22
CloudRiskandComplianceIssuesAnalysis1222 x
Running Head: CLOUD RISK AND COMPLIANCE ISSUES ANALYSIS 1
CLOUD RISK AND COMPLIANCE ISSUES ANALYSIS 4
Cloud Risk and Compliance Issues Analysis
Student name
Professor
Course
Date of submission
Compliance program
Compliance in the cloud can imply several issues based on the organization’s functions and type of internal and external regulations. However, all the compliance requirements dictated by either the government or organizations are mainly aimed and focus on information and data privacy. Ballotonline Company should focus on internal compliance with the cloud to secure valuable organizational data, including intellectual property, business records, and strategic plans. Compliance programs are entrenched to manage the interactions between people, data, and critical I.P. Besides, the application should aim at complying with the state and federal laws and regulations.
Policies develop the cornerstone of the organization’s security program and compliance. While creating the procedures, the organization should start by developing classifications for users, data, and applications. Classifications should map the organizational impact. They should also outline the functional usage such as marketing artifacts and sales report. There should be the establishment of a matrix classification and determination of each component to be utilized in a cloud setting. Besides, theft, corruption, and destruction data in the designation represent the risk maintenance compliance. In the program, there should be inclusion, safeguards that evaluate and , conclude the data classification that resides in the cloud.
In the user’s classification program, there should be an explanation of the specific actions which can be performed by the user. The measures may include sharing, creating, and modifying the information and adata.in the program, there should be an establishment of a group user, classifications that map the authorized data usage. Acceptable usage parameters should be established for every user. However, the data matrix element should be considered. The program should also contain policy exceptions based on business needs, including individuals, roles, and business travels. The user behavior should be identified. The reaction may be unintentional risky action or possible malicious activity. The program has the responses as well as triggers that correspond to the risk levels using a rubric.
The program contains what the cloud apps will allow the business to use and the established data policies. There are identified in the application. Additionally, the program includes risk metrics that are grounded on regulatory requirements. There are also solutions to remediation with inconsistent created policies.
References
Ali, A., Warren, D., & Mathiassen, L. (2017). Cloud-based business services innovation: A risk management model. International Journal of Information Management, 37(6), 639-649.
Islam, S., Fenz, S., Weippl, E., & Mouratidis, H. (2017). A risk management framework for cloud migration decision support. Journal of Risk and Financial Management, 10(2), 10.
Kittichaisaree, K. (2017). The public international law of cyberspace (Vol. 32). Cham: Springer.
Couzigou, I. (2018). Securing cyberspace: the obligation of States to prevent harmful international cyber operations. International Review of Law, Computers & Technology, 32(1), 37-57.
Schmitt, M. N., & Vihul, L. (2016). Respect for sovereignty in cyberspace. Tex. L., Rev., 95, 1639.