International Of Information The Management -Myassignmenthelp.Com

Question: Discuss About The International Of Information The Management? Answer: Introduction The concept of cloud computing can be applied to different field and areas which are related to the concept of information technology. The cloud computing can offer many advantages but it can be stated that the failure of the appropriate security related to the information marketing the service higher in cost with potential loss of business bodies using the technology. When any business organization tend to move towards the concept of cloud, they should have a clear idea of the benefits, which are related to the security and the risk factors, which are associated with it. There should be a realistic expectation of the implications of the services of the cloud computing from the providers of the service (Almorsy, Grundy Mller, 2016). The main aim of the report is to take into consideration the aspect of the cloud security when implemented in business framework. The threats and the vulnerability which is applied to the concept of cloud computing are mainly discussed in the report. According to the scenario which is taken into consideration, the IT risk assessment would be done for the Gigantic corporation in the technological aspect of cloud computing. Threats There are many types of threats which are associated with the concept of cloud computing. Organization before moving towards the concept of should have a clear idea of the threats, which are discussed below: Data Breaches: Organization usually store a huge amount of data into the concept of cloud. This eventually makes it an attractive target from the point of view of the hackers. In some cases when the breach is in the sector of health care data, financial data and details of the revenue it can be more devastating. This may lead to incur fines, criminal charges and face lawsuits. Exploiting system vulnerabilities: In the concept of cloud, enterprises share memory, digital resources and databases for their functionality. This can create a surface of new attack. If the hackers exploit the system bugs and the vulnerability, it can be a big security problem. Compromising system credentials: In any type of technology, there should always be an access grant, which are given to individual. This mainly ensures that the critical information of the organization are secured from unauthorized people within the organization. In most of the cases, it is seen that it fails to remove the account of the user even after they leave the organization, which makes the data vulnerable to other people. Hijacking the accounting: In the concept of cloud computing, the attacker can eavesdrop on the transaction related to financial activities. In order to achieve in depth strategy of protection multifactor authentication could be employed (Shahzad, 2014). Data loss: When any authorized user uploads, files to the concept of cloud, there are chances for data loss. This can be costly from the point of view of the organization. A recent report stated that in the sector of the health care industry the total cost of breach was about $4.1 billions. The incorporation of the data loss prevention (DLP) system plan is very much vital for the security of the crucial data (Khansa Zobel, 2014). Vulnerabilities When any organization decide to migrate to the concept of cloud, the following vulnerability should be taken into consideration: Reliability and availability of service: The users of the cloud service always want their data to be available when they need them. This is not always the case with the service. One of the best example of situation is that in case of lightening where power cut is a common problem. Session riding: Session riding mainly refers to an attack where the attackers uses cookie of an application and use them in the name of the user for their own benefit. Cloud Service Provider lock in: the selection of the cloud provider should be made in a way, which allow the user to move to another cloud provider when needed by him or her due to some problem. The user does not want to use a Cloud Service Provider who forces the user to use their own service (Jouini Rabai, 2016). Consequences The consequences of the problem, which are related to the concept of the cloud, can high a wide range of effect on the organization. The following points would be discussing about the effect of the problem, which is encountered, with the implementation of the cloud. Security issue: The cloud data can be accessed from everywhere when the user wants to do it. Therefore, it can be stated here that if data breach occurs via the process of hacking the business data can be compromised. The cloud providers have gone largely to protect the data of the business body by means of implementing most sophisticated data security systems. Cost related to data transfer: Many of the business organization need transfer of large amount of data. In this context it can be stated that the transferring of the data to the cloud (inbound) is free of charge, on the other hand, the outbound data transfer is charged according to the GB basics. Cost: At first it can be noticed that the cloud concept is much cheaper than other software giving the customer same type of service. After a business body implements the concept the modification, which is required within the framework of the concept can add an amount of amount in it. This added amount can be comes a burden for the organization (Woodside, 2015). Inflexibility: The inflexibility concept which exist in the concept of the cloud computing is another major security problem which is faced. Some of the vendors deliberately tend to lock in customer suing proprietary hardware and software.in this type of situation it is very much impossible or expensive to move to another user for the service. If any of the organization move to the concept of the cloud it should be taken care of that the vendors of the cloud stipulates that the user would retain the ownership of the data until they want it to be in possession of the cloud vendors (Krasnyanskaya Tylets, 2015). Existing industry risk recommendations Recommendations 1: Identification of the processing operation and the data, which is passed, to the cloud: A data controller must clearly identify the data, the services and the processing operation, which are hosted in the concept of the cloud. Taking into consideration each type of processing which can be related to the data, the customer must be able to establish which type of data they are concerned with. There are mainly four types of data, which are sensitive data, personal data, data that are used in the business application and strategy data for any organization. Recommendations 2: Definition of the own legal and technical requirement related to security: Taking into consideration about the transition to the concept of cloud, it can be considered as a rigorous approach relating to legal and technical security. In most of the outsourcing, concepts the service providers provide a tailor made response of the specification of the customer. In case of cloud service in most of the times, a standard approach is used for all. However, the customer must define its own requirement in order to judge whether the offers, which are envisaged, meet the requirement of the organization. Recommendations 3: Risk analysis to identify the security management for the company: Carrying out a full risk analysis is very much important for the organization who is moving into the concept of cloud computing. This enables the organization to define the appropriate security aspects, which can be demanded to the service providers or could be implemented within the organization (Duncan Whittington, 2015). The main recommendation in this aspect is that the customer should access the relevant risk from the point of view of organization position and study the measures, which are out in place by the organization and the service providers which can reduce the risk. Recommendations 4: Identification of the relevant type of cloud model for planned processing: There are various type of cloud deployment model, which can be implemented according to the requirement of the organization. The cloud deployment models are public, hybrid and private. As each of the model of the cloud service have a specific offer, it should be compared by means of identifying the strength and the weakness in term of the demand of the organization. This mainly helps in choosing the appropriate offers according to the requirement and the data, which is being, processed types. Recommendations 5: Choosing a service provider-offering guarantee: The data controller should be able to provide the customer service, which ensures their obligations. In some of the cases it can be stated that in the public SaaS and PaaS customer although choose the service they cannot give instruction about the service. On the other hand, the organization could not effectively control the confidentiality and the security, which is given by the service providers. They should be taking into consideration this aspect so that they can benefit from the technology (Hendre Joshi, 2015). Protection mechanisms for website The protection mechanism that can be applied to the concept of the website are stated below: Structure: The defenses, which are related to the structure, can be stated as a mechanism intended to implement access control policies. Providing the functional unit with their own functionality and the implementation of the associated separation with change in the control. This may include discretionary access control and different structures of communication for example firewall, diodes and other similar barriers. Behavior: This mainly involves limiting changes; fail safe modes, effect of time, intrusion, and anomaly detection and system response. This mainly include least privilege, duties and other similar types of limitations. Content: Content control mainly include separation mechanism, which is highly surety, filters that is low surety, and transform which is medium surety. They include marketing, analyze of location and the different situation, which mainly determine which information should be transformed or allowed to pass. Perception: The defense, which is related to the perception, include obscurity, deception methods and appearances. This mainly ensures technical protection that directly contacts the attackers and their agents (Kalaiprasath, Elankavi Udayakumar, 2017). Conclusion The report can be concluded on a note that the concept of cloud computing can be very much beneficial for the organization if the security issues are taken into consideration. The different security issue that are majorly faced in the concept are discussed in the report. The main concern, which play a vital role, is the protection of the data of the user. There should be sufficient security aspects involved for the data from the end of the cloud providers so that the user are able to depend on the service which is provided to them. References Almorsy, M., Grundy, J., Mller, I. (2016). An analysis of the cloud computing security problem.arXiv preprint arXiv:1609.01107. Duncan, B., Whittington, M. (2015). Company Management Approaches Stewardship or Agency: Which Promotes Better Security in Cloud Ecosystems?.Cloud Comput, 154-159. Hendre, A., Joshi, K. P. (2015, June). A semantic approach to cloud security and compliance. InCloud Computing (CLOUD), 2015 IEEE 8th International Conference on(pp. 1081-1084). IEEE. Jouini, M., Rabai, L. B. A. (2016). A Security Framework for Secure Cloud Computing Environments.International Journal of Cloud economics and Computing (IJCAC),6(3), 32-44. Kalaiprasath, R., Elankavi, R., Udayakumar, D. R. (2017). Cloud. Security and Compliance-A Semantic Approach in End to End Security.International Journal Of Mechanical Engineering And Technology (Ijmet),8(5). Khansa, L., Zobel, C. W. (2014). Assessing innovations in cloud security.Journal of Computer Information Systems,54(3), 45-56. Krasnyanskaya, T. M., Tylets, V. G. (2015). Designing the cloud technologies of psychological security of the person. (3), 192-199. Luna, J., Suri, N., Iorga, M., Karmel, A. (2015). Leveraging the potential of cloud security service-level agreements through standards.IEEE Cloud Computing,2(3), 32-40. Narula, S., Jain, A. (2015, February). Cloud computing security: Amazon web service. InAdvanced Computing Communication Technologies (ACCT), 2015 Fifth International Conference on(pp. 501-505). IEEE. Rasheed, H. (2014). Data and infrastructure security auditing in cloud computing environments.International Journal of Information Management,34(3), 364-368. Samarati, P., di Vimercati, S. D. C., Murugesan, S., Bojanova, I. (2016). Cloud security: Issues and concerns.Encyclopedia on Cloud Computing, 1-14. Shahzad, F. (2014). State-of-the-art survey on cloud computing security Challenges, approaches and solutions.Procedia Computer Science,37, 357-362. Woodside, J. M. (2015). Advances in Information, Security, Privacy Ethics: Use of Cloud Computing For Education. InHandbook of Research on Security Considerations in Cloud Computing(pp. 173-183). IGI Global.