Task:
The Department of Spatial Information (DSI) is a State Government department. The major functions of DSI are to provide accurate and timely spatial information to other Government departments, but also to make some of this spatial information available to the public. In order to provide both the government and public services, DSI has developed a number of web services that deliver this information through a number of internally developed applications. This suite of web services and applications is referred to as the DSI Online Spatial Delivery System (OSDS).
DSI have a number of new projects being developed that are expected to increase the demand for its spatial data dramatically. The Executive Management of DSI have looked at a number of proposals to support these new programs. The two alternatives they are investigating are:
- Increasing the internal DSI Data Centre capacity to host and support the new projects in the OSDS. This would probably need a 50% increase in web infrastructure and support services within the Department. This would necessitate an increase in data centre infrastructure, server numbers as well as a major increase in the bandwidth available to DSI.
- Migrating the OSDS to a Cloud provider. This would allow DSI to continue to develop and refine the data in its internal Maintenance systems and then move a copy of the completed data to the cloud-based Delivery system for publication.
DSI Management is planning to adopt Proposal 2 but have asked you to give them a report that looks at the following aspects of the proposal:
- What model should DSI adopt for a cloud-based OSDS?
- How should DSI assess the risk of adopting a cloud-based OSDS?
- What steps should DSI take to provide adequate security for the OSDS?
Tasks:
Prepare a report that covers the following aspects:
- An executive summary of no more than 1 page that summarises your report and recommendations;
- The model that you recommend that the DSI adopt for the cloud-based OSDS. This should include any Cloud Architectures that should be deployed to support the model;
- A review of the risks involved in migrating the OSDS to a cloud-based provider;
- A review of the general security steps that DSI should take to secure the OSDS when deployed to a Cloud provider.
Rationale
This assessment will cover the following objectives:
- Be able to compare and evaluate the ability of different Cloud Computing Architectures to meet a set of given business requirements;
- Be able to evaluate a set of business requirements to determine suitability for a Cloud Computing delivery model;
- Be able to evaluate and design an ICT Risk Management strategy for a Cloud Computing Delivery plan to meet business requirements;
- Be able to interpret, evaluate and plan the Governance and Security requirements for a Cloud Computing delivery plan;
- Be able to analyse and evaluate business requirements to plan a migration to a Cloud model;
Marking Criteria:
|
Question
|
HD
|
DI
|
CR
|
PS
|
FL
|
|
Executive Summary
|
Clear & comprehensive summary of Security and Risk assessments that highlights all major issues
|
Detailed summary of Security and Risk assessments that highlights most major issues
|
Good summary of Security and Risk assessments that highlights many major issues
|
Adequate summary of Security and Risk assessments that highlights some major issues
|
Inadequate or incomplete summary of Security and Risk assessments that highlights few or no major issues
|
|
Recommended Model
|
Clear & comprehensive summary of reasons for selecting model that highlights all major issues
|
Detailed summary of reasons for selecting model that highlights most major issues
|
Good summary of reasons for selecting model that highlights many major issues
|
Adequate summary of reasons for selecting model that highlights many major issues
|
Inadequate or incomplete summary of reasons for selecting model that highlights little or no major issues
|
|
Information Security Assessment
|
Clear, comprehensive assessment of InfoSec issues, critical points identified & discussed,
|
Detailed assessment of InfoSec issues, most critical points identified & discussed,
|
Good assessment of InfoSec issues, many critical points identified & discussed,
|
Adequate assessment of InfoSec issues, some critical points identified & discussed,
|
Inadequate or incomplete assessment of InfoSec issues, few or no critical points identified & discussed,
|
|
Risk Management Assessment
|
Clear, comprehensive description of Risk Management issues, critical points identified & discussed,
|
Detailed description of Risk Management issues, many critical points identified & discussed,
|
Good description of Risk Management issues, many critical points identified & discussed,
|
Adequate description of Risk Management issues, some critical points identified & discussed,
|
Inadequate or incomplete description of Risk Management issues, critical points identified & discussed,
|
|
Spelling, Grammar, Presentation
|
Up to 5 marks may be deducted for poor presentation, spelling and grammar
|
|
APA referencing
|
Up to 5 marks may be deducted for not providing or following the proper APA style of referencing.
Note that the guide for APA referencing is provided in the Resource Section of the ITC561 Interact site.
|
Marking Guide:
|
Question
|
Possible Marks
|
Score
|
|
Executive summary
|
15
|
|
|
Recommended Model
|
25
|
|
|
Information Security Assessment
|
30
|
|
|
Risk Management Assessment
|
30
|
|
|
Spelling, grammar & presentation (up to -5 marks)
|
(-5)
|
|
|
Referencing (up to -5 marks)
|
(-5)
|
|
|
Total
|
100
|
