitment by the cloud provider on the service level agreement for such security measures and compliance risk as a result of industry standard requirements.
Data protection: data in the cloud leads to sharing of responsibility that may result to data insecurity as one party particularly the data controller may find it difficult to assess if the cloud provider is legally handling the data.
Availability chain: information on the cloud is dependent on internet connectivity which may result in failure in accessing information from time to time.
Failure of isolation: Cloud computation can be defined by the shared resources and multi-tenancy characteristics that cause failure of ability to separate storage or memory of different tenants increasing chances of attacks such as ‘guest hopping”.
Malicious insider: One individual may have complete access to all information in the database stored in the cloud and may breech the confidentiality and integrity of this data.
Wait! Information security and risk management paper is just an example!
Risk RATINGDESCRIPTION
R1 5 Highly exposed, high severity
R24 Moderate exposure and high severity
R3 1 Minor exposure and severity
R43 Minor exposure and high severity; highly exposed and minor severity or
Moderate exposure and moderate severity
R5 4 Modest exposure and high severity or highly exposed and moderate
Severity (©SANS Institute 2002).
Conclusion
To mitigate this risks, the authorities in charge of this data should; ensure a clear and strongly defined Service Level Agreement and defined cloud provider policies and certification as well as Prohibit sharing of user accounts between users and services (Jitendra 2014).
References
Jitendra, Kumar Singh (2014) Cloud Computing – “types of risks and associated and their mitigation procedures.” https://www.infosysblogs.com/thought-floor/2014/03/cloud_computing_types_of_risks_.html
Rev. B (2012). Cloud Computing -“Benefits, risks, and recommendations for information security.”
©SANS Institute 2002, “An overview of Threat and Risk Assesment”
Subscribe and get the full version of the document name
Use our writing tools and essay examples to get your paper started AND finished.
