Project creation happens in two stages. The first is naming and optionally selecting a Deployment model. The second stage requires answering five questions to build a risk profile. The oak9 risk profile is calculated using those answers related to your project’s Deployment model, Compliance needs, Data Sensitivity, Business Impact, and End-Users.

Step 1

Step 2

Contents

· Explanation of Risk Profile Questions

Question 1: Deployment Model

· Question 1 addresses the type of environment our cloud solution will be deployed in. This question is optional and a part of the Stage 1 of project creation. See figure below

· Public: The application is being deployed in a public cloud environment

· Private: The application is being deployed in a private cloud environment

that is exclusive to your organization

· Hybrid: The application components are being deployed across public,

private or on-premises environments

· Community: The application is being deployed into a shared environment

Question 2: Required Compliance Objective

· Question 2 addresses the compliance needs of your project

· Select the compliance and industry standards the project needs to meet by

checking the appropriate box or boxes. See figure below

· I.E Medical field – HIPAA/HITECH

· Select all compliance frameworks that apply

· This question cannot be left unanswered – if you are unsure of your project’s

requirements, select "Not Sure"

Question 3: Data Sensitivity

· Question 3 measures the sensitivity of the data that this project will handle

· Select the sensitivity of the data based on the simple data classification

framework Public versus Business Sensitive. See the figure below.

· Public – Data for which there is no expectation for privacy or

confidentiality, but there is an expectation for integrity

· Business Sensitive – Data for which there is an expectation of

privacy, confidentiality and integrity. This can include but is not limited

to data that is non-public, company confidential, security critical or

data that has regulatory/customer/industry mandates for security

· Only one measurement of data sensitivity can be selected

Question 4: Business Impact

· Question 4 addresses the Impact that a loss/incident could have on your organization

· The Impact can be financial loss, disruption to business operations or

systems, legal, regulatory, reputational, or related to safety

· Select the business impact that would apply if the confidentiality of the

platform is compromised. See below figure

· High: Catastrophic or significant impact to the business

· Medium: Moderate impact to the business

· Low: Low impact to the business

· Only one impact level can be selected for a project

Question 5: End-Users

· Question 5 addresses the type of users that will be interacting with the oak9 platform

· Select the type(s) of end-users. See the figure below

· Workforce

· Consumers

· Business Partners

· Select all end-user types that apply

Once all questions are answered, oak9 will calculate and apply the resulting risk profile within the platform.

Did this answer your question?