Describe how services are related to cloud computing

Assignment Help Management Information Sys
Reference no: EM131148661

Week 1: Submit Data and Applications Security Impact Analysis and Mitigation Report shell for approval.

Use Word
Title page
Course number and name
Project name
Student name
Date
Table of contents (TOC)
Use an autogenerated TOC.
Use separate pages.
It should be a maximum of 3 levels deep.

Update the fields of the TOC so that it is up-to-date before submitting your project.

Section headings (create each heading on a new page with "TBD" as the content, except for sections listed under "New content" below)
Project Outline and Requirements
Project Life Cycle Security Measures
Security Vulnerability Assessment
Virtualization Security Impact
Cloud Computing Security
Risk Mitigation Strategies for Applications and Databases
New content (to be completed in this Week 1 delivery)

JCI has hired you, a consultant, to assist them with a comprehensive look at their database and application security environment. After an initial meeting with the president and chief information officer (CIO), it was determined that your first deliverable will be twofold. First, you will identify the types of information and data processed by the company, and second, you will look at project life cycles for systems within the company and outline what security measures should be taken at each phase.

Key Assignment Overview

Throughout this course, you will work on several aspects of data and application security that will result in a Data and Applications Security Impact Analysis and Mitigation Report for a company of your choosing. This course is comprised of a series of Individual Project assignments that will contribute to a Key Assignment submission at the end of the course. Each week, you will complete a part of a Data and Applications Security Impact Analysis and Mitigation Report. You will select an organization (real or fictitious), and apply your research to the development of the Data and Applications Security Impact Analysis and Mitigation Report that would be appropriate for implementation within the organization. The goal of this course project is to develop the policies and procedures that are necessary for the data and application security in an enterprise.

Organization and Project Selection

The first step will be to select an organization as the target for your Data and Applications Security Impact Analysis and Mitigation Report. This organization can be real or hypothetical, and it will be used as the basis for each of the assignments throughout the course. It should conform to the following guidelines:

Sensitivity: The selected organization should be large, and it should contain sensitive data requiring the implementation of security measures.
Familiarity: You should be familiar enough with the organization and typical security needs without significant time required for security research and education.

Accessibility: You should have good access to security officers and management or incident response personnel in the organization because these resources will provide direction as they progress throughout the development of the report.

Note: The selected organization may already have a security plan in place and a well-functioning project life cycle to be used as the basis for the project in this course.

Select an organization that fits these requirements, and submit your proposal to your instructor before proceeding further with the assignments in the course. Approval should be sought within the first several days of the course. Your instructor will tell you how to submit this proposal and what notification will be given for project approval.

Assignment Details

For the assignments in this course, you will develop a comprehensive Data and Applications Security Impact Analysis and Mitigation Report structure where you must identify the security measures to be taken at the planning, requirements, design, development, integration and testing, and installation and acceptance phases of the project life cycle.

Task 1

Create the shell document for the final project deliverable that you will be working on throughout the course. As you proceed through each assignment, you will add content to each section of the final document to gradually complete the final project delivery. Appropriate research should be conducted to support the analysis in your plan, and assumptions may be made when necessary.

The overall Data and Applications Security Impact Analysis and Mitigation Report project will consist of the following deliverables:

Week 1: Project Outline and Requirements

Give a brief description of the company (can be hypothetical) where the Data and Applications Security Impact Analysis and Mitigation Report will be implemented. Include the types of information and data that are processed by the company, the company size, location(s), and other pertinent information.

Week 1: Project Life Cycle Security Measures

Give a summary of the security measures to be taken at the planning, requirements, design, development, integration and testing, and installation and acceptance phases of the project life cycle to include the following:

Planning phase: Identify what work products the team will have that will change, or are likely to change, and the functional relationships between those products.

Requirements phase: Identify the requirements and the functional software verifying the identity of a user. Provide any requirements that are applicable to your cryptographic module. FIPS PBU140-2 Security Requirements for Cryptographic Modules can be used as a guideline.

Design phase: Describe how the design team ensures that the software component has trusted modules.

Development phase: Describe how developers will ensure that the application being developed for the cryptographic algorithm will be secure and protective of sensitive data.

Integration and test phase: Identify what will be tested during this phase and the general integration and test procedures that will be used.

Installation and acceptance phase: Identify the purpose of the installation and acceptance phase for both the user and the organizatio

Week 2: Security Vulnerability Assessment

For the development phase of the life cycle, identify software vulnerabilities, associated poor programming practices, and the overall impact that they have on security with your selected organization.

Identify best practices for fixing vulnerabilities and insecure interactions as introduced by poor coding.

Provide a conclusion to summarize the importance of correcting the current vulnerabilities and programming practices.

Week 3: Virtualization Security Impact

Provide an impact analysis that identifies the impact of moving an organization's applications and databases to virtualization. Identify how
this move impacts network security.

Include the services being implemented in the virtualization solution.

Include the strategies needed to mitigate security vulnerabilities that are associated with the organizational virtualization effort (e.g., current virtualization security vulnerability and security risks related to hypervisor security, host or platform security, and securing communications).

Include the configuration management policies and practices that are applicable to the virtualization security implementation.

Week 4: Cloud Computing Security

Identification of security risks to be addressed in the cloud computing environment:

Operating system and other infrastructure complexity

Unauthorized user access

Increased administrator roles

Legal compliance

Issues related to programmer service mapping to the cloud

Accesses to services moved to the cloud

Describe the application that is being released into the cloud computing environment and how this affects security from a standpoint of network communications, system configuration, security controls, and user responsibilities.

Describe the migration of corporate resources to various types of clouds, such as the private, public, hybrid, and community clouds, and the associated deployment model.

Describe how services are related to cloud computing (e.g., software, platforms, and infrastructure services).

Describe how organizations are placing controls and access policies on their data to control accesses to data and their locations on servers and off-site data locations.

Week 5: Risk Mitigation Strategies for Applications and Databases

Risk Management of Software from a Business Perspective

Creates a basis for understanding what software risks are critical; current business goals, operational, and technical priorities; circumstances of taking certain business actions must be identified and understood

Business and Technical Risk

Identification of what risks financially affect which organizational goals; reputation, liability concerns, and increased development cost; business and software risks must be quantified

Risk Prioritization

Determines which business goals are critical or important and which technical risks may affect business operations

Risk Mitigation Strategy

Strategy takes into account time, resources, likelihood of operational success, and overall impact; involves metrics and validation procedures to ensure the risks are mitigated

Repair Problems With Architecture, Requirements, and Design

Involves the study of open risks, evaluating quality metrics, and judging progress against any existing riskst.

Reference no: EM131148661

Questions Cloud

How accrual accounting differs from cash basis accounting : Explain how accrual accounting differs from cash-basis accounting; - adjust the account:- An accountant made the following adjustments at December 31, the end of the accounting period:
Who is the intended audience of each article : Who is the intended audience of each article? What is the purpose or perspective of each of the articles? What are the common themes in the articles?
What is the average utilization of 10 toilets : What is the average utilization of 10 toilets?-  What is the expected time a customer will have to wait? - How long will the average toilet be empty during a 5-­-hour concert?
Design and implement the class day : Design and implement the class Day that implements the day of the week in a program. The class Day should store the day, such as Sun for Sunday
Describe how services are related to cloud computing : Describe the migration of corporate resources to various types of clouds, such as the private, public, hybrid, and community clouds, and the associated deployment model. Describe how services are related to cloud computing (e.g., software, platform..
The characteristics of an effective accounting teacher : Explain in detail the purpose of a scheme of work for Accounting as a school subject.- Critically discuss the purpose of an effective instructional objective when preparing an Accounting less
What do you think the advantages of method overloading : What side are you on? What do you think the advantages of method overloading are? How would you use method overloading when writing a program? Critique or defend your classmates' positions
Discuss issues by examining the relevant element of contract : Advise Jim if there is an enforceable contract and will Francis be successful? Discuss the issues by examining the relevant elements of contract.
Write a script that inputs three integers : Write a script that inputs three integers from the user and displays the sum, average, product, smallest and largest of the numbers in an alert dialog2

Reviews

Write a Review

Management Information Sys Questions & Answers

  Create a cost analysis and develop proposal for the company

Section 1: Network Consultation Proposal - Create a cost analysis, and develop a proposal for the company

  The use of databases software

The use of databases software - Prepare a two-page memorandum analyzing the use of databases in a credit card organization.

  The ipacs project- when it hits the fan

Read the case The IPACS Project: When IT Hits the Fan. As you read the case think about it three-sphere model terms. After reading through the case, please create a post containing the following: Three problems that occurred during the project

  Does the website offer customer reviews

Developing a system that will allow my customers to use the intelligent systems that are available online but keep my customers in my store for purchases. Does the website offer customer reviews

  Explain the four components of an information system

In a formal 250 - 500 word essay, describe the four components of an information system. Why is it important to consider each of them when designing and installing an information system

  Cost-benefit analysis for our network decisions

Cost-benefit analysis for our network decisions is a critical skill and ability in IS management. What could we do to impress the CFO with our submission?

  Discuss components that should be included in a rfp

Discuss the components that should be included in a request for proposal (RFP) document and explain how the RFP document and process can make a difference in the outcome of an information system selection.

  Discuss whether there are too many standards organizations

Discuss whether there are too many standards organizations attempting to regulate the networking field.  Consider whether consultation is necessary, and whether governmental or larger international bodies should be formed to manage standards.

  Explain the type of disaster

Explain the type of disaster, the plan your company had in place, and why the company did or did not survive

  Categories of cyber terrorism

In 250 words list at least three (3) major categories of cyber terrorism and / or information warfare. Among the chosen categories, determine the one (1) that should be the top priority for the federal government to address. Provide a rationale to..

  The history of military medicine in the united states

the history of military medicine in the united states provides some interesting benchmarks for examining how medicine

  One concept in selecting a vendor is to have an rfp request

one concept in selecting a vendor is to have an rfp request for proposal. what are the components of an rfp? why is it

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd