Information security and risk management

THREAT AND VULNERABILITY ASSESMENT
By Name
Class (Course)
Instructor (Tutor)
Institution
The City and State
The Date
Threat and Vulnerability Assessment
The risk is commonly described by a combination of a threat and vulnerability, affecting an asset (Rev, 2012, pg. 13). When transferring a whole database of student details to the clouds to be accessed by a group of lecturers and tutors, there are bound to be threats and vulnerability.
Top security risks
There will be loss of governance: When the student database is transferred to the cloud control on some security issues shifts to the cloud provider thus a gap in security as a result of lack of commitment by the cloud provider on the service level agreement for such security measures and compliance risk as a result of industry standard requirements.
Data protection: data in the cloud leads to sharing of responsibility that may result to data insecurity as one party particularly the data controller may find it difficult to assess if the cloud provider is legally handling the data.
Availability chain: information on the cloud is dependent on internet connectivity which may result in failure in accessing information from time to time.
Failure of isolation: Cloud computation can be defined by the shared resources and multi-tenancy characteristics that cause failure of ability to separate storage or memory of different tenants increasing chances of attacks such as ‘guest hopping”.
Malicious insider: One indi…