Mr Issa Barkad (ModuleDirector) Dr Soonleh Ling (Deputy Module

Director)

5thFeb 2025, Writtenfeedback within

Turnitin/Moodle

Assessmentlimits:

length,load,wordcount, etc.

Is this exempt from anonymousmarking

underthepolicy?

This coursework is designed to demonstrate the broad understanding and knowledge of the Cloud Computing (CC), assessing and evaluating the student’s strength and level of analysis. The assessment consists of a series of questions, with the objectives to achieve the learning outcomes from the module:

1. CCDesignrequirements
2. CCSecurity
3. CloudApplicationSecurity
4. CCLegalandCompliance.

Youarerequiredtoproduceanindependentcreativeartefacttocriticallyevaluate  the questions, paying particular attention to the level of depth required to answer those questions by applying the learning in both online lectures and seminar sessions.

Itisimportantthatthecontentisunderpinnedwiththeinclusionofrelevantacademic theory,concepts,andmodelswhereappropriate,aswellascontemporaryindustrial insights. These should be accurately cited and referenced according to York StJohn Harvard Referencing throughout.

Please find the detailed assessment criteria for each part in the Assessment Marking Information section.

Part1– [20marks]

1. Provide one commercial example for each of IaaS, PaaS and SaaS. Specifically, outline the business model, revenue model and service offerings to its cloud consumers. [9 marks]
2. A business Impact Analysis and Risk Management worksheet has been attached to this assignment. [11 marks]
   1. Chooseadepartment/functionwithinanorganisation.
   2. Identify five (5) hypothetical risk/threats to use in this question; this might a malicious attack such as a malware, a natural disaster such as earthquake or anything else.
   3. Fill out the form using the business function and risk/threat, using information as accurately and realistically as possible.

Part2– [20marks]

1. Identify two cloud providers online. Summarise their posted policies regarding real-time or regular full backup, particularly in the context of BC/DR (Business Continuity/Disaster Recovery). [10 marks]
2. Compare and contrast in a table the two offerings, especially discussing how each deal with bandwidth for backups, pricing structure, and their suitability, for data portability to other cloud providers. [10 marks]

Part3– [20marks]

1. IdentifyonecloudapplicationyouuseandidentifyoneAPIinuse.This could be internal or a third-party API. Describe its functionality.
2. Describethesimilaritiesanddifferencebetweenthecloudsoftware development lifecycle and any other model (just one model).
3. Identifyanddescribetwocomponentsofthecloudapplicationarchitecture.
4. Describethefunctionsofanidentitymanagementsolutioninthecloud environment.

Part4–[30 marks]

1. WhatareHIPAArulesandwhyaretheydifferent?
2. Describe the primary differences in a table between an SOC1, SOC2 and a SOC 3 report.
3. Describetheprimarydifferencebetweenriskappetiteandrisktolerance.

ProgrammeLearningOutcomes(PLOs)7.1-7.7:

1. Evaluatecomputerscienceconceptsandprinciplesandtheirapplication to the effective design, implementation, and usability of computer-based systems.
   1. Apply the findings of advanced scholarship and/or contemporary research and practice to the solution of computer science problems
   2. Critically evaluate computer science problems, including those at the forefront of the field.
   3. Demonstrate operation within applicable professional, legal, social, and ethical frameworks.
   4. Demonstrateoriginalityandcreativityinthesolutionofcomputerscience problems.
   5. Recommend,withdetailedjustification,theappropriatecomputerscience principles, and practices to apply to the significant domain-specific activity.
   6. Applystandards,qualityprocesses,andengineeringprinciplestothe solution of computer science problems.

GuidelinesforStudents:

Studentsmustsubmittheirownwork.Theymustacknowledgethesourcesusedin this assignment, failure to acknowledge would be plagiarism which is an academic offence and a penalty can be imposed. Students need to write by reading other papersontheirownwithcitationsandleavereferencesattheendoftheassignment.

Students work would be submitted to the national plagiarism facility. This identifies the sources from the internet and other extensive databases. Once the student’s work has been submitted to detection services, work is stored in databases electronically and compared their work from other sources. It is necessary to keep a backup of their work. Students’ materials would be stored in the database electronically for indefinite periods.

It isessentialthatyouacknowledgethe source ofanyresearch,information,ideas, opinions, theories, or other material which is not your own. Effective referencing, quoting, paraphrasing, and summarising show evidence of the reading you have done and ensure that you avoid accusations of plagiarism.

The University's fundamental stance on the use of Turnitin is geared toward supporting students' academic development. You can use this link to check your work for areas where you might be at risk of plagiarising.

Please submit your assignment on time. All assignments may be electronically submittedusingTurnitin(viaMoodle)bymidnightontheduedate.Pleasedonot submit your assignment last minute. Please also allow time for any problems or issues with systems.

Theworkyoupresentshouldbeyourownwork,andnotjustcopiedfrom others.You can quote from others, but you must say who the author is and use quotation marks or paraphrase.If you do not do so, we will investigate your work foracademicmisconduct.ThisisparticularlylikelyifyourTurnitinsimilarityscoreis above 25% and/or individual matches are above 6%.

Ifyourequiresupportwithyourstudyskills,pleasevisit  https://www.yorksj.ac.uk/students/study-skills/

Please refer to the York St John University Code of Practice for Assessment and Academic Related Matters 2023-24.

We ask that you pay particular attention to the academic misconduct policy. Penalties will be applied wherea student isfound guilty of academicand/or ethical misconduct, including termination of programme (Policy Link).

You are also required to keep to the word limit set for an assessment and to note that you may be subject to penalty if you exceed that limit.You are required to provideanaccuratewordcountonthecoversheetforeachpieceofworkyousubmit (Policy Link).

For late or non-submission of work by the published deadline or an approved extended deadline, a mark of 0NS will be recorded. Where a re-assessment opportunity exists, a student will normally be permitted only one attempt to be re- assessed for a capped mark (Policy Link).

An extension to the published deadline may be granted to an individual student if they meet the eligibility criteria of the (Policy Link).

ThecreativeartefactshouldbecreatedusingMicrosoftWord.Youhaveaccessto Microsoft software for free through your university account.

Yourcreativeartefactshouldincludethefollowingareas:

1. StudentIDnumber,name,date,titleoftheassessment
2. Assignmentquestions
3. Harvardreferencelist

The artefact should contain all the relevant information but also be professional including the use of graphs, tables, and figures as appropriate. You will be assessedonthecreativityofyourartefact,applicationoftheoryandknowledge,as well as your use of research and referencing throughout.

Yourworkneedsto:

• Beunderpinnedbyarangeofcontemporaryacademicandindustrial research.
  • Criticallyappraisetheliteratureandtheoriesrelatingtotheissueunder review; demonstrate awareness and the application of theory to practice.
  • Providepracticalexamplestodemonstrateawarenessandtheapplicationof theory to practice.

Yourworkwillbemarkedaccordingtotheassessmentinstructionsprovidedwithinthis document and the selected Learning Outcomes’ (LOs) (see above).

This assessmentismarked usingtheassessmentmarkingcriteriaora similar rubricthat alignswiththeUniversity’sGenericAssessmentDescriptors(GAD).1Thisistoensureall assessment decisions are comparable regardless of the discipline or mode of assessment.

Please note that you must meet the required baseline standards (50 – 59%) which will include the LOs and minimum expectations of the assessment. Further still, you must ensure youmeettherequirementsof eachgradeboundarytoprogresstothenext, i.e., you should demonstrate your learning through the standards of the Pass, Merit and DistinctiontoreacharequiredDistinction(70–84%).Thesestandardsaredesignedto scaffold and build your learning to achieve your fullest potential in each criterion being

assessed.

Part1

1. Learnershoulddemonstrateclearunderstandingofcloudservice deployment model and provide at least one IaaS, PaaS and SaaS Example with the following guidance: (9 Marks)
   • ClearidentificationofacommercialIaaS,PaaSandSaaS example.

20

• Detailedoutlineofthebusinessmodel,explaininghowthe company provides infrastructure services to clients.
• Thoroughdescriptionoftherevenuemodel,includingpricing structure and payment methods.
• Comprehensiveexplanationoftheserviceofferingstocloud consumers, detailing the types of infrastructure services provided.

1. LearnershouldconductBusinessImpactAnalysisandRisk Management with the following guidance: (11 Marks)
   • Department/FunctionSelection
     • Clearidentificationofaspecificdepartmentorfunction within an organization.

• IdentificationofHypotheticalRisks/Threats
  • Accurateidentificationoffivedistincthypotheticalrisks or threats.
  • Realisticandrelevantselectionofrisks,consideringboth malicious and natural risks.
• RiskManagementWorksheetCompletion
  • Properlyfillingoutthebusinessimpactanalysisandrisk management worksheet.
  • Accurateutilizationoftheselecteddepartment/function and identified risks/threats.

Part 2

1. Learnershouldprovidetwocloud serviceproviders,explaintheir policiesonBackupforBC/DRbyconsideringtheguidancebelow: (10 Marks)
   • Clearidentificationofthefirstcloudprovider.
   • Comprehensivesummaryofthepostedpoliciesregarding real-time or regularfullbackup inthe contextof Business Continuity/Disaster Recovery (BC/DR).

20

• Providein-depthexplanationoftheprovider'sbackup strategy,highlightingkeyfeaturesandconsiderations.
• Abletousearchitecturediagrams,figuresandtablesto elaborate and explain the policies and features.

1. LearnershouldprovidedetailedcomparisonofCloudOfferings from the two example cloud providers above by including the following guidance: (10 Marks)
   • Comprehensivecreationofatablethateffectivelycompares the backup offerings of the two cloud providers.
   • Detailedinclusionofcategoriessuchasbandwidthfor backups, pricing structure, and data portability.
   • Thoroughdiscussionofhoweachcloudproviderhandles bandwidth for backups.
   • Clearcomparisonoftheirapproaches,addressingfactorslike speed, scalability, and potential limitations.
   • In-depthexaminationofthepricingstructuresofbothcloud providers for their backup services.
   • Clearidentificationofpricingmodels,costfactors,andany variations based on usage or storage.
   • Comprehensive assessment of how each provider's backup solutionsupportsdataportabilitytotheothercloudprovider.
   • Insightfulanalysisofcompatibility,easeofmigration,and potential challenges.

Part 3

1. LearnershouldprovidedetailedexplanationofcloudAPI,with accurate description of the application's purpose and functionality. (2 marks)
2. Learner should provide clear identification of one example cloud APIinusebythechosencloudapplication(internalor third-party,

20

withcomprehensivedescriptionoftheAPI'sfunctionalityand how it is utilized within the application. (3 Marks)

1. Learner should provide description of Cloud Software DevelopmentLifecycle(CloudSDLC),includingstages,processes and key characteristics. (2 Marks)
2. Learner should provide comparison of cloud SDLC with Another Model(e.g., Waterfall, Agile, etc.), and provide comprehensive comparison of similarities and differences between the cloud softwaredevelopmentlifecycleandthechosenmodel. (3Marks)
3. Learner should provide two components of a cloud architecture with comprehensivedescription ofthechosen component'srole, functionality,andsignificance,in-depthdescriptionofthechosen component's function, interaction, and relevance within the architecture. (5 marks)
4. Learner should explain and describein detailed the functionsof the Identity Management Solution in the context of a cloud environment,withtheuseofarchitecturediagramsandfigures. (2 Marks)

5. Learner should also provide comprehensive description of the functionsand purpose of an identity management solution in the contextofacloudenvironment,andspecificfunctionsperformed

   byidentitymanagementsolution(e.g.,accesscontrol, authentication, SSO, etc). (3 marks)

Part 4

1. Learner should provide accurate definition and explanation of HIPAA rules in the context of healthcare data protection, why HIPPA rules are different from other data protection regulations, andclearidentificationandanalysisofkeydifferentiatingfactors, such as regulatory focus, enforcement, and industry specificity.

   (10marks)

30

1. Learner should provide the differences between SOC Reports, createatablethatcomparesSOC1,SOC2andSOC3reports,with clear inclusion of categories such as scope, focus, audience, etc. (5 Marks)
2. Learner should provide in-depth discussion of the primary differencesbetweenSOC1,SOC2andSOC3reports,highlighting their unique purposes and target audiences. (5 marks)
3. Learner should provide definition of Risk Appetite and Risk Tolerance and demonstrate clear understanding of their significance in risk management, thorough explanation of the primarydifference between riskappetite andrisktoleranceand providecomprehensiveanalysisofhowtheseconceptsrelateto an organization's willingness to take risks and its capacity to handle risk exposure. (10 marks)

Communication

• Learnershouldpresenthis/heranswerclearlyandingoodlogical manner.
• Learnershouldprovideanyrelevantreferencesusedinthe answers, diagrams, figures, tables, concepts, and ideas.
• Learner should provide any relevant references in his/her answersandadheretoYSJU’sacademicconventionssuchas Harvard referencing and plagiarism.

• Learnershouldpresenthis/heranswersinclearwrittenEnglish, free from spelling errors, typo errors, and professional report

  format.

10

TotalAvailableMarks(%):100

PassGradeBands(100–50)(LearningOutcomesmustbe met)

FailGradeBands(49–0)(LearningOutcomesarenotmet)

NotethatthedetailedmarkingcriteriabelowarederivedfromtheYSJUGADtable.

Distinction(85–

100)

Part 1: Cloud ServiceModels, Business ImpactAnalysis & Risk Management

The learner has created new insights or proposed new hypotheses (where appropriate) in response to problemsorareas of development which are at the forefront of research in this discipline. It shows a professional  awareness and application of the thinking skills used to process

thisknowledge.

Part2:Backup Policies for BC/DR, Cloud Offering Comparison

The learner demonstrates a satisfactory understandingof backup policies and cloud service

comparisons,

The learner has provided a good analysisofbackup strategies and cloud provider features. The comparison table

iscomprehensive,

The learner demonstrates excellent analysis, providing detailed comparisons

and

The learner’s work is exemplary, offering new insights or approachesto cloud service

comparisons.The

The learner has identified some backuppoliciesbut has not provided enough depth in the comparison.

Diagramsortables are limited, and

Thelearnerhasshown limited understanding of cloud service backup policies, with insufficientcomparison and minimal use of diagrams or tables.

Keyfeatureslike

explanations. The table thoroughly includesfactors like speed, scalability, and backup pricing, with clear insights into

dataportability.

Part3:Cloud API, Cloud SDLC,

Architecture Components, Identity Management

The learner gives agooddescription of the cloud API and a solid comparison of SDLC models.

Theexplanations of architecture components and identity managementare clear and well- structured.

The learner offers an excellent analysis, providing new insights into cloud APIs and detailed comparisons of SDLC models. Theexplanation of architecture componentsand identity management is thorough and

highlyrelevant.

The learner demonstrates exemplary understanding, creatinginnovativeinsights into cloud APIs, SDLC models, and architecture components.

Diagrams and explanations  show professional-level depth.

Part4:HIPAA,

SOC Reports, RiskAppetite&Tolerance

The learner provides an excellent analysis of HIPAA and SOC reports, offering new insights into data protection

regulations.The explanation of

The learner’s work is exemplary, offering new perspectiveson HIPAA, SOC

reports,andrisk concepts. The analysis demonstrates a deep

understanding of regulatory  frameworks and riskmanagement

inthecloud.

Communication

The learner is exemplary in clarity, organization,and adherence to academic standards.

References are consistently  applied,andthe

writingiserror- free.