DESCRIBE THE GENERAL INFORMATION SECURITY STEPS AND CONTROLS

  100% Pass and No Plagiarism Guaranteed

DESCRIBE THE GENERAL INFORMATION SECURITY STEPS AND CONTROLS

Here, you are supposed to describe the general Information Security steps and controls that you would recommend to the Board to secure the Hybrid Cloud and which Cloud architectures you would employ to assist SoftArc Engineering meet the Board’s strategy. Furthermore, describe the risks that you see associated with this new Hybrid Cloud strategy and recommend what should be included in SoftArc Engineering’s BCP as a result of their adoption of a Hybrid Cloud approach. Finally, explain the critical points and issues that you see occurring at each of these steps and why you see these points or issues as critical. You are required to provide a report for SoftArc Engineering.

Task

SoftArc Engineering Ltd is a civil engineering company which works across Australia as well as in Indonesia, Timor-Leste and Papua New Guinea. The company is considering the following strategic proposal:

• They plan to close down the Brisbane data centre rather than update or replace the older infrastructure. The existing data and services in that data centre would be moved to the Sydney data centre, which has the most up to date infrastructure, as well as capacity to expand.
• They plan to move all their Web Services into the Cloud in order to provide an increased level of HA (High Availability) as well as a better degree of flexibility in supplying data to their customers and employees.
• They also plan to use the Cloud Infrastructure to increase flexibility and availability for some of the LoB (Line of Business) applications that will continue to run on their own internal infrastructure. However, they are hoping to take advantage of the Cloud infrastructure to help manage and balance demand on internal resource use.

The Board of SoftArc Engineering is contemplating this strategy as a way to increase the company’s flexibility and responsiveness, particularly for its remote area and overseas operations. The Board also expects to achieve significant savings on the cost of maintaining their ICT infrastructure by closing the oldest existing data centre. This would entail retiring the infrastructure in that data centre rather than having to update it.

SoftArc Engineering has again approached you to advise them on this strategy. You have already advised SoftArc Engineering that this strategic approach will mean that they will need to design and operate a “Hybrid Cloud” methodology, where part of their data centre is “on premise” and another part in a Cloud. 

SoftArc Engineering also plan to run a Risk and Security Workshop to assess the risks, security issues and possible methods of control that will be required with this “Hybrid Cloud” approach. You will be required to organise, run and facilitate this workshop.

The Board is also concerned about how this strategy will affect their BCP (Business Continuity Plan) and their backup and disaster recovery strategies. 
 

Your task is to prepare a report for SoftArc Engineering that discusses the following: 

1. Describe which Cloud architectures you would employ to assist SoftArc Engineering meet the Board’s strategy?
   1. Describe each of the architectures that you would use, along with your reasons for deploying it. (10 marks) 
   2. Describe the benefits and issues that would be the result of your deployment of these architectures. (10 marks) 
2. Describe the risks that you see associated with this new Hybrid Cloud strategy. You should name and describe each risk that you identify, and then describe a possible control for the risk. This may be presented in a tabular form. (20 marks) 
3. Describe the general Information Security steps and controls that you would recommend to the Board to secure the Hybrid Cloud. You will need to explain to the Board your reasons for recommending these particular security steps. (20 marks) 
4. Discuss briefly what you would recommend should be included in SoftArc Engineering’s BCP as a result of their adoption of a Hybrid Cloud approach. You will need to consider, as a minimum, the issues of application resilience, backup and disaster recovery in a Hybrid Cloud environment. This section should be no more than 2 pages. (10 marks) 
5. Discuss the requirements that SoftArc Engineering will need to consider in order to conduct remote server administration, resource management and SLA management for it’s proposed IaaS and PaaS instances.(it may be useful to consider Morad and Dalbhanjan’s operational checklists for this section). This section should be no more than two to three pages in length. (10 marks) 
6. The SoftArc Engineering board has decided, as an initial step, to move their SharePoint instance and their SQL Server 2012 Database servers to the AWS cloud in order to begin the migration process, and test their strategy. 
   1. Describe the steps that you would include in the plan to migrate these services. (10 marks) 
   2. What are the critical points and issues that you see occurring at each of these steps? Explain why you see these points or issues as critical. (10 marks)
       

Rationale

This assessment will cover the following objectives: 

• Be able to compare and evaluate the ability of different Cloud Computing Architectures to meet a set of given business requirements; 
• Be able to evaluate a set of business requirements to determine suitability for a Cloud Computing delivery model; 
• Be able to evaluate and design an ICT Risk Management strategy for a Cloud Computing Delivery plan to meet business requirements; 
• Be able to interpret, evaluate and plan the Governance and Security requirements for a Cloud Computing delivery plan;
• Be able to analyse and evaluate business requirements to plan a migration to a Cloud model;