Assignment 1:
Case Study : Mitigating Cloud Computing Risks
Imagine you are an Information Security Manager in a medium-sized organization. Your CIO has asked you to prepare a case analysis report and presentation on establishing internal controls in cloud computing. The CIO has seen several resources online which discuss the security risks related to Cloud based computing and storage. One that stood out was located at https://www.isaca.org/Journal/Past-Issues/2011/Volume-4/Pages/Cloud-Computing-Risk-Assessment-A-Case-Study.aspx. You are being asked to summarize the information you can find on the Internet and other sources that are available. Moving forward, the CIO wants to have a firm grasp of the benefits and risks associated with public, private, and hybrid cloud usage. There is also concern over how these systems, if they were in place, should be monitored to ensure not only proper usage, but also that none of these systems or their data have been compromised.
Write a three to four (3-4) page paper in which you:
1.Provide a summary analysis of the most recent research that is available in this area.
2.Examine the risks and vulnerabilities associated with public clouds, private clouds, and hybrids. Include primary examples applicable from the case studies you previously reviewed.
3.Suggest key controls that organizations could implement to mitigate these risks and vulnerabilities.
4.Develop a list of IT audit tasks that address a cloud computing environment based on the results from the analysis of the case studies, the risks and vulnerabilities, and the mitigation controls.
5.Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Assignment must follow these formatting requirements:
•Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
•Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date.
The cover page and the reference page are not included in the required assignment page length.
Assignment 2 : Access Restrictions
In a business environment, controlling who has access to business information and at what level is critical for facilitating day-to-day business operations. There are three levels of information access: no access, read access, and read-write access. Use a business of your choice to answer the criteria for this assignment.
Write a five to six (5-6) page paper in which you:
1.Identify the business you have selected.
2.Create five (5) cases in which the no-access level should be applied within the selected business environment. Explain the reasons for no access.
3.Provide five (5) cases in which the read-access level should be applied within a business environment. Explain the reasons for read access.
4.Provide five (5) cases in which the read-write level should be applied within the selected business. Explain the reasons for read-write access.
5.Determine the type of access levels you would provide to a contractor or consultant.
6.Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Assignment must follow these formatting requirements:
•Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format.
•Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.