Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

IT Risk Management: Cloud Security

Verified

Added on 2023/06/03

AI Summary

This report discusses the case study of Gigantic Corporation and their project of DDoS prevention system for cloud security. It identifies the risks, consequences, and mitigation techniques for the project. It also provides recommendations and protection mechanisms required for information security in the project.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CLOUD SECURITY
IT Risk Management: Cloud Security
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
CLOUD SECURITY
Table of Contents
Executive Summary...................................................................................................................2
Introduction................................................................................................................................4
Risk Assessment.........................................................................................................................4
Various Threats and Vulnerabilities for DDoS Prevention System in Cloud Security..........4
Risk Assessment on the Identified Risks for the Project.......................................................6
Consequences of the Identified Risks derived from IT Control Framework.........................6
Recommendations for the Project..........................................................................................7
Mitigation of Risks and Impact on System............................................................................8
Literature Review.......................................................................................................................9
Protection Mechanisms Required for Information Security in the Project............................9
Conclusion................................................................................................................................11
References................................................................................................................................13

2
CLOUD SECURITY
Executive Summary
The main aim of this report is to know about the case study of Gigantic Corporation. This
organization will be executing a project on cloud security, DDoS prevention system. They
have recruited an IT risk assessment lead consultant for their organization. The main role of
this IT risk assessment lead consultant is to provide an interface between the business
stakeholders and technologists and translating the potential technical difficulties to risk
language for the facilitation of effective and efficient decision making process by the
stakeholders.
The cloud security is the major set of technologies, policies as well as controls that are being
implemented for the proper protection of data, applications or the associated infrastructures
of the cloud computing technology. This cloud security is the sub domain of information and
network security. There are a number of security issues that are associated with cloud
computing as well as storage providers. This is the fastest growing service, which helps in
providing some of the major functions, similar to the traditional information technology
security. The major functions include protection of the critical information from any type of
theft, data deletion or data leakage. The main advantage of the cloud security is that the data
is absolutely safe and secured.
Gigantic Corporation has recruited the IT risk assessment lead consultant for identifying the
major IT risks within their project of distribution denial of service prevention system. This
particular system is the set of tools and techniques that help to resist as well as mitigate the
overall impact of the DDoS or distributed denial of service attack over the computer networks
that are solely attached to the Internet connection by proper protection of the target or relay
networks. These types of distributed denial of service attacks are the constant threats for the
organizations and businesses by simply threatening the service performance or by shutting

3
CLOUD SECURITY
down the entire website, even for the shorter time. The normal conditions are identified for
the network traffics by properly defining the traffic patterns. This particular system of DDoS
prevention even needs the proper identification of incoming traffic for the purpose of
separating the human traffic either from the human like bots or from the hijacked web
browser. The significant procedure is being completed by proper comparison of signatures or
examination of each and every attribute of network traffic like cookie variations, IP
addresses, Javascript footprints and finally HTTP headers.
Distributed denial of service attack is one of the major threats for cloud security. Gigantic
Corporation has selected this particular project DDoS prevention system for their area of
cloud security. There are some of the most significant risks or threats in this type of cloud
based system. The main issue is that this type of system could block the IP address of the
user’s system, hence proper precautions should be undertaken accordingly. Moreover,
whenever the synchronization or SYN packets are being sent to the target system, the user
replies with the other packet, called SYN/ACK. This type of issue is extremely vulnerable for
the user’s system and when the server waits for getting a distinct response from the original
system, which is not arriving.
This report has properly identified all the issues of the cloud based distributed denial of
service prevention system for the organization of Gigantic Corporation. The IT risk
consultant of this company has not only identified the various risks of this project, but also he
has proposed proper mitigation techniques for the specific project. Moreover, the various
consequences of those risks according to the IT control framework. The final part of the
report has provided proper recommendations for this particular project of DDoS prevention
system.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
CLOUD SECURITY
Introduction
Cloud security is stated as the proper security or protection of the confidential data
that is stored online (Salah et al., 2013). There are some of the main threats for the cloud
security that involve data loss, hijacking of service traffic, insecure APIs or application
program interface, breaches to confidential data, shared technology and poorer choice of the
providers of cloud storage and various other. Gigantic Corporation is one of the most popular
and significant organization that has decided to execute a project of DDoS prevention system
for the security of cloud (Krylov & Kravtsov, 2014). The following report outlines a brief
description on the case study of Gigantic Corporation and their project. A risk assessment is
done for the identified risks and the consequences are also taken into consideration from the
IT control framework. Furthermore, the various protection mechanisms will also be identified
in this report.
Risk Assessment
Various Threats and Vulnerabilities for DDoS Prevention System in Cloud Security
The project of DDoS prevention system comprises of several important and
significant risks, threats and vulnerabilities that could be extremely vulnerable for Gigantic
Corporation (Van Trung et al., 2015). The most important and noteworthy threats for this
particular project are as follows:
i) Reduced Control and Visibility of Data: The first and the foremost threat for the
DDoS prevention system in cloud security is the reduced control as well as visibility of data.
When the transitioning of the assets or operations is being done by the users, the respective
organizations lose control or visibility on the data or assets (Mahajan & Sachdeva, 2013).
When the external services are utilized, there is a major responsibility to move few policies

5
CLOUD SECURITY
and infrastructure in the target location. This is extremely vulnerable for the users since they
would not be able prevent the attack of DDoS effectively.
ii) Unauthorized Uses of Data: The second important threat for the DDoS prevention
system in cloud security is the unauthorized use of confidential data and information (Laskar
& Mishra, 2016). The new services could be easily provisioned and hence the features of on
demand self service provisioning help the personnel of Gigantic Corporation to enable the
several services without taking the consent of information technology experts.
iii) Compromising Internet Accessible Management APIs: Another significant and
important threat or vulnerability for the DDoS prevention system is the compromise of the
Internet accessible management of APIs. A distinct set of APIs or application programming
interfaces are utilized for managing as well as interacting with the cloud services (Lad &
Baria, 2014). There are some of the major software related vulnerabilities in these APIs and
hence these issues should be mitigated properly.
iv) Data Deletion: The next important and noteworthy vulnerability for the specific
DDoS prevention system is the deletion of data. Often the confidential data gets deleted
without any type of previous notification (Idziorek, Tannian & Jacobson, 2013). Hence, the
authenticated users have no idea about their data getting deleted. This particular risk concerns
about the spreading of data within a number of storage devices in the infrastructure of
prevention system.
v) Stealing of Credentials: The credentials could also be stolen by the attackers and
hence the organization of Gigantic Corporation could face some of the most significant issues
related to this problem.

6
CLOUD SECURITY
vi) Insiders’ Threat: The sixth important threat or vulnerability for DDoS prevention
system is the insiders’ threat (Zargar, Joshi & Tipper, 2013). The staffs or the administrators
for Gigantic Corporation could also take the access of data, networks and infrastructures
eventually.
Risk Assessment on the Identified Risks for the Project
The risk assessment on all the identified risks for this project of DDoS prevention
system is given below:
Serial Number Identified Risks Level of Risk
1. Reduced Control and Visibility of Data Moderate
2. Unauthorized Uses of Data High
3. Compromising Internet Accessible
Management APIs
High
4. Data Deletion Moderate
5. Stealing of Credentials High
6. Insiders’ Threat Low
Table 1: Risk Assessment of Identified Risks in DDoS Prevention System
The above provided table has properly assessed all the identified risks for this
particular project and thus they should be mitigated on time (Oo et al., 2016).
Consequences of the Identified Risks derived from IT Control Framework
The IT control framework is the respective data structure, which could organize as
well as categorize the internal controls of the company for creating the business values ad
then minimizing the risks (Somani et al., 2017). The consequences of all the identified risks
that are derived from the IT control framework are as follows:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
CLOUD SECURITY
i) Reduced Control and Visibility of Data: The consequence of this particular threat
is moderate according to the IT control framework since this risk could be avoided with
proper measures.
ii) Unauthorized Uses of Data: The consequence of this particular threat is major as
this type of threat could lead to data loss or data theft (Akbar, Basha & Sattar, 2015).
iii) Compromising Internet Accessible Management APIs: The consequence of this
threat is major since it can compromise the Internet accessible APIs.
iv) Data Deletion: The consequence of this threat is moderate as the antivirus
software can easily reduce this risk.
v) Stealing of Credentials: The consequence of this risk is major since they would not
be able to maintain the authenticity and confidentiality of the credentials (Zhang & Green,
2015).
vi) Insiders’ Threat: The consequence of this risk is minor as by deploying some
security measures, they would be able to stop this issue.
Recommendations for the Project
Although, this project would be one of the most vital and noteworthy projects in
Gigantic Corporation, there are some of the basic issues that should be resolved by some
recommendations. The major recommendations for this project of DDoS prevention system
in cloud security are as follows:
i) Using VPN: The first recommendation for this particular project is the utilization of
virtual private networks within the system. VPN is the private network that allows the users
for sending or receiving the data in shared or public networks.

8
CLOUD SECURITY
ii) Parallel Networking: The parallel networking is the second important
recommendation for this project. This type of networking could easily detect the issue of
DDoS attack and thus the problem is mitigated for Gigantic Corporation.
Mitigation of Risks and Impact on System
The mitigation techniques of each and every identified risk for this project are given
below:
i) Implementing Antivirus Software and Proper Updates: The basic mitigation
technique for reducing the risks of the DDoS prevention system is the implementation of the
antivirus software and proper updates are required (Purwanto & Rahardjo, 2014). If these
updates are not properly done, the respective system will not be able to prevent the DDoS
attacks easily and promptly. The antivirus software is the computerized program that is used
for the prevention, detection and finally removal of the malware. This antivirus software was
previously developed for the detection and removal of computer virus. However, with
proliferation of any other malware type, this antivirus software has provided protection from
other threats like DDoS attacks as well (Sahay et al., 2015). The malicious browser helper
objects, Trojan horse, rootkits and ransomware are also protected by this attack.
ii) Implementing Firewalls: The second mitigation technique for the reduction of
risks within the DDoS prevention system is the significant implementation of firewalls
(Ankita & Khatiwala, 2015). As the name suggests, the firewalls could easily detect the
various viruses or threats. This is the specific network security system, which eventually
monitors as well as controls the incoming and outgoing network traffic on the basis of the
predetermined security rules. The firewall helps in establishing the barrier within trusted
internal network and the untrusted external networks. Two types of firewalls are categorized
here, which are network firewall and host based firewall (Mihai-Gabriel & Victor-Valeriu,

9
CLOUD SECURITY
2014). The network firewalls are responsible for filtering the traffic within two or more
networks. The host based firewalls could run on the host computers and then control in and
out mechanisms of the network traffics within these machines.
Figure 1: Firewall Implementation
(Source: Krylov et al., 2014)
These above mentioned two techniques are extremely vital and important for
mitigating all the issues related to the security in the project of DDoS prevention system for
Gigantic Corporation.
Literature Review
Protection Mechanisms Required for Information Security in the Project
According to Deshmukh and Devadkar (2015), this type of protection is either from
the theft, deletion or even leakage. Numerous methods are present for providing security in
cloud such as implementation of firewalls, tokenization, and obfuscation, avoiding usage of
the public Internet connectivity, implementing VPN or virtual private network and
penetration testing. The cloud security is extremely vital for several users, who are eventually
concerned regarding the data safety, which are being stored within the cloud (Sahi et al.,
2017). It is believed the data is absolutely safe on the local servers and have explicit control

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
CLOUD SECURITY
on the data. However, the data stored within the cloud might be more safe and secured since
all the cloud service providers consist of higher security measures and the staffs are the
security experts. The other significant threats to the cloud security are malware as well as the
social engineering attacks. As per Chauhan and Prasad (2015), the project of DDoS
prevention system might be facing these above mentioned security issues eventually.
However, some of the protection mechanisms are present that could be helpful to reduce
these issues.
The two important and significant protection mechanisms that are needed for the
information security within the project of DDoS prevention system are as follows:
i) Implementing Virtual Private Network: Akbar, Basha and Sattar (2015), state that
the first protection mechanism for DDoS prevention system is the implementation of virtual
private networks. The virtual private network is the extension of private network within the
public network for enabling the users to either send or receive the confidential data within the
public or shared networks since the computing devices are directly linked to their private
network (Zhang & Green, 2015). This particular technology enables the remote users for
securely accessing the corporate applications or any other resource.
Figure 2: Virtual Private Network
(Source: Purwanto & Rahardjo, 2014)

11
CLOUD SECURITY
ii) Using Encryption Technique: According to Mihai-Gabriel and Victor-Valeriu
(2014), this is the simplest procedure for encoding any specific message and information in
such a manner so that only the authorized and authenticated users could have the access of
that data. The encryption technique does not prevent the interference and denies the
intelligent content for the interceptor. There are two algorithms for encryption and decryption
procedures.
Figure 3: Encryption and Decryption Process
(Source: Deshmukh & Devadkar, 2015)
The impact of these two mitigation techniques on the DDoS prevention system is
extremely high and hence these should be maintained properly for avoiding any type of risk
or threat.
Conclusion
Therefore, from the above discussion, it can be concluded that distributed denial of
service or DDoS attack is the most vulnerable and dangerous threat for the cloud security and

12
CLOUD SECURITY
this type of attack could easily shut down the service by overwhelming it with the help of
data so that the users could not access their respective accounts like electronic mails and bank
accounts. The entire data storage system becomes extremely vulnerable; apart from this, the
onsite data might also be quite vulnerable for the users. The above report has clearly
described the case study of Gigantic Corporation. The several risks related to their project of
DDoS prevention system in cloud security are properly identified and assessed and the
consequences are noted according to IT control framework.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13
CLOUD SECURITY
References
Akbar, A., Basha, S. M., & Sattar, S. A. (2015, October). Leveraging the SIP load balancer to
detect and mitigate DDos attacks. In 2015 International Conference on Green
Computing and Internet of Things (ICGCIoT) (pp. 1204-1208). IEEE.
Ankita, P., & Khatiwala, F. (2015). Survey on DDoS attack detection and prevention in
cloud. International Journal of Engineering Technology, Management and Applied
Sciences, 3(2), 43-7.
Chauhan, K., & Prasad, V. (2015). Distributed denial of service (ddos) attack techniques and
prevention on cloud environment. International Journal of Innovations &
Advancement in Computer Science, 210-215.
Deshmukh, R. V., & Devadkar, K. K. (2015). Understanding DDoS attack & its effect in
cloud environment. Procedia Computer Science, 49, 202-210.
Idziorek, J., Tannian, M. F., & Jacobson, D. (2013). The insecurity of cloud utility models. IT
Professional, 15(2), 22-27.
Krylov, V., & Kravtsov, K. (2014). DDoS attack and interception resistance IP fast hopping
based protocol. arXiv preprint arXiv:1403.7371.
Krylov, V., Kravtsov, K., Sokolova, E., & Lyakhmanov, D. (2014, October). Sdi defense
against ddos attacks based on ip fast hopping method. In Science and Technology
Conference (Modern Networking Technologies)(MoNeTeC), 2014 First
International (pp. 1-5). IEEE.
Lad, N., & Baria, J. (2014). DDoS prevention on REST based web services.

14
CLOUD SECURITY
Laskar, S., & Mishra, D. (2016). Qualified vector match and merge algorithm (QVMMA) for
DDoS prevention and mitigation. Procedia Computer Science, 79, 41-52.
Mahajan, D., & Sachdeva, M. (2013). DDoS Attack Prevention and Mitigation Techniques-A
Review. International Journal of Computer Applications, 67(19).
Mihai-Gabriel, I., & Victor-Valeriu, P. (2014, November). Achieving DDoS resiliency in a
software defined network by intelligent risk assessment based on neural networks and
danger theory. In Computational Intelligence and Informatics (CINTI), 2014 IEEE
15th International Symposium on (pp. 319-324). IEEE.
Oo, K. K., Ye, K. Z., Tun, H., Lin, K. Z., & Portnov, E. M. (2016). Enhancement of
Preventing Application Layer Based on DDOS Attacks by Using Hidden Semi-
Markov Model. In Genetic and Evolutionary Computing (pp. 125-135). Springer,
Cham.
Purwanto, Y., & Rahardjo, B. (2014, October). Traffic anomaly detection in DDos flooding
attack. In Telecommunication Systems Services and Applications (TSSA), 2014 8th
International Conference on (pp. 1-6). IEEE.
Sahay, R., Blanc, G., Zhang, Z., & Debar, H. (2015, February). Towards autonomic DDoS
mitigation using software defined networking. In SENT 2015: NDSS Workshop on
Security of Emerging Networking Technologies. Internet society.
Sahi, A., Lai, D., Li, Y., & Diykh, M. (2017). An efficient DDoS TCP flood attack detection
and prevention system in a cloud environment. IEEE Access, 5, 6036-6048.
Salah, K., Calero, J. M. A., Zeadally, S., Al-Mulla, S., & Alzaabi, M. (2013). Using cloud
computing to implement a security overlay network. IEEE security & privacy, 11(1),
44-53.

15
CLOUD SECURITY
Somani, G., Gaur, M. S., Sanghi, D., Conti, M., & Buyya, R. (2017). DDoS attacks in cloud
computing: Issues, taxonomy, and future directions. Computer Communications, 107,
30-48.
Van Trung, P., Huong, T. T., Van Tuyen, D., Duc, D. M., Thanh, N. H., & Marshall, A.
(2015, October). A multi-criteria-based DDoS-attack prevention solution using
software defined networking. In International Conference on Advanced Technologies
for Communications (ATC) (pp. 308-313).
Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against
distributed denial of service (DDoS) flooding attacks. IEEE communications surveys
& tutorials, 15(4), 2046-2069.
Zhang, C., & Green, R. (2015, April). Communication security in internet of thing:
preventive measure and avoid DDoS attack over IoT network. In Proceedings of the
18th Symposium on Communications & Networking (pp. 8-15). Society for Computer
Simulation International.

1 out of 16

+13062052269

info@desklib.com

IT Risk Management: Cloud Security

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

IT Risk Management: Cloud Security

Computer Security: DDoS Attacks

Denial-Of-Service and Distributed Denial-Of-Service Attacks

Denial of Service and Distributed Denial of Service Attacks

Computer Security: Understanding Distributed Denial of Service Attack

Distributed Denial of Service (DDoS) Attack: An Overview and Real World Example