Risk, Security and Management Value: 20% Due Date: 26-May-2019 Return Date: 19-Jun-2019 Submission method options: Alternative submission method Task back to top Read the DTGOV Case Study before you...

1 answer below »
Please read the specifications and get me the solution


Risk, Security and Management Value: 20% Due Date: 26-May-2019 Return Date: 19-Jun-2019 Submission method options: Alternative submission method Task back to top Read the DTGOV Case Study before you attempt this assignment  A chief strategic objective of the standardisation of DTGOV’s service portfolio is to achieve increased levels of cost-effectiveness and operational optimisation. DTGOV is considering the following strategic proposal: · They plan to retain one (1) of their three (3) data centres solely for data storage. This would entail updating their Active Directory and data storage infrastructure, and moving all other infrastructure into the Cloud.   · They plan to initially move all their Web Services into the Cloud in order to provide an increased level of HA (High Availability) as well as a better degree of flexibility in supplying data to their customers and employees. This would entail changing their current web software architecture to take advantage of the flexibility and scalability that can be gained by moving to a Microservices model (this would entail the use of such services as AWS Lambda or Azure Functions, Containers, Data Services, and Cloud Edge capability and monitoring). · They also plan to migrate their LoB (Line of Business) applications to Public Cloud infrastructure to increase their flexibility and availability.   The DTGOV Board is contemplating this strategy as a way to increase the company’s flexibility and responsiveness. The Board also expects to achieve significant savings on the cost of maintaining their ICT infrastructure by eventually closing the other two (2) existing data centres. They appreciate that this would entail retraining for their existing ICT staff so that they can manage the new Cloud based infrastructure. DTGOV has again approached you to advise them on this strategy. You have previously advised DTGOV that this strategic approach will mean that they will need to ultimately design and operate a “Hybrid Cloud” methodology, where part of their data centre is “on premise” and another part in a Cloud. DTGOV also plan to run a Risk and Security Workshop to assess the risks, security issues and possible methods of control that will be required with this “Hybrid Cloud” approach. You will be required to organise, run and facilitate this workshop. The Board is also concerned about how this strategy will affect their BCP (Business Continuity Plan) and their backup and disaster recovery strategies. Tasks Your team has been engaged to provide a report for DTGOV in their planned move to a Hybrid Cloud strategy.  Team Setup This assignment is a team assignment. The rationale for using a team approach is that most IT risk management assessments are normally done by teams of between 2-5 Architects, Information Security experts, Operations and Business leaders for each problem. You will be assigned to a team and the team, as a whole, will be responsible for the development of the risk assessment. Team Member Responsibilities Each team member will be assessed on: · The final risk assessment presented by the team; · The individual contributions that they have made to the risk assessment. This will be shown by the entries that they have made in the Team forum; · Team members should note that: · A total of 20% of the total marks for this assignment are for individual contributions to the team task; · A team member without any individual contributions in the Team Forum will be regarded as having not contributed to the risk assessment. This will result in either reduced marks or no marks being awarded to that team member for this assignment. The tasks: The team’s task is to prepare a report for DTGOV that discusses the following: 1. Describe which Cloud architectures you would employ to assist DTGOV to meet the Board’s strategy? 1. Describe each of the architectures that you would use, along with your reasons for deploying it. (10 marks) 2. Describe the benefits and issues that would be the result of your deployment of these architectures. (10 marks) 2. Describe the risks that you see associated with this new Hybrid Cloud and Microservices strategy. You should name and describe each risk that you identify, and then describe a possible control for the risk. This should be presented in a tabular form. (20 marks) 3. Describe the general Information Security steps and controls that you would recommend to the Board to secure the Hybrid Cloud. You will need to explain to the Board your reasons for recommending these particular security steps. (20 marks) 4. Discuss briefly what you would recommend should be included in DTGOV's BCP as a result of their adoption of a Hybrid Cloud and Microservices approach. You will need to consider, as a minimum, the issues of application resilience, backup and disaster recovery in a Hybrid Cloud environment. This section should be no more than 2 pages. (10 marks) 5. Discuss the requirements that DTGOV will need to consider in order to conduct remote server administration, resource management and SLA management for its proposed IaaS and PaaS instances (it may be useful to consider Morad and Dalbhanjan’s operational checklists for this section). This section should be no more than two to three pages in length. (10 marks) Rationale back to top Subject learning outcomes This assessment task will assess the following learning outcome/s: · be able to compare and evaluate the ability of different cloud computing architectures to meet a set of given business requirements. · be able to evaluate a set of business requirements to determine suitability for a cloud computing delivery model. · be able to identify and design an ICT Risk Management strategy for a cloud computing delivery plan to meet business requirements. · be able to critically analyse business requirements to plan a migration to a cloud model. · be able to compare and critique Service Level Agreements (SLA) that meet the business requirements for a cloud computing plan Graduate learning outcomes This task also contributes to the assessment of the following CSU Graduate Learning Outcome/s: · Information and Research Literacies (Knowledge) - CSU Graduates demonstrate that disciplinary knowledge is developed through research and evidence. · Information and Research Literacies (Skill) - CSU Graduates demonstrate the skills required to locate, access and critically evaluate existing information and data. · Digital Literacies (Knowledge) - CSU Graduates understand professional, social and cultural implications of the global use of technology. · Digital Literacies (Skill) - CSU Graduates use, create, communicate and share multimodal information in digital environments. · Professional Practice (Knowledge) - CSU Graduates possess the knowledge and understanding of the discipline and the nature of professionalism required for the given profession or discipline in contemporary societies. · Professional Practice (Skill) - CSU Graduates demonstrate discipline-specific technical capabilities and self-appraisal required for a beginning practitioner or professional. Marking criteria and standards back to top Marking Criteria Question Task Marks 1a Describe architectures required 10 1b Benefits and issues 10 2 Risk Assessment 20 3 Information Security assessment 20 4 Changes to BCP 10 5 Management of Hybrid Cloud 10 Forum Individual interaction on Forum 20 Total 100 Assessment Rubric Question HD DI CR PS FL 1. Architectures  Clear and comprehensive description of Cloud architectures needed, benefits and critical points identified & discussed  Detailed description of Cloud architectures needed, most benefits and critical points identified & discussed  Good description of Cloud architectures needed, many benefits and critical points identified & discussed  Adequate description of Cloud architectures needed, some benefits and critical points identified & discussed  Inadequate or incomplete description of Cloud architectures needed, few or no benefits or critical points identified & discussed 2. Risk Assessment  Clear, comprehensive description of Risk Management issues, critical points identified & discussed,   Detailed description of Risk Management issues, many critical points identified & discussed,  Good description of Risk Management issues, many critical points identified & discussed,   Adequate description of Risk Management issues, some critical points identified & discussed,   Inadequate or incomplete description of Risk Management issues, critical points identified & discussed, 3. Information security   Clear, comprehensive assessment of InfoSec issues, critical points identified & discussed,   Detailed assessment of InfoSec issues, most critical points identified & discussed,   Good assessment of InfoSec issues, many critical points identified & discussed,  Adequate assessment of InfoSec issues, some critical points identified & discussed,  Inadequate or incomplete assessment of InfoSec issues, few or no critical points identified & discussed, 4. Changes to BCP   Clear, comprehensive description of backup and DR plan, critical points identified & discussed,   Detailed description of backup and DR plan, critical points identified & discussed,  Good description of backup and DR plan, some critical points identified & discussed,   Adequate description of backup and DR plan, some critical points identified   Inadequate or incomplete description of backup and DR plan, none or few critical points identified 5. Hybrid Cloud Management Clear, comprehensive assessment of service management, critical points identified & discussed,   Detailed assessment of service management, most critical points identified & discussed,   Good description of service management, some critical points identified & discussed,   Adequate description of service management, some critical points identified   Incomplete or inadequate description of service management, none or few critical points identified Forum Interaction Proactively initiates and facilitates discussion, explicitly using appropriate strategies and tools. Initiates and facilitates discussion using appropriate strategies and tools.   Evidence that there is a planned strategy to engage with peers in the forums. Some evidence of responding to questions or topics on the discussion forum. No evidence of interaction on forums. Referencing Up to 5 marks may be deducted for not providing or following the proper APA style of referencing. Presentation Up to 5 marks may be deducted for poor presentation, spelling and grammar   Presentation back to top The team is to provide a written report with the following headings: · Proposed Architectures for a Hybrid Cloud · Risk report for Hybrid Cloud and Microservices · Proposed Information Security controls · BCP Changes · Hybrid Cloud Administration and SLA Management As a rough guide, the report should not be longer than about 6,000 words. The report is to be loaded into the Team Resource area in Interact. All risk assessment discussions in the team forum should be exported into a single document and loaded into the Team Resource area in Interact. It is suggested that the report should be written using Google Docs using MS Word format. Google Docs allows multiple authors to contribute to a single document, and their individual contributions can be more easily assessed.   Your team report MUST be presented in MS Word format. Your report should: · Use Calibri, or a similar font, in 11 or 12 point type. · All diagrams and images are to be embedded in the document. Diagrams and images that are suppliued separately will not be marked. · All text should be left-justified. · Each page must have a header or footer with your name and student number. Page numbers must be shown in the footer of each page, except on the title page. Reports are marked and feedback attached using a MS Word based tool. Reports that are submitted in PDF format will
Answered Same DayMay 22, 2021ITC561Charles Sturt University

Answer To: Risk, Security and Management Value: 20% Due Date: 26-May-2019 Return Date: 19-Jun-2019 Submission...

Ankita answered on May 27 2021
158 Votes
Risk, Security, and Management
A case study of DTGOV
Student:
Teacher:
Affiliation:
Date:
1
Introduction
Cloud computing is considered as on-demand delivery of IT resources, applications, storage, database, and computer power through the internet. Cloud computing is helping the companies in getting access to a broader set of application services, databases, storage and services over the internet. In case of DTGOV the implementation of Cloud architectures will help in innovating faster because, with the help of this development, the management of DTGOV will be able to focus on its valuable IT resources which eventually transform the customer experiences and differentiate the business of DTGOV in the market. Cloud architectures are the elements and components which are required for conducting cloud Computing.
Description of Cloud architectures
Some of the cloud architectures are given below which need to be employed in DTGOV for assisting the management of DTGOV to meet its strategy:
Elastic resource capa
city architecture is the architecture which will base on the provision of the virtual servers in an active way. The key function of this architecture will be to reclaim and utilize the RAM along with the computer system. The reason of deploying this architecture is that it is best monitoring system with the help of which the data will be gathered by using the resources in respect of IT before, during and after the process of scaling.
Dynamic Scalability Architecture is a model that is based on the rationalities of the predefined system of the process of scaling. With the help of this architecture, the process of allocating the IT resources will be triggered dynamically. Resource pools are used for completing this process. The reason for deploying this architecture is that with the help of which the cloud usage could be monitors in a particularized way which with the help of which the usage of runtime will be tracked (Moon, & Black, 2017).
Resource Pooling Architecture is also based on the use of the resource pools because in this architecture comparative assets are compiled. This system is also considered as very effective in implementing the controlling of the system. In addition, its synchronization was ensured in a scheduled manner. The reason for deploying this architecture is that many "cloud usage screens" are integrated here at runtime. This helps track and synchronize the components required by the collected IT assets. Here are other key management frameworks too.
Workload Distribution Architecture decreases the over-usage of IT resources. The ability of load-balancing” algorithms and runtime logic are the main factors on which this Architecture is dependent. The reason for deploying this architecture is that the cloud usage screen is integrated here. This is accomplished to transfer the pending execution time to the next load. It is also valuable in data processing (Zúñiga et al., 2018).
The benefits of implementing these architectures
· The key benefit for implementing this architecture for DTGOV would be that they will be a cost-effective option for the company because there have been no hardware resources and computing used by the company in respect of its balance sheet. Monthly reviewing and Depreciation of usage of the system is also absent.
· The implementation of these will be a scalable opportunity for the company because it is developed elasticity and Flexibility. In respect to testing the latest applications, it will enable the system of DTGOV to transfer from one private to another public network.
· It will increase the speed of the processes of DTGOV because virtual resources could have the ability to accept the requirements of objectives of DTGOV in an easy way. There was a rapid evolution in the speed of transport capacity according to the basic requirements.
· Incorporation is another benefit because it helps to transfer simple access to the usual "SQL" databases. It also provides explanatory opportunities for unlimited business requirements (Theorin et al., 2017).
Risks associated with this new Hybrid Cloud strategy
There are different factors and risks that could threaten the security of the new Hybrid Cloud strategy implementing by DTGOV. These risks and factors ranging from poorly constructed SLAs to lack of redundancy. It has been seen that despite using and implementing the Hybrid Cloud strategy ineffective way, the management of DTGOV could be concerned regarding the loss of their substantial investment made in the implementation of architectures and revolving over all their manufacture applications to a third party. Some of the key examples of risks are given below that could associate with the new Hybrid Cloud strategy implementing by DTGOV.
Loss of control
The task that oversees the difficulties within the DTGOV will be over. General control is required in each innovation area. Regardless, when using cloud-based tools, changes occur in application happen on the side of supplier and changes in programming. This shows that the authorities in DTGOV may have nothing to guarantee which resulted in the loss of the management by implementing these architectures in DTGOV. Therefore, the champion was among the most basic risk "record in the middle of the dynasty": the obvious loss of the board. There would be constant changes in the applications. Because of the reason that these applications would be outside the administration of the DTGOV, they were misconfigured as an unexpected programming update. A change in the application causes formatting problems with different tasks, which evoke real disruptive effects on the essential uses of the company (Ross & Blumenstein, 2015).
Cloud Security Risks
In the context of cloud computing, one of the researches identified a certain level of the vibrant intrinsic dangers and risks. These risks include a risk of security which has become a key concern for the companies. Therefore the implementation of these architectures in DTGOV could create a certain level of security risk. It has been seen that those companies which have implemented hybrid cloud methodologies are facing a certain level of principal security challenges. These issues include the incompetently established administration and management, risk management and a certain level of security to customers. It has been seen that these security risks are increasing in the case of both the open cloud and private cloud because of the reason that both of these are operating in conjunction with each other. For example, it will require in case of the DTGOV to work some of the key security controls such as identification of management, authorization, and authentication in both the public and private cloud. There are two different options are available for the DTGOV regarding the integration of hybrid cloud security. The first option is to consider identity management services because the use of this service will provide a single service to the running system in any cloud. The second option available for the management of DTGOV is the replication of the controls in both the clouds and it is very important for the management that security data is kept synchronized. The key element of keeping in mind is that during the phases of planning and implementation the management should have to allocate sufficient time in order to address what can be real to solve the problems of DTGOV. It is very important to address and manages the security issues because the implementation of the new Hybrid Cloud strategy in the company would create more than just technical issues and challenges (Chou, 2015).
Poorly developed SLAs
The most important concern that needs to be considering by the management of DTGOV would be that expectations are meeting by the providers of the public cloud but whether or not such expectations are meeting by the private cloud. In those conditions, SLAs should need to be created by considering the cloud which shows the lesser level of the expectations. Collect information about access to the private cloud and its implementation within the framework of reasonable workloads. It will be an important area of focusing to identify all those potential issues and risks which are associated with the integrated private and public clouds due to which the service could be disrupted. For example, if confidential data on-premises and keeping sensitive is the key driver for the private cloud then it will be a focused point for the management of DTGOV would be that its SLA should reflect the level of the limitation of using the public cloud in respect of some of the services.
Compliance risks
After the implementation of these architectures in DTGOV, the management of DTGOV will have the responsibility to ensure that all the regulations regarding the cloud have been followed by the company in the context of its implementation and creation of strategies. There would requirement of safety of information amongst private and open cloud. These addresses must be modified appropriately and, in clear circumstances, the interlaced IT can be linked to effective organizational methods.
Compliance demonstrating and maintenance associated with the new Hybrid Cloud strategy could be difficult. In addition to the fact that management of DTGOV would need to make sure that private cloud and public cloud provider are in a constant state of compliance, but the key element is that the management of DTGOV should have to ensure that the means of harmonization between two clouds is submissive. For example, if payment card data is under the use of the management of DTGOV than it would the key area of responsibility of the management to ensure that the cloud providers and the international system of the DTGOV are in accordance with the data security standard. The protection of the data is the key factor for the company in the context of moving the data between the two clouds. In addition, DTGOV management should make sure that the information is not shared from an acceptable database in a private cloud. The techniques DTGOV management uses to address issues and risk in an internal public cloud framework are not translated directly (Khan et al., 2019).
Lack of data redundancy
The providers of public...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here