User Account

All Pages

Move HR applications and HR data into a community cloud

Assignment Help Computer Network Security
Reference no: EM131851369

Project Scenario

Company: A Human Resources (HR) company. You should name it.

Industry:, HR for Business

The Situation:
- The company wants to move its HR applications and HR data into a community cloud, sharing tenancy with other clients. It has not used the cloud before.
- The company will be pushing sensitive employee information, such as personally identifiable information, PII, to and from the cloud.

You:
- Member of a team within a cloud service provider.
- One of several security software architects
- Assigned to a project to provide the HR company with a plan for migrating and providing the HR company Software as a Service (SaaS) on the cloud.

Your Company: Cloud service provider offering software as a service (SAS) services to its client base. Name your company.

The Specific Assignment:

1. Deliver a Software Development Life Cycle driven report for securing data and applications in a cloud environment.

2. Conduct lab testing and use the specific results to reinforce your concepts in the report.

Template

1.0 INTRODUCTION

Inject the team into the given scenario and respond as the team of security software architects in the cloud service provider which is providing service to the HR company. Provide an introduction to yourwork which addresses migrating an HR company to the use of HR applications in thecloud and which addresses protecting that HR company's data. What does protecting mean? What assumptions are you making? What is included and what is not included? This report is aimed at senior decision makers in the HR company and will help them decide to undertake the migration. You must be specific enough for them to make decisions and take action.

2.0 PURPOSE
Describe the purpose of yourproposed architecture and solution as they relate to implementing acloud solution for the HR company. What issue(s) is(are) being addressed? Advise the HR company decision makers on the confidentiality and integrity of their data transmitted between the HR company and the cloud HR applications. What laws, regulations, industry norms, etc., if any,may need to be followed?

3.0 PROJECT CONCEPTS
Integrate concept and process information from the Step 1 activity as they pertain specifically to cloud software architecture development. Topics to include and relate to the scenario include:

3.1 Development Life Cycles
­ Explain the software development life cycle
­ Explain the securitydevelopment life cycle
­ Discuss how the security development life cycle fits into and/or differs fromthe software development life cycle.
­ Identify and discuss the software development methodologies to choose from.
­ What do you recommend to the senior leadership? Select and give reasons for the software development methodology that will be used for this project

3.2 Architecture and Design Models
­ Discuss several architecture and design models (e.g., waterfall, agile, extreme programming) that may be used in the migration to the cloud HR application and their pros and cons as they apply specifically to the project scenario. A table may be a good presentation method for clarity.
­ Select and give reasons for the model that will be followed.

3.3 Threat Modeling Process
­ Define and explain threat modeling in your own words.
­ Review threat modeling approaches
­ Explain how you will determine risk in the threat model approach you choose

3.4 Other Considerations
­ Include any other aspects for proceeding with project initiation (e.g., tools to be used, technologies that would be appropriate for data protection, etc.).

4.0 PROJECT DEFINITION AND SCOPE

4.1 HR Company Characteristics
­ Explain the mission of the HR company
­ Identify and discuss any special security characteristics of the current HR applications.
­ Explain the business need(s) for the HR company'sdesire to migrate its current HR applications to the cloud.

4.2 Cloud Options
­ What types of cloud services are available to the HR company?
­ What would the best type be for this scenario?
­ Provide a high-level overview of characteristics and cloud servicesoffered by Amazon Web Services, Generic Hadoop, Map-r, Cloudera or MX Azure.
­ Describe and explain thetopology and components of the architecture of the desired cloud environment and how the cloud HR applications will be accessed by its users. Where is it likely that data would be in plain text and where it may be encrypted?A high-level, top-layer network diagram including the critical system(s) at and between the cloud, the HR company and users should be included. Be sure to describe key aspects of the network and systems, as related to this scenario and indicate locations in the diagram.

4.3 Functional and Security Architectures
A function is an action on one or more inputs which provides one of more outputs and may be dependent on a trigger or control which initiates the action. Functions are described as verb descriptions or adjective verb descriptions (e.g. two functions might be Provide Encryption Services and Limit Access to Authorized Users)
­ Which of the Amazon Web Services, Generic Hadoop, Map-r, Cloudera or MX Azure offerings might be appropriate for the HR company?Explain why. Choose Hadoop.
­ Identify and explain parts of the functional architecture that are within scope of the security architecture for the HR company.
­ Identify which security features are needed to protect each component within the architecture for data at rest, in transit and in use.
­ Identify, describe and explain possible software and hardware components, operating systems and security protections that could be employed.

4.4 Specific Scope
­ Narrow the scope of your security architecture relevant to this scenario to achieve security onlyfor data in transit.
­ Clearly state the specific security objective(s) for the project.
­ What are the specific threats to data transit for this application? Where do they specifically occur?
­ What are the potential impacts if the threats are successful?
­ What is the likelihood of success?
­ A summary table showing this information along with the rank ordered risk would help with clarity.

5.0 FUNCTIONAL ANALYSIS
Integrate information, research and findings from Steps 2-4, as they relate to the scenario.

5.1 Methodology
Apply the SQUARE (Software Quality Requirements Engineering) methodology specifically to your scenario.
­ Explain what the SQUARE methodology is.
­ Provide the steps/process involved. Be specific about how each step is executed with respect to this scenario.
­ How will you specifically determine the requirements for the security technology and techniques being proposed?
­ What are examples of those requirements. Note that requirements are enumerated statements which are separated into different categories of applicability.

5.2 Ways for Securing Data in the Hadoop Cloud Environment
­ What does it take to secure data in the cloud?
­ Explain database models.
­ Discuss your results from executing the Hadoop lab, as they apply to securing data in the software development life cycle for our (data in transit) scenario. This means state the lab cases and what they were designed to show relative to data security. State the resulting specific data and what the data specifically showed.

5.3 Technology Evaluation
Provide a summary explanation of your analysis and planning for choosing the technologies and techniques of your solution.
­ Review and explain the following and identify your preferred options.
i. Server virtualization
ii. Benefits and features of cloud computing for this specific case.
iii. Mobile cloud computing.
­ Compare and discussthe different technologies and techniques regarding their efficiency, effectiveness and other factors affecting the security of the data in transit to and from the cloud. Identify and explain your preferred options.
i. Encryption
ii. Access control
iii. Other techniques

6.0 SYSTEM DESIGN
Integrate information, research and findings from Step 5, as they relate to the scenario.System infrastructure can be a physical system block diagram or hierarchy diagram. System model normally includes the system components along with their requirements/specifications. In this section, only include the security requirements.
­ Describe the system infrastructure/components.
­ Complete the system model by describing your design requirements/specifications for your data-in-transit protection model. Recall that requirements are enumerated statements which are separated into different categories of applicability. A summary table or list with reference to the components, however,may be useful for clarity.

7.0 LIFE CYCLE PLANS
Several phases make up the life cycle of a product. For example, these include software and hardware architecture, definition and development, component through integration and acceptance testing, deployment, operations and maintenance and retirement or disposal. In this section, you will cover your software development, testing and integration, deployment and retirement or disposal plans. Note that testing often includes testing that the desired feature works as intended and also how it responds to other situations. For example, a security feature on an ATM cash machine is a PIN. The PIN may be specified as 4 numerical digits. A test that the feature works as intended is to try correct and incorrect 4-digit PINs and determine if access is granted or denied. A test for an unintended case might be what happens if 8 numerical digits are entered, or 8 digits with the correct 4 digits at the beginning or 8 digits with the correct 4 digits at the end.

7.1 Software Development Plan
­ Explain the steps in your software development plan.
­ What are some of the different design and development considerations you will be deciding?

7.2 Testing and Integration
A clear and concise way of showing your test plan is by creating the enumerated requirements statements for each step in the test, each directly followed by any explanation.
­ Explain testing and integration.
­ Implementation Testing
i. Show your test plan for evaluating thetechnologies and techniques used in your system for assuring the security of data in transit.
ii. What are your expected results for test?
­ Integration Testing
i. Show your test plan for evaluating the compatibility of your solution with other systems.
ii. What are your expected results for each test?

7.3 Deployment
­ The HR company will be running its HR application within the cloud. Describe any uniquesecurity technology characteristics, techniques or requirements appropriate for the software as a service (SaaS) in the cloud model.
i. Where in the cloud would the technology or techniques be used?
ii. Identify which specific components would use each technology or technique
­ Requirements are usually specified in a Service Level Agreement or SLA, which would be negotiated between the cloud provider and the HR company. What are the key requirements in the SLA for securing the HR company's data in the SaaS implementation and for assuring that the requirements are met?
­ Describe and explain your recommended deployment strategy to the cloud.

7.4 Operations and maintenance
Once the solution has been deployed and the HR application is running in the cloud, there will be a need for assuring the operation meets requirements and for routine maintenance. Concentrating solely on the data
­ Provide a very high level plan for what aspects need to be addressed in both the operations and maintenance.
­ Provide more detail and discuss and explain the process for continuous monitoring of the data in transit and the technology and techniques in the security architecture.
­ Provide more detail and discuss and explain the process for auditing the monitored data.

7.5 Disposal Plan
Assume that the HR company will no longer hves a need for the cloud HR application. The HR company will therefore end its contract with the cloud provider.
­ Identify and discuss the key areas which must be addressed regarding the application, data and other relevant information, hardware or software on the cloud.
­ How will the cloud and the HR company handle the preservation, retrieval and disposition of the HR company's data?
­ How will the cloud and the HR company handle the preservation, retrieval and disposition of the HR application?
­ What other actions, notifications, procedures, etc. would you recommend?

8.0 CONCLUSIONS

Attachment:- Cloud Template and Group plan.rar

Verified Expert

This assignment is prepared as per the requirements of the student. The introduction, section 7.5 and conclusion are developed are per the instructions and scenario of the case provided in the attachments.Disposal plan has been prepared in the section 7.5 and focused on protecting the data. The solution has addressed all the requirements and fulfilled the criteria given. APA references has been used along with the in-text citations.

Reference no: EM131851369

Questions Cloud

Write an analysis of the types of business : Based on your readings, which focus on comparing and contrasting the business environment of the 20th and 21st Century.
Create a base class to store characteristics about a loan : Create a base class to store characteristics about a loan. Include customer details in the Loan base class such as name, loan number, and amount of loan.
Create a ticket reservation class for issuing tickets : Create a ticket reservation class for issuing tickets to on-campus events such as plays, musicals, and home basketball games.
How can you facilitate goal achievement : Which GLOBE dimensions do you resonate with and why? How will this impact you in the workforce or in student life on GMU campus?
Move HR applications and HR data into a community cloud : The company wants to move its HR applications and HR data into a community cloud, sharing tenancy with other clients. It has not used the cloud before
Define properties tostring methods : Define properties, ToString( ) methods, and a minimum of one virtual method. The ToString( ) method should return the name of the sport and coach.
Find two different software systems companies : You have learned that an HRIS can be an important tool to organizational leaders and that there are many different type of HRIS that perform various activities.
How societys expectations affect the business leader : Explain how society's expectations affect the business leader of tomorrow.
Create a base class to hold information about sporting teams : Create a base class to hold information about sporting teams on campus. It should not be possible to instantiate the class.

Reviews

inf1851369

4/3/2018 5:31:00 AM

Please make sure that section 7.5 is very technical and detail. It is essential. I need your best for this project. I already done it. Can you add a section about 1.5 pages Talk about the different software and hardware that will be used and what programs or software will be used in the cluster. 7.1 Software Development Plan Explain the steps in your software development plan. What are some of the different design and development considerations you will be deciding

len1851369

2/6/2018 5:52:58 AM

Read the entire scenario then read Project 4 group plan for an overview. Finally, follow the Securing Data in the Cloud Template. I need just the introduction, section 7.5 and the conclusion. 3 pages

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd