ISO27001 Standards And Cloud Computing Architecture Risk Evaluation Essay.

1. Select and use applicable standards and methods for information security and risk management.

2. Conduct and properly document risk assessment based on a given scenario.

3. Find and evaluate appropriate published information to remain up-to-date about threats, vulnerabilities and patches.

ISO27001 Evaluation of Cloud Computing Architecture

The evaluation of the risk is commenced with the help of the processing of the ISO 27001 standards. The 27001 standard is used to evaluate the cloud computing architecture with the help of the infrastructural framework. The standard methodology that has been proven to be efficient for the functioning of the derailing the security threats is ISO27001. Standard security report and the improvement in the infrastructure of the cloud computing network. This acts to be the major issue that provides the robustness to the infrastructure of the framework. The risk analysis is performed very efficiently in those methodology using the ISO27001.  This analysis will provide of the network security system provides the solution that is most efficient for dealing with the threats that the networking system possess in terms of security system of the networking system.ISO 27001 also ensures the methodology of keeping the organization informed about the security glitches that the organization is facing due to the aspect of unauthenticated intrusion of the imposters who try to gain the access to the data base of the organization. This aspect of keeping the organization updated helps the organization to learn the strength  and weakness of the organization. This report also infrastructural specification for the cloud computing. This specification includes the specification related to the hardware and software of the networking system. The threats that are associated with every constituent of the cloud computing system are discussed in this report. The CVE numbers of the infrastructural framework is also discussed in this report. The method that has been used for the functioning of the project of risk determination is Boston Grid method. 

ISO 27001 takes into consideration the fact that the concept of the security system that is taken into consideration is the updated version of the security checking and conserving process. The approach that has been taken to undergo the fact of restoring the security of the computing system as the framework is liable to predict the risks that can act as the risk in the near future to the networking system of the organization (Cruz, Fernández-Alemán and Toval, 2015). The vulnerability and the risks are unique for every set of organization differentially. The risk that the organization possesses depends completely in the organizational approach to the networking system. This acts to be the major issue that provides the robustness to the infrastructure of the framework. The risk analysis is performed very efficiently in those methodology using the ISO27001.    

Efficient Risk Analysis Methodology

The assets that are in use are broadly classified in two broad categories namely the secondary asset and the primary asset. Primary assets are the assets that find its use in the purpose of creating space and arranging the other assets that are to be located in the framework of the cloud computing networking system. The assets that are dependent on the primary assets for the infrastructural settlement are known as the secondary assets. To implement the cloud architecture the data the hardware and the software both acts equivalently for the efficiency of the project. In case of cloud computing software acts as the primary asset and the hardware acts as the secondary asset. Due to the fact that software acts as the primary source as the hardware asset is dependent on the software system of the infrastructural framework. The primary asset consists of the infrastructures namely the Virtual servers, cloud storage, Firewall, intranet, Web and email server and the firmware as the hardware of the architecture is dependent on these software. The secondary asset includes the architecture that includes the User computing system, human resource computing system and the admin computing system as the data that is incurred in the computing system.    

The Third party assistance provider deals with the fact that assistance provides service regarding the cloud storage and the accessing the data that are stores in the data base of the cloud storage system. this aspect leads to the fact that the users who are using the data base of the system does not have a direct access to the database that is located in the database of the cloud computing system. The fact ensures that the users get access to the data remotely and the data that is stored in the database is not accessible by the clients directly in order to maintain the security of the project. Despite this fact the security of the networking system is dependent on the architecture of the database that is provided by the supplier in order to maintain the robustness of the databases of the networking system. The database infrastructure that are provided by the suppliers are mostly not as robust as the database security will  be needed to prevent security issues that acts as the threat to the networking system.

Virtual servers  that are implied for the security of the services require knowledge regarding the administration of the server details. In case  the administrative detail of the server is missing the security of  the server  system stays at stake as  the server is not only administrative knowledge dependent but also the fact that the system is dependent on the updates that the networking system takes in order to protect the data base of the cloud computing architecture (Fonseca and Boutaba, 2015). In case the database of the cloud computing database is not updated to get prone to the unauthenticated access of the intruders which leads to the fact of the hacking of the interface of the organization.     

Importance of Robust Infrastructure

Firewall is the basic data security servicing protection layer which leads to the fact that the networking system gets the basic and the initial protection from the unauthenticated approach of tr imposters but the fact is that the firewall is not very technically advanced (Faniyi and Bahsoon, 2016). This fact that the firewall is technically not very advanced, the data stored in the database of the cloud computing system is not very protected as in case of the data security the database is not secured against the advanced technologies that are used by the hackers who try to gain access to the database of the networking system.

Firewall is not supported in the functionality of the firmware, which increases the scope of the insecure transaction n of the data that is present in the hardware of the computing system. Firmware basically deals with the data that are achievable through the hardware analysis of the networking system (Soomro, Shah and Ahmed, 2016). This system deals with the fact that the unauthenticated access of the data acts as the major issue of the security of the data that is being stored in the database of the hardware.

CVE-2008-6096

The vulnerability that is related to the aspect of the Juniper NetScreenn Operating System is termed as the main reason of the vulnerability of the cloud computing system. This acts as the major reason to design the DMZ network system (Rohmeyer, and Ben-Zvi, 2015). The DMZ network system enables the fact that the change the architecture of the database of the cloud computing technique is maintained in the procedure of the maintenance of the architecture of the data base. Injecting of the cross-site scripting in the process ensures that the attackers are able to inject the web services in the processing of the conceptual hacking of the database of the cloud computing networking off to system. The scripts that are being used also includes the factors like the HTML and the parameters via the methodologies that are used in the professing of the interfacing of the log n page of the framework of the cloud computing project (Vacca, 2016).  

CVE-2013-2639

This kind of vulnerability was introduced by the CTERA cloud storage of the data in the cloud computing system. This kind of vulnerability is related to the aspect of the cross site scripting which is often referred as the XSS (Gai, Qiu and Elnagdy, 2016). This scripting enables the encrypting pinnacles to inject an arbitrary web developing system which enables the fact that the makers to gain access to the data that is stored in the database of the cloud computing with the help of the HTML codes that enact the fact that the data to which the hacker wants to get access to enables the imposters to gain information about the data that is being stored in the database of the cloud computing system (Rittinghouse and Ransome,  2016). 

Reference

Rittinghouse, J.W. and Ransome, J.F., 2016. Cloud computing: implementation, management, and security. CRC press.

Gai, K., Qiu, M. and Elnagdy, S.A., 2016, April. Security-aware information classifications using supervised learning for cloud-based cyber risk management in financial big data. In Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), 2016 IEEE 2nd International Conference on (pp. 197-202). IEEE.

Vacca, J.R. ed., 2016. Cloud computing security: foundations and challenges. CRC Press.

Hill, D.C., CSC Agility Platform, Inc., 2017. Cloud computing gateway, cloud computing hypervisor, and methods for implementing same. U.S. Patent 9,658,868.

Chang, V. and Wills, G., 2016. A model to compare cloud and non-cloud storage of Big Data. Future Generation Computer Systems, 57, pp.56-76.

Rohmeyer, P. and Ben-Zvi, T., 2015, August. Managing Cloud Computing risks in financial services institutions. In Management of Engineering and Technology (PICMET), 2015 Portland International Conference on (pp. 519-526). IEEE.

Kalaiprasath, R., Elankavi, R. and Udayakumar, D.R., 2017. Cloud. Security and Compliance-A Semantic Approach in End to End Security. International Journal Of Mechanical Engineering And Technology (Ijmet), 8(5).

Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), pp.215-225.

Sivasubramanian, Y., Ahmed, S.Z. and Mishra, V.P., 2017. Risk Assessment for Cloud Computing. International Research Journal of Electronics and Computer Engineering, 3(2), pp.7-9.

Faniyi, F. and Bahsoon, R., 2016. A systematic review of service level management in the cloud. ACM Computing Surveys (CSUR), 48(3), p.43.

Hua, X. and Sixin, X., 2018. A framework for risk assessment of cloud digital archives. Comma, 2016(1-2), pp.215-224.

Cruz, Z.B., Fernández-Alemán, J.L. and Toval, A., 2015. Security in cloud computing: A mapping study. Computer Science and Information Systems, 12(1), pp.161-184.

Fonseca, N. and Boutaba, R., 2015. Cloud services, networking, and management. John Wiley & Sons.