Imagine you are an Information Security Manager in a medium-sized organization. Your CIO has asked you to
Question:
Imagine you are an Information Security Manager in a medium-sized organization. Your CIO has asked you to prepare a case analysis report and presentation on establishing internal controls in cloud computing. The CIO has seen several resources online which discuss the security risks related to Cloud-based computing and storage.
You are being asked to summarize the information you can find on the Internet and other sources that are available. Moving forward, the CIO wants to have a firm grasp of the benefits and risks associated with public, private, and hybrid cloud usage. There is also concern over how these systems if they were in place, should be monitored to ensure not only proper usage but also that none of these systems or their data have been compromised.
Write a paper in which you:
Provide a summary analysis of the most recent research that is available in this area.
Examine the risks and vulnerabilities associated with public clouds, private clouds, and hybrids. Include primary examples applicable to the case studies you previously reviewed.
Suggest essential controls that organizations could implement to mitigate these risks and vulnerabilities.
Develop a list of IT audit tasks that address a cloud computing environment based on the results from the analysis of the case studies, the risks and vulnerabilities, and the mitigation controls.
Introduction to Information Systems Supporting and Transforming Business
ISBN: 978-1118063347
4th edition
Authors: Kelly Rainer, Casey Cegielski