logo

ITC568 - Cloud Privacy and Security

18 Pages2193 Words34 Views
   

Charles Sturt University

   

Cloud Privacy and Security (ITC568)

   

Added on  2020-02-24

About This Document

This assignment is based on cloud privacy and security, which includes the security of employee data and its explanation of Issues. New security threat of employee data description also includes in this assignment. 

ITC568 - Cloud Privacy and Security

   

Charles Sturt University

   

Cloud Privacy and Security (ITC568)

   Added on 2020-02-24

ShareRelated Documents
Running head; CLOUD PRIVACY AND SECURITY 1
Cloud Privacy and Security
Student 1 Student ID
Student 2 Student ID
Student 3 Student ID
Date
ITC568 - Cloud Privacy and Security_1
Running head; CLOUD PRIVACY AND SECURITY 2
1. Security of Employee Data
S.No Security
Threat/ Risk
Description
Likelih
ood
Impact
Priorit
y
Preventive Actions Contingency Plans
Student 1 Student ID
1 Targeted cyber
attacks
H VH VH 1. Have up to date anti
malware, anti virus, and
firewall
2. Have effective security
policies restricting access
3. Encrypt and strengthen
network devices and access
points,, such as wireless
routers
4. Encrypt sensitive
employee data and
information (Sood &
Enbody, 2014)
1. Shut down the
network and internet
and isolate suspected
infections
2. Immediately
update and patch
security software/
devices and run tests
3. Monitor the
servers that bots
access
2 Insider threats
from
employees
VH VH VH 1. Implement strict policies
on access to information on
a need basis
2. Sensitize employees on
safety measures especially
when using wireless
networks or accessing
resources remotely (Beaver,
2015)
3. restrict peer to peer
networks access and data
sharing
4. Data encryption
5. Implement reporting
avenues for malicious staff
activity (Baker & Wallace,
2007)
1. Disable log-in
credentials
immediately
employees depart
2. Disable log-in,
especially remote
log-in, when
suspicious files are
detected
3. Disable copying,
downloading of data
from sensitive
resources
ITC568 - Cloud Privacy and Security_2
Running head; CLOUD PRIVACY AND SECURITY 3
3 Malware,
phishing,
hacking attacks
(Abraham &
Chengalur-
Smith, 2010)
H VH VH 1. have dedicated security
teams to monitor all DAS
resources continuously
2. Implement robust
prevention measures using
firewall, anti malware
software, and network
filtering
3. Isolate networks and
resources, especially those
handling sensitive employee
information
1. Disconnect
affected network
portions and devices
2. Immediately
update and run anti
malware software
(Abraham &
Chengalur-Smith,
2010)
4 Lost data due
to system
crashes,
malfunctioning
server disks or
data corruption
(Rashid, 2016)
M VH VH 1. Implement an effective
backup plan for the data
stored in DAS data centers
2. Implement secure data
storage using RAID
architecture and virtual
backups
1. Commence instant
file and data
recovery
2. Implement
business process
recovery
3. Restore from
virtual backups
Explanation of Issues:
1. Targeted cyber attacks: refers to a situation where the attacker targets someone or resources that
are specific by gaining access to the IT system assets and stealing sensitive employee data (Sood &
Enbody, 2014)
2. Insider threats by employees; refers to threats posed by employee deliberate or mistaken
actions. A disgruntled or greedy employee can steal and sell information or aid unauthorized parties
gain access to this information for financial gain or just because of malice. An employee ca
mistakenly download an infected mail or link and infect the whole DAS network and data center
with malware such as ransom-ware that steals information (Baker & Wallace, 2007)
3. Malware, phishing and hacking attacks: This is where malicious software takes over the DAS
IT systems and computers and then spreads within the network; the infection can turn a computer
into a bot net that in turn infects other computers, degrading performance such as through denial of
service attacks, slowing network traffic, or destroying data
4. Lost data due to crashes, data corruption, system failures: This is when physical IT
components such as hard disks fail, perform unexpectedly, or crash, causing loss of data or inability
to access data. Disasters such as fires can also lead to data loss
ITC568 - Cloud Privacy and Security_3
Running head; CLOUD PRIVACY AND SECURITY 4
Severity of risk and threat to security employee data
S.No Security
Threat/ Risk
Description
Likelih
ood
Impact
Priorit
y
Preventive Actions Contingency Plans
Student 1 Student ID
1 Permanent data
loss
M VH VH 1. Ensure provider has
geographically distributed
data backup centers with
virtual backups as well
2. Educate and sensitize
employees
3. Ensure providers have
adequate disaster
preparedness, such as fires
or natural disasters (Rashid,
2016)
1. Undertake disaster
recovery measures
2. Implement
business process
continuity from
backups
2 Interface and
API hacking
H H VH 1. Turn SSL everywhere in
the cloud access points
2. have experts manually
check API security before
deployment
3. Supplement
authentication using
machine ID’s
4. Apply threat detection
5. Undertake API black box
testing as well as
penetration tests
continuously (Subashini &
Kavitha, 2011)
1. Turn on SSL
everywhere when
breaches are detected
2. Validate
parameters for all
incoming traffic
3. Separate out users
and identities
3 Insider threat H VH VH 1. Implement and strictly
control encryption of access
interfaces and data
2. limit access points and
discourage access from
unauthorized devices such
as personal laptops
3. Train and sensitize
employees on phishing
sources such as external
disks and how to recognize
phishing (Subashini &
Kavitha, 2011)
1. Disable access
credentials for
temporary workers,
or departed
employees, or those
that have expired
credentials
2. Use multiple
footprints for backup
, including virtual
backups
ITC568 - Cloud Privacy and Security_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
ITC568 - Cloud Privacy and Security - Assignment
|15
|1619
|198

Security of Employee Data Question 2022
|16
|5147
|28

Cloud Privacy and Security
|18
|3664
|384

Role of Cyber Security for Continuity of Business | Assignment
|7
|1390
|191

Network Security: Protecting the Integrity and Usability of Networking Services and Data
|25
|1420
|50

Cloud Security and Privacy Assignment 2022
|26
|5018
|14