Risk Management Evaluation Assignment 2 ITC561 ✓ Solved

Risk Management Evaluation Assignment 2 ITC561 Risk Management

Risk Management Evaluation Assignment 2 ITC561

Executive Summary

As we selecting Google Docs as the SaaS provider, proper actions are to be upheld when handling Google Docs servers as the software service providers. This is a challenge posed from several grounds, starting from its vulnerability to hacking and eavesdropping to the complex breakdown of the whole server. Thorough backups should be constantly made in order to maintain security of storage. Credentials provide some kind of privacy to users, and therefore, confidentiality is significant to each particular user and subscriber.

Moreover, these logon credentials bar against unauthorized access, as well as providing for identification during a breach in the cloud’s network security. In as much as Google Docs provides faster access, the enlisted challenges must be delved into, and the proposed security measures enforced. Google Docs services offer quick and efficient data storage centers that allow companies and business organizations realize higher customer and client transactions. Most of the considerations to handle clients on an expanding scale lie within these services and the promising scenarios held within the servers.

Additionally, most of the transactions held within the clouds could hold moral issues, but with advancements in technological security and ethics, more services are being engineered to make up for the loopholes observed within the servers and the client providers. These software-based services are bound to last for longer periods with intermediary updates and certificate upgrading to ensure enforcement of commitment among the subscribers. Each specific aspect of cloud computing must be considered with utmost care before deploying a specific kind of server to be used in the migration process or any other kind of attachment for provision of client services round the clock.

Information Security Assessment

Users own accounts separately. These require security credentials during logging in to access the account services and details. Several failed repeated attempts lead to the closure of the accounts or temporary blockage. Every user is entitled to their own accounts with no access to other person’s accounts. Super users are administrators with credentials to reset passwords and edit client information, with privileges to delete users who violate rules. Passwords must be changed occasionally to dissuade hackers from accessing critical and sensitive information.

All users have different levels of access to the system, with a few users having extreme user privileges to oversee the accounts of other users and monitor their transactions. These are the super users with the ability to delete or add users into the system. Default account settings are provided for other users who might want to provide feedback. Also, passwords of all subscribed users are encrypted to ensure security. All user information sent over the network has VPNs for remote connection. These are secure and tunneled securely through secure tunnels.

The sessions created for the VPNs are destroyed to prevent tracking and unauthorized access by crackers and hackers. All applications are enforced with SSL certificates that ensure that they are signed to prevent against alterations. Moreover, these HTTPS and SSL certificates provide security within the network. Cloud connections must comply with Security Assertion Markup Language for any transaction to prevent against alterations and any overwriting. All encrypted data should provide for decryption keys to be used in order to identify with information within the cloud Google Docs or Gmail servers.

Each user shall be authorized to access different levels of files on the cloud server. Only administrators are to be granted authority to edit or alter information stored in the servers. This is an entire session of setting up privileges of access to the resources that can be accessed by different persons or users within the network. Availability is an essential part of Google Docs. In every instance, one is able to access the resources on the public cloud. With these rights and advantages comes a big challenge of confidentiality.

Public cloud servers mean that every individual can access the information. Therefore, the confidentiality of users’ information should be maintained by the administrators. Security key to confidentiality and both are a function of each other. This calls for utmost integrity when instituting rights to administrators.

Risk Management Assessment

Data Classification

  • Does all critical business data have an identified owner? Yes
  • Data is classified according to the NSW Classifications and Labeling Guidelines? No
  • Is access to sensitive customer data authorized by the data owner? No
  • All data files and locations that may contain confidential or restricted data are documented? No

Backup

  • Are backups of business critical data performed regularly? Yes
  • Is there an automated way to verify all backups completed? No
  • Do you periodically restore from backup tapes to ensure integrity? No
  • Are backup tapes stored in an environmentally controlled and secure area? Yes

Account Management

  • Is each customer account owned or sponsored by the customer? Yes
  • Is concurrent access prohibited? Yes
  • Are accounts locked out after a number of failed attempts? Yes
  • Are accounts disabled after a period of inactivity? Yes

Paper For Above Instructions

Risk management evaluation is an essential component of ensuring the safety, confidentiality, and integrity of data in cloud services such as Google Docs. As organizations increasingly rely on Software as a Service (SaaS) providers, it is vital to assess risks associated with these platforms continuously. This paper evaluates the various risks related to Google Docs, incorporating an executive summary and detailed assessments of information security and risk management.

To begin with, Google Docs, as a SaaS provider, presents several vulnerabilities including hacking, unauthorized access, and potential data loss due to server issues. Therefore, maintaining a constant backup system is crucial to safeguarding data. Regular updates and rigorous security protocols, including encryption and secure credentials, help protect against unauthorized access, ensuring the confidentiality of user data.

Information security assessments demonstrate that users must take precautions when accessing their Google Docs accounts. The requirement for secure login credentials minimizes the risk of unauthorized access. Furthermore, adherence to strict password management practices—such as periodic changes and the use of encryption—enhances user account security.

The administration layer, comprised of super users, holds critical responsibilities, including maintaining user access privileges and ensuring compliance with security standards. Implementing a tiered access control system, in which different users have varying levels of accessibility, is essential to prevent data breaches and maintain confidentiality in sensitive transactions.

Moreover, the deployment of Virtual Private Networks (VPNs) allows secure remote access to documents, ensuring that all data transmitted is protected through secure tunnels, and bolstering overall security measures across cloud services. Utilizing SSL certificates further enhances the security of data by preventing alterations and maintaining the integrity of user sessions.

Evaluating risk management practices reveals that classification and documentation of critical data are essential preventive measures. Organizations must define clear ownership of business data, classify it according to established guidelines, and document sensitive data locations. The likelihood of identified risks being exploited increases when data is not adequately managed and protected.

Backups of critical data must be regular and automated to verify completion. This practice ensures that data integrity can be restored, minimizing potential data loss significantly. Employees should receive training on security practices and the protocols for handling sensitive data. Moreover, conducting regular audits of backup procedures ensures compliance and reliability, preventing issues that could arise due to oversight.

Account management procedures should be stringent, including locking accounts after repeated failed access attempts and disabling inactive accounts. This not only helps prevent unauthorized access but also assures that access to data is maintained within legitimate user parameters. Regular reconciliations of user accounts and privileges, including stringent checks on super users, will enhance the overall governance of security policies within Google Docs.

Furthermore, effective encryption practices must be employed, including maintaining an updated register of SSL certificates and ensuring compliance to standards such as SAML 2.0 for user authentication. This ensures a heightened state of security within Google Docs, protecting both user privacy and data confidentiality.

In conclusion, the evaluation of risk management for cloud services, particularly Google Docs, reveals the importance of implementing stringent security protocols and practices. Utilizing proper data classification, encryption, backup systems, and user management will significantly reduce vulnerabilities inherent in cloud platforms. A careful, informed approach to risk management can enhance the trustworthiness of SaaS providers, protecting user data while enabling businesses to leverage the benefits of cloud computing.

References

  • Ramgovind, S., Eloff, M., & Smith, E. (2010). The management of security in cloud computing. Information Security for South Africa (ISSA), 2010, 1-7.
  • Defence Signals Directorate. (2011). Cloud Computing Security Considerations. Canberra: Department of Defence.
  • Ali, M., & Paternoster, R. (2021). Cybersecurity and Data Protection in Cloud Computing. Journal of Information Systems and Technology, 8(2), 34-45.
  • Rashid, A., & Bux, A. (2021). Security and Privacy in the Cloud: A Survey. Journal of Cloud Computing: Advances, Systems and Applications, 10(1), 1-12.
  • Zissis, D. & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), 583-592.
  • Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1-11.
  • Shaikh, F., & Wazir, F. (2017). Risk Assessment Model for Cloud Computing. International Journal of Advanced Computer Science and Applications, 8(7), 305-311.
  • Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition. Wiley.
  • SecuCloud. (2014). Best Practices for Securing Cloud Services. Retrieved from cloudsecurityplatform.org.
  • Owais, N. & Hossain, M. (2018). Cloud Service Security: Ensuring Compliance for Enhanced Security in Cloud Computing. Security and Privacy in Cloud Computing, 6(2), 21-30.

Related Assignments