Cloud Risks & Risks Management

- Please cite your work in your responses

- Please use APA (7th edition) formatting 

- All questions and each part of the question should be answered in detail (Go into depth)

- Response to questions must demonstrate understanding and application of concepts covered in class, 

- Use in-text citations and at LEAST 2 resources per discussion from the school materials that I provided to support all answers. 

- No grammatical errors; Complete sentences are used. Proper formatting is used. Citations are used according to APA

Lastly, Responses MUST be organized (Should be logical and easy to follow)

QUESTIONS:

As an IT analyst for BallotOnline, a company providing voting solutions to a global client base, you are working to convince the organization to move the current infrastructure to the cloud. Your supervisor and the director of IT, Sophia, has asked you to summarize for the company executives the potential risks and compliance issues that BallotOnline will have to contend with in the transition to the cloud.

Question 1-Step 1: Research Risks Associated with Cloud Adoption

The first step in assessing risk in cloud computing will be to identify and describe risk concepts and cloud computing risk factors associated with cloud adoption. As a software as a service (SaaS) company considering an infrastructure as a service (IaaS) cloud service provider for your hosting needs, consider third party outsourcing issues and the generally accepted best practices for cloud adoption and review relevant cloud risk case studies. You should also consider best practices for cloud adoption.

As part of the risk management process, identify and describe other types of risk, such as risks associated with having a service-level agreement (SLA). An example of a potential risk could be if your company is obligated to protect personal information, and then the cloud provider that you use suffers a security breach exposing that personal information.

Here, identify and describe other types of risks or potential liability issues that apply to BallotOnline and discuss them with your colleagues in the Discussion: Risk forum.

Question 2-Step 2: Identify the Most Appropriate Guidelines for Managing Risks

In order to identify guidelines applicable to your company's industry, you must have an understanding of the different types of risk management guidelines that exist and are frequently applicable in cloud environments.

There are several cybersecurity standards applicable to cloud computing environments such as the NIST Cybersecurity Framework,  ISO standards, and US federal government standards (DoD/FIPS), as well as several major sets of risk guidelines for dealing with the risks involved. Also, there are organizations such as the Cloud Security Alliance (CSA) that recommend best practices for managing risks.

Review the different guidelines and determine which are most appropriate for BallotOnline. For example, NIST has responsibility for developing a number of elections industry guidelines within the United States.

Identify why those guidelines are most appropriate and compile these items into a brief (one page or less) recommendation and justification of your choice. Your recommendation will also be incorporated into your final report in the final step.

Submit your recommendation for review using the steps described below.