DoneDont Purchase, Click On This File And It Will Download Automatically

RiskAssessmentforCloudComputing11.xlsx

Cloud Computing App Inventory

serves as the important insights on the type of apprilcations, sowafre and essnetila programs thta are required for successful management of online viting sytem by the BallotOnline. This information is vital to both the entire orgnization, cloud service provider and information technology team to monitor, assesss and evalaute any potentila risks and vulnarabilities assocoated with such programs/software and other applciations

Application,

Application, Data Center Application, Biomedical Application, Web Application, etc)

online voting

Hosted (Cloud Based) Business

Hosted (Cloud Based)

Hosted (Cloud Based)

The information provided be

low

Name of Application or System

Operating System

Category (

online voting

Business

Description

BigPulse

Hosted (Cloud Based)

Managing elections

SurveyLegend

Conducting and managing surveys

Eligo

olinne voting

Manage electronic votes

AssociationVoting tools

web based.

provide proxy voting services

Cloud Computing

Risk

Assessment

Cloud Computing Risk Assessment Module This worksheet has been intentiionally creted to help information technology management team for BallotOline company togther with

cloud vendors

to understand major risks abd vulnarability issues thta could cause devastating impacts it their bussiness. as provided below, risk assessment worksheet has hiloghted wide range of risks and security threats thta could affect BallotOline company bussunes and other essenatila operations upon aopting cloud servcies. it also provide exstenive description of the severity of the risk identified along with possible technologies that are put in place to mitgate such risks whenever they are anticpated, noticed or occur. also the risk assessment matrix shown below has provided more details about cloud security best practices that should be adopted by BallotOnline company to approriately deal with each of the risks and vulnarabilities identified. it is

high

ly recommednded for BallotOnline company to strictly take note of the risk associated with adoption of cloud servcies and perhaps deploy the best security approches to mitigate such risks before cybercriminals access and harms its key computing resources. As vulnerabilities are discovered you can record them and evaluate the level of risk using this report. Vulnerability
Name Risk
Description Threat
Source Existing
Controls Likelihood
of Occurrence Impact

Severity Risk
Level Potential Best Practice Control Comments Organizational Owner Describe a particular weakness or flaw in your security that could be exploited by a threat source to cause a security violation or breach. Describe, in business terms, the type of harm to the organization if this vulnerability is exploited by a threat source. Describe the threats that could take advantage of this vulnerability. Consider the 4 categories of threats: Adversarial, Accidental, Structural, Environmental; as well as more specific examples such as external / internal, users, visitors, virus, natural hazard, etc. Describe the safeguards already in place that reduce this risk. Consider physical, technical and administrative safeguards.

Very

High

, High,

Moderate

,

Low

,

Very Low

mkroll: mkroll:
See

Likelihood, Impact, Risk

tab for defintions

Very High

, High, Moderate, Low, Very Low
mkroll: mkroll:
See Likelihood, Impact, Risk tab for defintions

Very High, High, Moderate, Low, Very Low
mkroll: mkroll:
See Likelihood, Impact, Risk tab for defintions

Give a recommendation for the best new safeguard(s) that can reduce the risk from this vulnerability further. Need to assign an owner (accountability and follow-up) Unauthorized Access May compromise data or lead to data loss. interanal and externals users. access control

High High High

Obtain assurances that cloud provider conducts periodic risk assessments, including information about who conducts risk assessment, how often, and whether such assessments include penetration testing. weak passwords and Compromised Credentials often results into unauthrized access Insecure Interfaces/APIs May lead to routing attacks or and uthentication attacks Adverserial, accidental, structural and environmental. None

low High High

Use tokens along with Use encryption and signatures. Inadequate validation and bad coding results to Insecure APIs IT security manager Hijacking of Accounts Lead to data Encryption and holding it for ransom Adversarial outsider (e.g., hacker) Information sent to cloud provider is encrypted in transit moderate

High Low

povide End Point Security sysytem vuknrabilties and Third-Party Access.are major causes of account hijacking

IT security manager
Lack of Visibility negatiiveky impacts network perfimance. strcutural and envirnemental none

high High Moderate

Add AI and ML tools to faclitate centralized monitoring inadquate Knowledge and Expertise results into lack of visibility

cloud vendors
External Sharing of Data lead to security and personal data breaches

Adversarial outsider (e.g., hacker) none Moderate High Moderate

share the encrypted version of the data. cloud vendors should control how data os shared

cloud vendors
Malicious Insiders loss of confidential data. internal users

access control low High Moderate

Institute policy and provide training that users may not share passwords with anyone adopt access control measures Departmenatl IT securiyy managers Cyberattacks Unauthorized person access and comprimise data. Adversarial insider or outsider

None high High Moderate

Implement strict password. Establish and enforce account management policies and practices. configure approruate securty measures

IT security manager
Denial of Service Attacks Authorized user access data and withholds it for ransom demand Users Robust security practices to monitor and filter unwanted traffic.

moderate High High

Combine firewalls, VPN, anti-spam and other security layers. monitor system vulnarabilities

IT security manager
Abuse of Cloud Services confidenatil data is access and compromosed. structural and adverarial

None low High Moderate

Enable Multi-Factor Authentication. With limited access to sensitive data implement access cntrol measures

cloud vendors
Adoption of cloud computing can results to wide range of business compliance issues. Among these issues include; data security responsibility. Many organization believe that share responsibility models means that data security responsibility is also shared. as per security compliance regulations, it is an exclusive responsibility of business entities to to own data security responsibility to secure sentive customer data. this can be achieved via increased data security awareness. Ballot Online as an organization need to develop security awareness program that provide more knowledge to its IT experts on the relevant regulations the company need to comply with to avoid legal issues. another compliance issues to consider in this case is improper access control due to indiscriminate sharing of login credentials among the staff members. this can be avoided by imposing least privileges approach where employees will be only allowed to only access resources they need to execute their duties. finally there are issues and concerns with cloud buckets an aspect that make data vulnerable and susceptible to cyber criminals.

Likelihood, Impact, Risk

Risk

Very High

High

Moderate

Low

Very Low

Impact

Impact

Very High

High

Moderate

Low

Very Low

Definitions of Key Terms: Likelihood, Impact, Risk
Risk is described as bed as a scenario that exposes people, animals ,bussiness and environment to danger.
Likelihood	Likelihood is defined as the probality at which a certain event may occur over a specified period of time.
Likelihood Level	Likelihood Definition Anticipated frequency of occurrence is:
Almost 98% likelihood of risk occurrence via accidents, errors or natural events in every year.
May originate from Error, accident, or act of nature . Likelihood is 80% annually.
Error, accident, or act of nature is somewhat likely to occur; occurrence is 45% per year
results from either Error, accident, or act of nature and can heppens once or twice a year.
reults for errors and natural events but only once in over 10 years
impact is defined as the severity of consequences caused by security breach or natural ly occuring disasters. Such imapcts my neggaitively affect the public, bussness entities, groups of people, employees, countries or even envirobement.
The following are adverse impacts that should be considered when scoring:
Type of Impact
Harm to Operations	Halt bussiness operations.
Harm to Assets	> theft of bussiness secret. > data comprimise > Damage to computing infrastructure > Data loss > Loss of intellectual property.
Harm to Individuals	> loss of confiention and personal data. > Reputational damage > identify theft.
Harm to Other Organizations	> Reputational damage > Lawsuits and fines > Loss of trust and contracts. > Increases financila costs. > triggers enemity among companies. > Damage to trust.
Harm to the nation	> Damage to or incapacitation of a critical infrastructure sector. > Loss of government continuity of operations. > erodes trust and good relatiship. > loss of bussiness continuity with other nations > Results to economic damage
Magnitude of Impact	Impact Definition
these are events whose consequences lead to massive loss of finance, assets and other valuable items. May also cause death and other forms of destruction
These events normaly cause major negative impacts such as fincial loses, damge to property and injuries.
moderate risks or threats only affets productivity by impacting oragnizations vision, mission and objectives. It only disprupts bussness activities for a short while.
These are minor risk whose impacts often cause litlle or no harm to oragnizational operations
Very low risk have no significant impacts to a bussiness. Bussines oeprationsl continues as Normal while relevant authriuties works on the issues to