Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Last Updated: Mar 27, 2024

Risk Manager

Leveraging ChatGPT - GenAI as a Microsoft Data Expert
Speaker
Prerita Agarwal
Data Specialist @
23 Jul, 2024 @ 01:30 PM

Introduction

Businesses have always had to manage risk, including risks linked to reputation, regulations, and cybersecurity, as well as operational, financial, and strategic risks.

danger

So how does enterprise risk management (ERM) operate in the modern business world where so many companies have moved a large number of their activities to the cloud? How can CISOs and other senior executives adapt established ERM principles to the cloud-based technology that powers so many aspects of the modern enterprise?

Risk Management

An analysis of your company's technical risk posture is provided via the Google Cloud security product known as Risk Manager. You can create reports using the tool to profile risk throughout your firm. You can create a picture of the risk profile of your company and determine where to concentrate your investment efforts in order to lower risk. In order to provide quick risk remediation, Risk Manager interfaces with other Google Cloud technologies like Security Command Center.

risk

By delivering reports to specific insurance partners, the Risk Manager streamlines the process of getting cyber insurance. You can acquire cyber insurance with potentially lower costs by sharing Risk Manager reports. This insurance is created particularly for Google Cloud users. 

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job
Bootcamp

Types of Enterprise Risks in the Cloud

meter

If a company wants to stay in the game, it must take numerous risks. Let's see what these risks are:

  • Unauthorized Access to Business Data,
     
  • Cloud Vendor Security Risk,
     
  • Legal or Compliance Risks,
     
  • Operational Control, and
     
  • Availability Risks.

Access Control using IAM

authorized

To control access to model resources, the Risk Manager employs Identity and Access Management (IAM). A user, group, or service account should be given one or more IAM roles if they want access to a model resource. The IAM roles include the Risk Manager permissions.

There are four predefined roles provided by the Risk Manager:

  • Risk Manager Admin: All Risk Manager permissions.
     
  • Risk Manager Editor: Access to edit Risk Manager resources (includes all permissions except for the ability to share or review a report).
     
  • Risk Manager Viewer: Access to view Risk Manager resources.
     
  • Risk Manager Reviewer: Access to review/approve Risk Manager reports.
     

When you sign up for Risk Manager, a service account is made for you that has a specific role. This role is:

  • Risk Manager Service Agent
     

The Risk Manager service account can generate Risk Manager reports by retrieving the data it needs from other Google Cloud services using this role.

In addition to the standard or predefined roles, you can even create custom roles as per your need. A custom IAM role can have one or more permissions assigned to it.

Audit Logging

author

To assist you in determining "Who did what, where, and when?" regarding your Google Cloud resources, Google Cloud services keep audit logs.

To assist you in identifying who performed what actions when and where inside your Google Cloud resources, Google Cloud services keep audit logs.

Only the audit logs for resources that are used directly within a Google Cloud project are included in your projects. The audit logs for the entity itself are kept in other Google Cloud resources, including billing accounts, organizations, and files.

Following are the types of audit logs available for Network Connectivity Center:

  • Admin Activity audit logs: It includes "admin write" operations that write metadata or configuration information. Also, you can't disable Admin Activity audit logs.
     
  • Data Access audit logs: It includes "admin read" operations that read metadata or configuration information. It also has "data read" and, "data write" operations that read or write user-provided data. And to receive Data Access audit logs, you must explicitly enable them.

Management of Reports

manager

A report is an organizational-level object that compiles data from the Security Command Center and Cloud Asset Inventory to create an overall picture of risk for the entire organization. These reports follow the CIS guidelines. Benchmark for Google Cloud Computing Foundations, version 1.0.0.

The Risk Manager is also responsible for the management of the report. The Risk Manager can: 

  • Create a report as per the need.
     
  • Then, share that report with others.
     
  • After the creation of the report, the risk manager can also download the report.
     

Now, that report can be approved by anyone who has the Report Reviewer role.

Then it can be forwarded to the insurance carrier partners for further evaluations.

Remediate Findings

finding

An overall assessment of risk for your firm is provided by a report that combines aggregate findings from Security Command Center and inventory data from Cloud Asset Inventory. These reports adhere to the Google Cloud Computing Foundations Benchmark v1.0.0 from the CIS.

Auto Generating Reports

Automated reports are those that the Risk Manager system generates on a regular basis and at a predetermined time. They have the same data components as reports that are manually generated.

There are three possible frequencies. Eastern Standard Time is used for all times (UTC-5).

  • Daily (10 AM), or
     
  • At Weekly (10 AM on Mondays) Frequency, or
     
  • At Monthly (10 AM on the first day of the month) Frequency.
     

Brokers or carriers are never automatically sent automated reports. They exist so that you can more accurately monitor your risk posture over time.

Configuration of Risk Manager

cloud

How to set up your Google Cloud organization for the first time to utilize Risk Manager is covered in this article.

The Risk Manager needs a one-time setup to be finished before reports can be generated. Risk Manager rights are insufficient for this process, which necessitates additional Identity and Access Management (IAM) permissions that can only be held by an administrator in your company.

A service account is created when you start configuring Risk Manager in the Google Cloud dashboard. This service account is made with no permissions and no power to act.

For the Risk Manager service account to read security findings and create reports, the Risk Manager service agent role must be allowed. In the Google Cloud Google Cloud dashboard, Risk Manager frequently refers to this position grant as "provisioning."

Frequently Asked Questions

What is risk assessment in the cloud?

The goal of the Cloud Adoption Risk Assessment Model is to assist cloud users in evaluating the risks involved in choosing a particular cloud service provider.

Is risk management a good career?

A career in risk management is exciting because it allows you to access vast amounts of information and tools to help guide decisions at all organizational levels.

Do risk managers work long hours?

Risk managers often work nine to five, but as you advance in your career, you could occasionally need to put in extra time in the evenings and on the weekends.

Are risk managers in demand?

In that time, there have been 29.04 percent more job openings in the country overall, growing on average by 4.84 percent annually. Risk management specialists are likely to be in greater demand, with 11,760 new positions being created by 2018.

Who has the responsibility for risk management?

The management group, which consists of the president (Chair) and individuals in charge of the various business areas, is in charge of putting risk management into practice, keeping an eye on operational hazards, and taking risk-related actions.

Conclusion

In this article, we have studied Risk Managers in detail. 

We hope that this article has provided you with the help to enhance your knowledge regarding Risk Managers and if you would like to learn more, check out our articles on cloud domains and cloud hypervisors.

Refer to our guided paths on Coding Ninjas Studio to learn more about DSA, Competitive Programming, JavaScript, System Design, etc. Enroll in our courses and refer to the mock test and problems available; take a look at the interview experiences and interview bundle for placement preparations.

Do upvote our blog to help other ninjas grow.

Merry Learning!

Topics covered
1.
Introduction
2.
Risk Management
3.
Types of Enterprise Risks in the Cloud
4.
Access Control using IAM
5.
Audit Logging
6.
Management of Reports
7.
Remediate Findings
8.
Auto Generating Reports
9.
Configuration of Risk Manager
10.
Frequently Asked Questions
10.1.
What is risk assessment in the cloud?
10.2.
Is risk management a good career?
10.3.
Do risk managers work long hours?
10.4.
Are risk managers in demand?
10.5.
Who has the responsibility for risk management?
11.
Conclusion