Project 2 Cloud computing

profilecyberspin
compliancereport.docx
Home>Information Systems homework help>Project 2 Cloud computing

Risk Assessment and Compliance Report

Proposal compliance

The company employees who would be tasked with overseeing the program are

Keith Stevens- project manager, his work will be to ensure the whole process of transition runs smoothly by executing and planning the details of the project.

Linda Brians – system engineer, her work will be to make sure the system conforms with the selected cloud services, hence meeting business needs.

Kennedy Jones –security administrator, will be to implement security strategies internally and in partnership with the chosen cloud provider.

The high-level procedures required are:

The company will incorporate the use of public key infrastructure as part of its policy of replacing passwords.

The monitoring and auditing system will be turned on at all times.

The company will comply with all the relevant laws governing data protection.

Infrastructure access will be restricted through the use of firewalls.

High-level programs for education and training are:

The employees will be taught by a private trainer who is a cloud computing expert.

E-learning for cloud computing will be put in place every week.

Employees will be encouraged to take certification courses on cloud computing.

In considering the relationship between the program components, the business will adopt cloud messaging services as its form of communication. The business will depend on the cloud provider in ensuring that the security mechanisms are top-notch and the system can't be breached in any way. Hence relying on their policies and procedures in making sure such things are achieved.

The enforcement mechanism that will be used positive enforcement mechanism, where transparency and bureaucracy are put in place in ensuring all the applicable laws are complied with to avoid any legal actions.

A compliance audit plan will be created to evaluate whether the ongoing auditing and monitoring plan addresses the compliance areas that are of high risk to the organization. The plan will also help determine whether the internal controls are being addressed adequately by the auditing and monitoring mechanisms.

The compliance issues will be handled by ensuring the program's manager has adequately calculated some of the potential damages the risk presented might cause, and he will also determine the scale of indirect and direct consequences that can be brought about financially by compliance issue. Proper policies and procedures will develop the corrective action plan to address all deficiencies found in the risk area, and the manager will ensure the action plans are working as they were intended.

A risk assessment can be handled by first identifying the risk in place and then analyzing the risk by determining the consequences and likelihood of the risk. After that, the risk is then evaluated by determining its magnitude. The next step is the treatment of the risk by minimizing the probability of how negatively the risk might affect the business. Then later finalizing by reviewing and monitoring the risk (Stevenson, 2018).