Executive Summary

Technology is an always changing field. It is accompanied by new adjustments and knowledge. This new knowledge is critical is the numerous opportunities which emerge in the technological industry thus in line with the possibilities, there must be developments which are witnessed in technology. With this trend, technical projects evolve frequently and often, therefore, make it more challenging to select a technological plan. 

Executive Summary

The cloud computing service is a useful and significant advancement in the motor vehicle registration online system. This is a project that is considered an investment plan. The vital goals of the assessment are to identify and evaluate the leading technologies and risks associated it the project. The motor vehicle registration systems architecture study is vital in the acknowledgment and evaluation. The results are obtained through a robust and professional analysis. The recommendations for the project include the schedule, the program allocation where the development of technologies is required.

This section summarizes the assessment done on the technological project whereby the extent to which the cloud-based service is assessed is detrimental in the knowledge of some of the risks and threats that can be faced in the sector. This is a technological project by a renowned company in the United States of America known as Metro X (Juliadotter & Choo, 2015). This is a company that is detrimental in the online registration of motor vehicles in the always changing technology world.  The assessment of this technology is very vital in the identification of the technology which is essential to support the evaluation. The primary roles of this assessment are to identify the whole types of technological adjustments required in the new architecture and the availability of the technologies to avail support (Chou, 2015).

To ensure that a particular and more objective technology is developed and put into action, to enable the development of more research and the project recommendations under which the technological projects are usually established. However for the project assessment to be of success, there must be appropriate guidelines which are vital to the process of the evaluation. All technology developments shall be directly traceable to architecture requirements.

The MVROS is composed of various elements. This involves the customer interface whereby the user can easily input the data and receive all the information from the application due to the web pages in series form. The application used was built by Microsoft internet information server. It also has an interface which holds the motor vehicle registration database with pay link which is an e-commerce system Ali, Khan & Vasilakos, 2015).

My key roles in the company as the project manager is to ensure that all the soft wares in the IT company work in line with the project of the company. The project is reliant on the soft wares run by the same company. It’s my sole duty to ensure that I do monitor the staff, execute responsibilities and controlling the operations in Metro X.

The technology assessment which was completed is essential to specific sectors of the company Metro X. However the key recommendations of the evaluation are

• The motor vehicle registration online system mission directorate has to spread risks and share the risks.
• The motor vehicle registration online system should ensure that the directorate level institution receives the analysis and development activities of the system analysis
• The appropriate staff involved in the online registration of motor vehicles should strive to ensure that implementation is successful
• The motor vehicle registration online system mission directorate should develop a close interconnection that connects the architecture and the system and the technology advancements projects.

Overview of the Project

The motor vehicle registration online system mission directorate should facilitate a platform for a smooth transition the technologies to the registration element development programs.

Security Architecture

This involves the services that are the reusable and unifying framework which will enable the company Metro X to develop the operations team and the team responsible for development to bring together the efforts. The software used by the company might not be able to make a business entity to buy an XML security gateway for enhanced web services security. However, at the architectural level, the architectures can equally identify the different projects that leverage such a particular reusable service. In this case, the security architecture details deliver improved web services security which is a simple programming model used by developers and is critical in saving costs

The stakeholders in the company. This involves all the available players in the field of the motor vehicle registration online registration system. These are the users, the legal fraternity and the clients. The particular players usually push or system security (Potter & McGraw, 2014). The main difficulties generally present in company security is the acknowledgment of the stakeholders who directly a role in the safety of the system and educating the stakeholders on the real risks and the mitigations. The business analysts can be impacted with the skills for the steps of specifying the issues in the user accounts; the quality group is trained on the security testing tools such as vulnerability scanners and fuzzes. The architecture from this can learn how to effectively deign security services that are reusable which will ease the process of developers build security for their systems. The general load is on the information security team due to the definition of the demand for protection.

The strategically, tactical and contingency planning is affected by exogenous elements such as the current business and the economic status surrounding the operational region, the tastes of the staff concerning specific software and hardware in Metro X, the nature and traits of the technology used and the level of possibility into the entry of the companies into the field (Jacobsson Boldt & Carlsson, 2016).

The strategic planning is essential in the mission statement of the company thus necessary to be aligned with the tactical plan to achieve the company goals using the shortest way possible. Contingency planning is critical in that the company can cater to the uncertainties at any time be it in present or in future. A contingency planning involves the assessment of:

• The company’s IT infrastructure including the software used, the data and  hardware
• Ranking the risks faced by the IT company in the order of their probability occurring
• Taking a plan of action which entails the processed involved in the elimination or mitigation of risk.
• Establishing the contingency policy document and testing the contingency plan in the company.

The investment in the security of the risk in the firm is crucial in that the expectation of the firm will be to get a return on the investment. However the understanding of the value of assets that are used in the security is essential. The investment on the security gadgets does not however imply a sure profit. The company Metro X might pick have made the decision to use the particular technological instruments to save money. However due to inefficiency, there might be financial losses which might be realized due to the heavy costs of funds which are used on the security of the company technological instruments. The asset value of the security gadgets is the most overrated expense in the operations of the firm. The return on the security investment is key in the evaluation of the loss expectancy as it is obtained by considering the security expenditure that is expected then subtract the annual loss that is expected in the IT firm.

Risk Assessment

This involves the generation of a formal judgment on the consequence and probability of risk. Risk assessment is based on the risk identification, risk analysis which entails the likelihood of the threat and its impacts, its estimation ad the addressing of the risk in the company

The probability of risk involves the likelihood of the risk occurring whereas the cost is the impact. However, risk assessment and management requires a risk matrix. The tool is essential to the definition of the level of the acknowledged risks by the risk occurring against the impact of the risk. The risk matrix tool is critical in the visibility of the dangers thus the sect for the management to make and enhance dependable decisions which depend on the probability of the risk (Almorsy, Grundy & Müller, 2016).

Risk assessment in Metro X is done in five major stages. This involves the identification and acknowledging of the risks, the determination of the parties which are exposed to the risk, the risk question, and the evaluation of risk and the implementation of the mitigation measures in the risk.

As the project manager, it is vital to ensure betterment in the predicting the likelihood of their projects success. Metro X Company as the company that deals with IT quantity’s risks of the new infrastructure on risk management rather than just going forward with the project. This is due to the IT failures in the past.

The risks associated with the motor vehicle registration online system uses the model of

Risk= the treat likelihood multiplied by the intensity of the impact of the threat (Engström & Blom, 2018).

Vulnerability

Vulnerability	Description
XXS Attacks	The application in the web server can be used to access the system of the user. This is achieved by the user being fooled by spoofing
Unnecessary services	The application server has superfluous facilities in progress such as SNMP (Boehm, 2018).
Password strength	The passwords on the server are very simple hence can be guessed by attackers
Inappropriate documentation.	This includes the operating processes of the documents and their design in the documentation.

The threat agents that are identified as applying to the motor vehicle registration online system include

Data loss; the data or information regarding the company which is stored in the order of the MVROS could be lost as per the failure of the hard drive. The content security policy could delete the data by accident. Thus the attacker has the chance of data modification Data loss has dire consequences for the company and thus backing up data is key in the company (Laplante, 2017).

Insecure Application programming interfaces. Malicious attackers tend to interfere with the integrity and the confidential nature of the company set up. This is because the application programming interfaces are usually accessible from anywhere on the internet. This can be used to manipulate the details and information of the customer. Thus it is important for a provision of a secure application programming interface which will curb such attacks (Furuncu & Sogukpinar, 2015).

Hackers. These characters usually attack the website of the MVROS and change it into a different appearance rather than the usual appearance. They usually tamper with the website by breaking into the web server or can decide to replace the site with one of their own. They can intrude the system and its functionality and unauthorized access into the system

Computer criminal. This is common in the IT field. Various threat actions occur due to computer criminal. Spoofing is dominant whereby one exaggerates the characteristics and traits of the MVROS in the sending of the communication to other parties. Identity theft is also common whereby an individual uses the username of MVROS to acquire his desires and system intrusion whereby there is illegal access to the systems of the MVROS (Jacobsson, Boldt & Carlsson, 2016).

Threat Agents

User awareness. The users of the systems of the company have to be taught on the various attacks which may be faced in the company. There are various social engineering threats which manipulates a user into logging into a malicious web server. The system of the company will thus be accessed (Grigorescu, Chitescu & Diaconeasa, 2016). This happens as the user steals the victim’s data and sensitive information regarding the company.

The denial of service: This threat agent is key in the company field as an attacker of the company’s system may issue a denial of service attack against the cloud service thus making it very inaccessible and difficult to penetrate into. Thus this interferes with the cloud service. This occurs through the usage of CPU, RAM and disk space (Boehm, 2018).

The insiders in the IT Company. These involve the staff in the company who are not appropriately trained; they tend to be dishonest, negligent and very uncouth behavior. The threat actions by these insiders include the accessing of the system yet unauthorized, the browsing of the personally identifiable information which may lead to leakage of sensitive data and there are instances of malicious codes such as viruses in the company system (Li, 2014). 

Unknown risk profile: When moving to the cloud service, all the security implications have to be considered such as the updates for the software security, log monitoring and the interrogation of security information and event management into the network. These threats might have been enclosed and not seen but will be faced in the future.

The environment is also a key threat agent. This entails natural disasters such as heavy rains which might interfere with the working of the company systems.

Malicious programs, these are very common to the computer systems. This attacks the system and may lead to its failure. Due to the current artificial intelligence capacitance, malicious programs are developed for the striking of the system. These malicious programs usually are of two types, i.e., some do not need a host program to run whereby they are platform independent whereas they can mutate with them regarding the internal and external stimuli (Rittinghouse & Ransome, 2016).

Secure data transmission: Data transmission in the company has to be done using encrypted secure communication channels such as SSL. This highly curbs attacks such as MITM attacks whereby the information and sensitive data could be elapsed by the attacker by accessing the communication lines.

Data breach in the cloud service: This occurs when a virtual machine is used to access the system’s data from another computer which is just in the same host. This mostly happens in cases where there are two different customers (Haimes, 2015).

Impact (Score)	Definition
High (100)	The confidentiality nature of the system being interfered with will lead to adverse effects on the processes and operations of the organizational procedures and services.
	Examples: there will be difficulty in the objective of the position that the company won’t be able to complete its primary roles (Djemame, Guitart & Macias, 2016)
	There will be the severe financial loss Staff getting harmed or injured (Ite, 2016)
Medium( 50)	The confidentiality loss leads to significant destruction to company property The significant difficulty in achieving the company goals Significant harm to staff and does not cause death (Bahr, 2014).
Low (10)	Minor destructions to the company property. Minor harm to staff Less financial loss

Mitigating the risks is very crucial in the company. There is the need for ensuring the end to end encryption is enabled. The database in the cloud service will facilitate the option to encrypt data stored on a database as a service. This is vital in reducing the risk of leak aging of data in the company.

Protection Mechanisms

The company should keenly review the compliance requirements. This is regarding the business associate agreement, and the standards of the regulation are met.

The company could also mitigate against the risk by risk transference. This involves the motor vehicle registration online system handling of the risk to a third party, e.g., payroll services in the company are outsourced.

Summary

The risk assessment is due to the hazards brought by IT disorders in the recent and past times. The requirements thus have to be addressed keenly using risk assessment and management technique (Mahdevari, Shahriar & Esfahanipour, 2014).Top of Form

There is a need of coming up with incentives aimed at minimizing the levels of risks. This is key after the identification of the risk, the analysis of the risk, the control of the risk appropriately, it’s financing of the loss by the risk and the management of the risk.

There is need to ensure that the MVROS is safeguarded against the risks. This is achievable by making the company more interdependent on other firms by outsourcing some services and being interconnected in its operations. Frequently ensuring that the in-house software is updated. This is because if the in-house software is outdated, operating systems such as the Windows XP could be at risk.

To ensure information security, it is vital to ensure that the company system is coded with highly efficient passwords and codes for accessing the system. However, these passwords should only be shared among the trusted staff who will ensure that sensitive data is not leaked to the outside world (Latif, Abbas, Assar & Ali, 2014). Information security is key in any IT related firm. However the information security usually aligns itself to three primary principles. Metro X Company usually bases its security configurations on the following key principles.

• Confidentiality which entails the data in the system of the company being accessed to the only few authorized individuals.
• This principle is based on the fact that the information and data in the system of the firm should always be available and easily accessible when needed.
• This principle is based on the company Metro X tracking down the unauthorized access into its systems.

IT security is a very challenging task which requires maximum attention in order to cope up with the complexity structure of the IT setting. However, IT can be made easier by breaking it down into manageable standards in order to make task easier. Thus the IT professionals have to put in more efforts in ensuring that everything is in order.

Conclusion

It is detrimental to understand the threats which are common in the IT industry. It is the responsibility of the motor vehicle registration online system to ensure communication with the CSP and determine how the risks are addressed rather than relying on the cloud service provider to facilitate the security.

References

Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information sciences, 305, 357-383.

Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.

Bahr, N. J. (2014). System safety engineering and risk assessment: a practical approach. CRC Press.

Boehm, B. W. (2018). A spiral model of software development and enhancement. Computer, 21(5), 61-72.

Chou, D. C. (2015). Cloud computing: A value creation model. Computer Standards & Interfaces, 38, 72-77.

Djemame, K., Guitart, J., & Macias, M. (2016). A risk assessment framework for cloud computing. IEEE Transactions on Cloud Computing, (1), 1-1.

Engström, H., & Blom, N. (2018). Assessment and mitigation of supply risk: A single case study at a global EMS company.

Furuncu, E., & Sogukpinar, I. (2015). Scalable risk assessment method for cloud computing using game theory (CCRAM). Computer Standards & Interfaces, 38, 44-50.

Grigorescu, A., Chitescu, R. I., & Diaconeasa, A. A. (2016). Risks Management of IT Smart Software and Hardware Controlling Daily Activities. Imperial Journal of Interdisciplinary Research, 2(11).

Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.

Ite, U. E. (2016, August). Non-Technical Risks Management: A Framework for Sustainable Energy Security and Stability. In SPE Nigeria Annual International Conference and Exhibition. Society of Petroleum Engineers.

Jacobsson, A., Boldt, M., & Carlsson, B. (2016). A risk analysis of a smart home automation system. Future Generation Computer Systems, 56, 719-733.

Juliadotter, N. V., & Choo, K. K. R. (2015). Cloud attack and risk assessment taxonomy. IEEE Cloud Computing, (1), 14-20.

Laplante, P. A. (2017). Requirements engineering for software and systems. Auerbach Publications.

Latif, R., Abbas, H., Assar, S., & Ali, Q. (2014). Cloud computing risk assessment: a systematic literature review. Future information technology (pp. 285-295). Springer, Berlin, Heidelberg.

Li, W. (2014). Risk assessment of power systems: models, methods, and applications. John Wiley & Sons.

Mahdevari, S., Shahriar, K., & Esfahanipour, A. (2014). Human health and safety risks management in underground coal mines using fuzzy TOPSIS. Science of the Total Environment, 488, 85-99.

Nechaev, A. S., Antipina, O. V., & Prokopyeva, A. V. (2014). The risks of innovation activities in enterprises. Life Science Journal, 11(11), 574-575.

Niazi, M., Mahmood, S., Alshayeb, M., Riaz, M. R., Faisal, K., Cerpa, N., … & Richardson, I. (2016). Challenges of project management in global software development: A client-vendor analysis. Information and Software Technology, 80, 1-19.

Potter, B., & McGraw, G. (2014). Software security testing. IEEE Security & Privacy, 2(5), 81-85.

Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.

Yin, S., & Kaynak, O. (2015). Big data for modern industry: challenges and trends [point of view]. Proceedings of the IEEE, 103(2), 143-146.