Essay aus dem Jahr 2015 im Fachbereich Informatik - Allgemeines, , Sprache: Deutsch, Abstract: Cloud computing is a new computing technology which has attracted much attention. Unfortunately, it is a risk prone technology since users are sharing remote computing resources, data is held remotely, and clients lack of control over data. Therefore, assessing security risk of cloud is important to establish trust and to increase the level of confidence of cloud service consumers and provide cost effective and reliable service and infrastructure of cloud providers. This paper provides a survey on the state of the art research on risk assessment in the cloud environment.
Bachelor Thesis from the year 2014 in the subject Computer Science - Commercial Information Technology, grade: 2,0, University of Applied Sciences Brandenburg (Fachbereich Wirtschaft), language: English, abstract: Risk Management for IT-Service Lifecycle Management is not always performed in a transparent, repeatable and consistent way. In consequence its potential to be used as a key element for successful decision taking is not fully utilized. This thesis considers applied standards, models and practices in the IT-Service Management to establish a methodology which enables improvement of Risk Management within the IT-Service Lifecycle. The developed methodology determines stages in the Lifecycle where risk assessments should be performed. It also defines the required information and their sources. Being based on already existing processes within a service providing organization, this methodology can easily be applied to improve the service quality. Motivation: Since one major business sector of Merck is the production of pharmaceutical products the organization is subject to very strict regulations for development and production of their life science products and the business supporting ITServices therefore underlie a strong IT-Governance. This IT-Governance as part of the corporate Governance is highly influential on how IT-Services are operated and carried out over their whole lifecycle. In addition, business processes and the management of risks are highly important factors. The provided IT-Services have to be on track with business needs of the respective customers. To ensure this alignment strategic decisions need to be based on relevant information. To improve this decision making process various types of information on IT-Services are needed. The authors professional background served as a foundation for addressing this corporate need of Merck. Having obtained basic knowledge on IT-Services, related organizations and processes, the author took this opportunity to pursue his growing interest within this field of research.
Cloud Risk Assessment & Management Survey Tool for Users and Providers
Scientific Study from the year 2018 in the subject Computer Science - Commercial Information Technology, grade: 2.5, , course: IT, language: English, abstract: Here an attempt has been made to discuss about CARTA (Continuous Adaptive Risk and Trust Assessment) suggested by Gartner and Dynamic Trust Management in Organic Networks (ON). The twin concepts behind CARTA and the three phases where CARTA can be used in IT security has been discussed. Here Organic Network (ON) and its Dynamic Trust Management method has been briefly stated. Here the feasibility of both CARTA and Dynamic Trust Management in ON has been stated in a tabular form for the convenience of the reader. In this work an attempt has been made to discuss about CARTA (Continuous Adaptive Risk and Trust Assessment) and Dynamic Trust Management in Organic Networks (ON). The twin concepts behind CARTA and the three phases where CARTA can be used in IT security has been discussed. Here Organic Network (ON) and its Dynamic Trust Management method has been briefly stated. Here the feasibility of both CARTA and Dynamic Trust Management in ON has been stated in a tabular form for the convenience of the reader. Finally the topic is concluded and important points stated. CARTA is a new approach introduced by Gartner for security and risk management. As per Gartner, CARTA (Continuous Adaptive Risk and Trust Assessment) is vital to stay competitive with emerging business opportunities. The key is to apply philosophy across the business from DevOps to external partners.
This project presents the performance analysis of Particle swarm optimization (PSO), hybrid PSO and Bayesian classifier to calculate the epileptic risk level from electroencephalogram (EEG) inputs. PSO is an optimization technique which is initialized with a population of random solutions and searches for optima by updating generations. PSO is initialized with a group of random particles (solutions) and then searches for optima by updating generations. Hybrid PSO differs from ordinary PSO by calculating inertia weight to avoid the local minima problem. Bayesian classifier works on the principle of Bayes rule in which it is the probability based theorem. The results of PSO, hybrid PSO and Bayesian classifier are calculated and their performance is analyzed using performance index, quality value, cost function and classification rate in calculating the epileptic risk level from EEG.
With the opening of the Indian economy, many multinational corporations are shifting their manufacturing base to India. This includes setting up green field projects or acquiring established business firms of India. The region of this business unit is expanding globally. The variety and size of the customer base is expanding and the business risk related to bad debts is increasing. Close monitoring and analysis of payment trends helps to predict customer behavior and predict the chances of customer financial strength. The present manufacturing companies generate and store tremendous amount of data. The amount of data is so huge that manual analysis of the data is difficult. This creates a great demand for data mining to extract useful information buried within these data sets. One of the major concerns that affect companies investments and profitability is bad debts; this can be reduced by identifying past customer behavior and reaching the suitable payment terms. The Clustering and Prediction module was implemented in WEKA - a free open source software written in Java. This study model can be extended to the development of a general purpose software package to predict payment trends of customers in any organisation. Prof. Jeeva Jose was awarded PhD in Computer Science from Mahatma Gandhi University, Kerala, India and is a faculty member at BPC College, Kerala. Her passion is teaching and areas of interests include World Wide Web, Data Mining and Cyber laws. She has been in higher education since year 2000 years and has completed three research projects funded by UGC and KSCSTE. She has authored and published five books. She has published more than twenty research papers in various refereed journals and conference proceedings. She has edited three books and has given many invited talks in various conferences. She is a recipient of ACM-W Scholarship provided by Association for Computing Machinery, New York.
Das Buch bietet einen praxisbezogenen Leitfaden für das Informationssicherheits-, IT- und Cyber-Risikomanagement im Unternehmen - es ist branchenneutral und nimmt Bezug auf relevante Konzepte und Standards des Risikomanagements und der Governance (z.B. COBIT, NIST SP 800-30 R1, ISO 31000, ISO 22301 und ISO/IEC 270xx-Reihe). Der Autor stellt integrierte Lösungsansätze in einem Gesamt-Risikomanagement vor. Dabei behandelt er systematisch, ausgehend von der Unternehmens-Governance, die fachspezifischen Risiken in einem beispielhaften Risikomanagement-Prozess. Der Leser erhält alles, was zur Beurteilung, Behandlung und Kontrolle dieser Risiken in der Praxis methodisch erforderlich ist. Diese 5. Auflage ist auf den aktuellen Stand der Compliance-Anforderungen und der Standardisierung angepasst und geht in einem zusätzlichen, neuen Kapitel speziell auf die Cyber-Risiken und deren Besonderheiten ein. Anhand von Beispielen wird ein Ansatz für das Assessment der Cyber-Risiken sowie in der Massnahmen zur adäquaten Behandlung gezeigt. Hans-Peter Königs, Dipl. El. Ing. und MBA, ist Geschäftsführer der IT Risk KM Consulting GmbH sowie Dozent an der Hochschule Luzern - Informatik, in den Zertifikats- und Master-Studiengängen (CAS und MAS) für Information Security. Nach langjähriger Tätigkeit als Corporate Security Officer liegen die Schwerpunkte seiner heutigen Beratertätigkeit in den Bereichen Risikomanagement, IT-Risikomanagement, Geschäftskontinuitäts- und IT-Notfall-Management sowie in der Informationssicherheit.
Bachelorarbeit aus dem Jahr 2012 im Fachbereich Informatik - Wirtschaftsinformatik, Note: keine, Marmara Üniversitesi, Sprache: Deutsch, Abstract: ABSTRACT Cloud computing has been a frequently discussed approach in recent years. This approach is based on applications and services being kept on the remote servers and usage of these application and services via devices with internet connection. In Cloud Computing all the resources and services are provided with Pay as you use model. Therefore, the businesses are able to choose and use an appropriate model for themselves without having to make new investments. In addition to lowering the operating costs it brings other benefits such as simplicity, flexibility, developing new business models. On the other hand, the most important question mark of the Cloud Computing is security issues. However these concerns are prevented with a variety of security measures. In this study, content, benefits, risks and in an architectural way the technical structure of the Cloud Computing are explained. In the last part of my study, a companys computing processes are analyzed and according to the outcomes, a cloud computing model has been developed.
Masterarbeit aus dem Jahr 2011 im Fachbereich Informatik - Wirtschaftsinformatik, Note: 1,3, Hochschule München, Sprache: Deutsch, Abstract: Scrum gehört zu den agilen Projektmanagementmethoden und es bedarf eines Umdenkens seitens von Kunden und Management. Anders als bei klassischen Methoden, wird in Scrum auf selbstorganisierte Teams und flache Hierarchien großen Wert gelegt. Die Masterarbeit konzentriert sich auf die Einführung von Scrum in ein thailändisches IT-Unternehmen. Hierbei wurden kulturelle, organisatorische und technische Aspekte mit Hilfe des Problemlösungszyklus analysiert und Ziele definiert. Anschließend sind Lösungen nach Scrum und alternative Ansätze evaluiert worden. Für eine Bewertung wurden die drei Faktoren Kosten, Zeit und Risiko mit Punkten gewichtet um die Lösungen später im Maßnahmenkatalog vergleichen zu können. Als Ergebnis kam heraus, dass die zuvor definierten Ziele mit minimalen Anforderungen aus dem Scrum Framework umgesetzt werden können. Zusätzlich ist ein maximaler Lösungsansatz in Betracht gezogen worden. Hierbei tragen alternative Lösungsansätze dazu bei, Scrum als Ganzes zu adaptieren und unterstützen die Umsetzung. ABSTRACT [ENGLISH ] Scrum is one of the agile project management methods and requires a rethinking of customers and management. Unlike classical methods, Scrum set great values on self-organized teams and flat hierarchies. This master thesis focuses on implementing the Scrum Framework for an IT company in Thailand. On this occasion, cultural, organizational and technical aspects were analyzed using the problem solving cycle and objectives defined. Afterwards solutions to Scrum and alternative approaches have been evaluated. For an assessment, weighted points were categorized in three factors of cost, time and risk to compare the solutions later in the action plan. As a result, it was revealed that the previously defined goals can be implemented with the minimum requirements of the Scrum framework. In addition, a maximum approach has been considered. Regarding to this, alternative approaches help to adapt Scrum as a whole and support the implementation.
Use this book to learn how to conduct a timely and thorough Risk Analysis and Assessment documenting all risks to the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI), which is a key component of the HIPAA Security Rule. The requirement is a focus area for the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) during breach investigations and compliance audits. This book lays out a plan for healthcare organizations of all types to successfully comply with these requirements and use the output to build upon the cybersecurity program. With the proliferation of cybersecurity breaches, the number of healthcare providers, payers, and business associates investigated by the OCR has risen significantly. It is not unusual for additional penalties to be levied when victims of breaches cannot demonstrate that an enterprise-wide risk assessment exists, comprehensive enough to document all of the risks to ePHI. Why is it that so many covered entities and business associates fail to comply with this fundamental safeguard? Building a HIPAA Compliant Cybersecurity Program cuts through the confusion and ambiguity of regulatory requirements and provides detailed guidance to help readers: Understand and document all known instances where patient data exist Know what regulators want and expect from the risk analysis process Assess and analyze the level of severity that each risk poses to ePHI Focus on the beneficial outcomes of the process: understanding real risks, and optimizing deployment of resources and alignment with business objectives What Youll Learn Use NIST 800-30 to execute a risk analysis and assessment, which meets the expectations of regulators such as the Office for Civil Rights (OCR) Understand why this is not just a compliance exercise, but a way to take back control of protecting ePHI Leverage the risk analysis process to improve your cybersecurity program Know the value of integrating technical assessments to further define risk management activities Employ an iterative process that continuously assesses the environment to identify improvement opportunities Who This Book Is For Cybersecurity, privacy, and compliance professionals working for organizations responsible for creating, maintaining, storing, and protecting patient information Eric C. Thompson is an accomplished governance, risk, and compliance professional. In his GRC role as the Director of Compliance at Blue Health Intelligence (BHI), Eric leads efforts to increase cyber security maturity in several domains including, governance, policy and controls, risk management, cyber security strategy and business alignment. He established the risk management function which includes assessment, analysis, and treatment of risk, threat, and vulnerability management strategy and creating due diligence assessment requirements related to third-party risk. Eric also evaluates cyber security technology capabilities and makes recommendations for enhancing current solutions and investing in new implementations that meet risk reduction requirements. Prior to BHI, Eric spent seven years at Ernst & Young (EY) in the Advisory practice where he specialized in helping healthcare organizations (providers, payers, and business associates) solve problems related to information security, risk management, and compliance. Eric led the HITRUST Common Security Framework (CSF), cybersecurity program management, and third-party risk management assessments. Eric is also a proud member of the SANS Mentor team.