The Corporate Board has asked for information related to moving
business operations to the Cloud. They want to know if by doing so, they would
be more secure from cyber-attacks? Create a position that you as the Chief
Information Security Officer (CISO) would take to the Corporate Board. Talk
about which business processes are more valued (e.g., intellectual property
development efforts, processes that are the main income streams, etc.). Be sure
to implement the foundations of an enterprise cybersecurity architecture and
program.
So, if you have three business processes, what would your thought
process be on which business processes to move to the cloud? Would you
recommend one…or maybe only two – if so, why not the other one? Based
upon what? Remember, you are the CISO…so make sure you stay in your
lane…and ensure your position is based upon the principles and elements of
your cybersecurity program!!!
one of your references MUST BE a credible threat
report such as Symantec, McAfee, or CrowdStrike.
Below is further explanation to elaborate what was said above:
“The Corporate Board has asked for information related to
moving business operations to the Cloud. They want to know if by doing so, they
would be more secure from cyber-attacks? Create a position that you (as
the CISO) would take to the Corporate Board.”
What
this means is that you must take a position as to whether or not moving to the
cloud is a good idea FROM A CYBERSECURITY PERSPECTIVE…AND DEFEND IT!!!
You should look at some things like the Cloud Security Alliance’s
“The Treacherous 12 – Cloud Computing Top Threats in 2016” (https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply). When
it comes to depicting requirements for different levels of information to move
to the cloud, the Department of Defense Cloud Computing Security Requirements
Guide is a valued resource(https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/Cloud_Computing_SRG_v1r3.pdf). I
would also review the “Security Guidance – For Critical Areas of Focus in
Cloud Computing v4.0” by CSA…FedRAMP.gov has some solid information that
you can glean information from…
Finally,
let me reemphasize – your input to the corporate board is CYBERSECURITY FOCUSED…you
are the CISO, stay in your lane!!!
Last Completed Projects
topic title | academic level | Writer | delivered |
---|