​Instructions 1. Please read and answer each question. There are 3 questions. 2. Please make sure you clearly identify your answer as Q 1, 2, 3 with a header. Failure to do so will result in a loss of some or all points.

3. At the minimum, submissions should reflect your understanding of the course material. Ensure that your answer reflects material covered in the course text books or assigned reading, lecture notes and the lectures themselves. If using material from outside of the above sources, then please reference the source (APA format).

4. Maximum of 2000 words total for the entire exam.

5. Once completed, upload your work in a MS Word or RTF format to BlackBoard under the assignments Final exam section. Make sure your document name follows the following format:

firstname.lastname final exam.docx

or Firstname.lastname final exam.rtf Failure to follow the above instructions may result in a zero for the final exam.

Q 1 – (40 points) Discuss how security for a "traditional" information system will change when you transfer that system into the cloud. Specifically what are the security implications of using each of the three cloud service models (SaaS, PaaS, IaaS) that are unique to cloud computing? (How is cloud security different than traditional security?)

Q 2 – (30 points) Given the nature of cloud computing multi-tenancy model what risk management practices would you recommend putting in place (assume that there are none in place currently) to minimize the likelihood and severity of a data breach occurring in the cloud that contains your data? Make sure you identify which cloud service model and cloud deployment model you are writing about.

Q 2 – (30 points) You come into your office Monday morning and the CIO announces that they plan to move the entire human resource system and patient healthcare system into the cloud. The CIO forgot to invite you to a meeting that he is hosting which will be occurring in 30 minutes with you, the CEO the potential cloud service provider. Document 5 questions that you plan to ask the cloud service provider which will provide you with the basis of your recommendation of should your organization trust this provider's ability to keep your systems and information secure. Provide a brief (1 to 2 sentences) per question as to why you want to know the answer to that question. Why is it important? Assume they are using a SaaS model.