This message was posted by a user wishing to remain anonymous
I need expertise in the cloud inherent risk assessment.You are required to perform inherent risk assessment that should be aligned with my operational risk management policy (which I'll provide) that is comprised of 17 risk events.
- Business Interruption Risks- Data Risks
- Financial Reporting
- Fraud Risks
- Internal/External Fraud Risks- Information Security (Including Cyber) Risks- Legal Risks
- People Risks
- Physical Security and Safety Risks- Privacy Risks- Regulatory Compliance Risks- Technology Risks- Third Party RisksNow add as many sub risks as you can think of.. for example Data Risks could be data encryption, data flow, data ownership, data classification etc etc.
I am cloud customer, so even if risk is on the CSP side, it is my responsibility to ensure how CSP is managing the risks - risk assessment should be conducted with this mindset.
In addition to above please include Governance and contract management risks from Cloud customers perspective and bucket them into the above mentioned categories.
*****The goal is to identify and assess as many cloud risks as possible, regardless whether those risks are technical or business risks across all deployment models (public cloud, private cloud, hybrid cloud) and service types (iaas, paas, saas).*****NOTE: You have to assess traditional IT risks as well that may have an impact on the cloud.IMPORTANT INFORMATION:-I will provide operational risk methodology that you will use as a guidance to assess the risks.********AUDIENCE OF THIS RISK ASSESSMENT IS BOTH BUSINESS PEOPLE AND TECHNOLOGY PEOPLE SO PLEASE USE LANGUAGE WISELY WHEN YOU DESCRIBE THE RISKS IN DETAIL IN THE RISK DESCRIPTION*******
I am paying USD 500 for this service.