Cloud Security and Privacy Challenges
VerifiedAdded on 2020/05/11
|28
|7001
|70
AI Summary
This assignment delves into the complex landscape of cloud privacy and security. It explores the inherent risks associated with storing and processing data in the cloud, such as unauthorized access, data breaches, and malicious attacks. The assignment analyzes different types of threats, vulnerabilities, and potential impact on organizations. Furthermore, it discusses various security measures and best practices for mitigating these risks, including encryption, access control, data governance policies, and compliance standards.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: CLOUD PRIVACY AND SECURITY
Cloud Privacy and Security
Name of the Student
Name of the University
Author’s note
Cloud Privacy and Security
Name of the Student
Name of the University
Author’s note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1CLOUD PRIVACY AND SECURITY
Executive Summary
The Department of Administrative Service (DAS) caters multiple services to the State
government of Australia, the services they can get the are payroll management, HR and the
contractor management. DAS has decided to move to the cloud to furnish the business
activities. That is why DAS is concerned about the security and privacy breaches. They
believe that the cloud vendors can serve their purpose well. The cloud platform Shore and
Amazon AWS has been explained. The threats and the risks have been detailed in the report
and along with that, the risk mitigation procedures have been elaborated well.
Executive Summary
The Department of Administrative Service (DAS) caters multiple services to the State
government of Australia, the services they can get the are payroll management, HR and the
contractor management. DAS has decided to move to the cloud to furnish the business
activities. That is why DAS is concerned about the security and privacy breaches. They
believe that the cloud vendors can serve their purpose well. The cloud platform Shore and
Amazon AWS has been explained. The threats and the risks have been detailed in the report
and along with that, the risk mitigation procedures have been elaborated well.
2CLOUD PRIVACY AND SECURITY
Table of Contents
1. Introduction............................................................................................................................3
2. Consideration of the data and information that DAS holds on its employees in the current
HR system..................................................................................................................................3
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in-house HR database..............................................................3
2.2. The risks and threats to the employee data after migration to a SaaS application..........8
2.3. Assess the resulting severity of risk and threat to employee data...................................9
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application................................................................................................................................12
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in-house HR database............................................................12
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application............................................................................................................................12
3.3. Assess the resulting severity of risk and threat to the privacy of employee data..........14
4. The threats and risks to the digital identities of Government employees from the move to
SaaS applications.....................................................................................................................15
5. Consideration of the operational solution and location(s) of the two SaaS providers for HR
and Contractor management....................................................................................................17
6. The issues of data sensitivity or jurisdiction that should be considered other than the issues
discussed..................................................................................................................................20
7. Conclusion............................................................................................................................21
8. References............................................................................................................................21
Table of Contents
1. Introduction............................................................................................................................3
2. Consideration of the data and information that DAS holds on its employees in the current
HR system..................................................................................................................................3
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in-house HR database..............................................................3
2.2. The risks and threats to the employee data after migration to a SaaS application..........8
2.3. Assess the resulting severity of risk and threat to employee data...................................9
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application................................................................................................................................12
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in-house HR database............................................................12
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application............................................................................................................................12
3.3. Assess the resulting severity of risk and threat to the privacy of employee data..........14
4. The threats and risks to the digital identities of Government employees from the move to
SaaS applications.....................................................................................................................15
5. Consideration of the operational solution and location(s) of the two SaaS providers for HR
and Contractor management....................................................................................................17
6. The issues of data sensitivity or jurisdiction that should be considered other than the issues
discussed..................................................................................................................................20
7. Conclusion............................................................................................................................21
8. References............................................................................................................................21
3CLOUD PRIVACY AND SECURITY
1. Introduction
The Department of Administrative Service (DAS) is known to cater multiple services
to the Australian State Government, the services catered by them are the payroll
management, payroll procurement, HR and contractor management (Haynes & Giblin, 2014).
Now DAS is worried about the security and privacy of the organisation and also the workers
of the organisation and the customers or the users associated with it.
The report will thus highlight the existing risks and threats and the vulnerabilities
prevalent within in house of the HR database. The risks and the vulnerabilities of the
employees, employees’ data risks will be evaluated in this report as well. That is why seeing
the potential risks DAS has decided to move to the cloud, the threats and risks associated
moving to the cloud has been showcased and the possible solutions to control those risks
have been detailed in the report. Amazon AWS and another cloud vendor Sore’s impact will
be highlighted to illustrate the cloud computing elaborately.
2. Consideration of the data and information that DAS holds on its employees in the
current HR system
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in-house HR database
The risks and the threats residing within the HR database are as follows-
i. Deployment failures: The database may fail due to some faulty issues and due to
the software developers make wrong configuration and wrong coding. The database can be
under disruption at the time of execution as well (Shostack, 2014). At the time of
development of the database software the database remains untested by the developers so
1. Introduction
The Department of Administrative Service (DAS) is known to cater multiple services
to the Australian State Government, the services catered by them are the payroll
management, payroll procurement, HR and contractor management (Haynes & Giblin, 2014).
Now DAS is worried about the security and privacy of the organisation and also the workers
of the organisation and the customers or the users associated with it.
The report will thus highlight the existing risks and threats and the vulnerabilities
prevalent within in house of the HR database. The risks and the vulnerabilities of the
employees, employees’ data risks will be evaluated in this report as well. That is why seeing
the potential risks DAS has decided to move to the cloud, the threats and risks associated
moving to the cloud has been showcased and the possible solutions to control those risks
have been detailed in the report. Amazon AWS and another cloud vendor Sore’s impact will
be highlighted to illustrate the cloud computing elaborately.
2. Consideration of the data and information that DAS holds on its employees in the
current HR system
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in-house HR database
The risks and the threats residing within the HR database are as follows-
i. Deployment failures: The database may fail due to some faulty issues and due to
the software developers make wrong configuration and wrong coding. The database can be
under disruption at the time of execution as well (Shostack, 2014). At the time of
development of the database software the database remains untested by the developers so
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4CLOUD PRIVACY AND SECURITY
some faulty issues and bugs stay inside the database, the attackers taking advantage of the
bug can exploit the database.
ii. Database security flaws: The security vulnerabilities stay within the database and
these vulnerabilities can be disastrous to the organisation (Rhodes-Ousley, 2013). The
malware attacks create havoc and the whole system and the database can be under threat. the
intruders can gain access to the system through these loopholes and can exploit the entire
database and the system at will. The organisations can suffer a lot due to this attack.
Fig 1: The threats and risks associated with the database
(Source: Chockalingam et al., 2017)
iii. Data leaks: Database is considered as the backend of the development, the
business organisations’ financial data as well as the sensitive data of the employees and the
customers and the clients in the database. Therefore, the business organisations if want to
protect their database from any kind of mishaps they must ensure that their network is strong
some faulty issues and bugs stay inside the database, the attackers taking advantage of the
bug can exploit the database.
ii. Database security flaws: The security vulnerabilities stay within the database and
these vulnerabilities can be disastrous to the organisation (Rhodes-Ousley, 2013). The
malware attacks create havoc and the whole system and the database can be under threat. the
intruders can gain access to the system through these loopholes and can exploit the entire
database and the system at will. The organisations can suffer a lot due to this attack.
Fig 1: The threats and risks associated with the database
(Source: Chockalingam et al., 2017)
iii. Data leaks: Database is considered as the backend of the development, the
business organisations’ financial data as well as the sensitive data of the employees and the
customers and the clients in the database. Therefore, the business organisations if want to
protect their database from any kind of mishaps they must ensure that their network is strong
5CLOUD PRIVACY AND SECURITY
as well as secure enough, if the network is not secured then it may happen the hackers can
take advantage of the network and can exploit the database as a whole.
iv. The misuse of the database: The data in the database gets misused by several
means, due to mishandling of the employees and the mishandling of the clients or the
customers. The employees sometimes install plugins into their system, thus the applications
installed within the system becomes bulky and at the same time buggy, these plugins may
prove vulgar they can steal all the necessary information, hidden files within the system, as
well as they, can steal cookies from the browser (Chockalingam et al., 2017). Thus the
casualties of the employees can cost the company too much. Even the casualties from the
customers can cause security and privacy breach the passwords stored in the database can be
stolen from the database of the customers.
v. Hopscotch approach: The hacktivists can steal the personal files and the data from
someone’s personal account simply without using any bank card and the bank card
information, the intruders are always in search of the vulnerabilities.
vi. SQL injection: The variables do not get tested at the time of testing and the front
end database does not get the desired security with the firewall and thus the system and the
database both are vulnerable to SQL injection (Albakri et al., 2014).
vii. Key management: The database developers and the database administrators keep
the important keys in their database on the hard drive of the computer system (Chockalingam
et al., 2017). If the computer gets connected to the insecure network the intruders will attack
the computer system and will make the entire system vulnerable.
viii. Database inconsistency: The database developers, as well as the database
administrators, must be careful about the data breaches all the time if any kind of mishaps
as well as secure enough, if the network is not secured then it may happen the hackers can
take advantage of the network and can exploit the database as a whole.
iv. The misuse of the database: The data in the database gets misused by several
means, due to mishandling of the employees and the mishandling of the clients or the
customers. The employees sometimes install plugins into their system, thus the applications
installed within the system becomes bulky and at the same time buggy, these plugins may
prove vulgar they can steal all the necessary information, hidden files within the system, as
well as they, can steal cookies from the browser (Chockalingam et al., 2017). Thus the
casualties of the employees can cost the company too much. Even the casualties from the
customers can cause security and privacy breach the passwords stored in the database can be
stolen from the database of the customers.
v. Hopscotch approach: The hacktivists can steal the personal files and the data from
someone’s personal account simply without using any bank card and the bank card
information, the intruders are always in search of the vulnerabilities.
vi. SQL injection: The variables do not get tested at the time of testing and the front
end database does not get the desired security with the firewall and thus the system and the
database both are vulnerable to SQL injection (Albakri et al., 2014).
vii. Key management: The database developers and the database administrators keep
the important keys in their database on the hard drive of the computer system (Chockalingam
et al., 2017). If the computer gets connected to the insecure network the intruders will attack
the computer system and will make the entire system vulnerable.
viii. Database inconsistency: The database developers, as well as the database
administrators, must be careful about the data breaches all the time if any kind of mishaps
6CLOUD PRIVACY AND SECURITY
occur they must be ready to face the risks and the threats and based on that they should make
best decision to root out the threats occur within.
ix. Virus and worms: The virus and worms are two dangerous threats that HR
database can face. A worm basically spreads via hackers once, then the worms replicate by
itself and this can cause disruption and risk, these worms can slow down the server and the
system and can cause havoc (Pawlick & Zhu, 2017). The virus is another malicious activity
carried out by the hackers. The virus robs the important files of the HR database, the financial
data and the clients’ data. Therefore, the virus attack is responsible for data loss, data theft
and the HR database can cause malfunction due to this, the system will stop, the production
along with that can cause disruption, the workforce will have to sit idly, the organisation by
this disruption can lose the reputation (Deng et al., 2017).
x. Trojan horse: Trojan horse is the attack that occurs when any file downloaded
from no trusted source or no trusted source (Yao et al., 2017). These files can cause
disruption and steal away all the vital information of the database and the system of the HR
organisation. The employees of the organisation can access any site which is not verified and
not trustworthy. The defence mechanisms must be ready to deliver the quality security
service that can make the entire system vulnerable. The employees of the organisation if
access the vulnerable software the virus will spread across the system and the database will
suffer (Diovu & Agee, 2017).
xi. Denial of Service attack: The Denial of Service attack is another serious attack
that the HR database can suffer from (Garcia-Alfaro & Perez, 2017). The vulnerable attack
from the hackers can make things worse, it basically shut down the computer system and the
computer database, this attack generally sabotages the owner’s computer and disallows the
owners of the server and the computer system to not use the computer system. The hackers
occur they must be ready to face the risks and the threats and based on that they should make
best decision to root out the threats occur within.
ix. Virus and worms: The virus and worms are two dangerous threats that HR
database can face. A worm basically spreads via hackers once, then the worms replicate by
itself and this can cause disruption and risk, these worms can slow down the server and the
system and can cause havoc (Pawlick & Zhu, 2017). The virus is another malicious activity
carried out by the hackers. The virus robs the important files of the HR database, the financial
data and the clients’ data. Therefore, the virus attack is responsible for data loss, data theft
and the HR database can cause malfunction due to this, the system will stop, the production
along with that can cause disruption, the workforce will have to sit idly, the organisation by
this disruption can lose the reputation (Deng et al., 2017).
x. Trojan horse: Trojan horse is the attack that occurs when any file downloaded
from no trusted source or no trusted source (Yao et al., 2017). These files can cause
disruption and steal away all the vital information of the database and the system of the HR
organisation. The employees of the organisation can access any site which is not verified and
not trustworthy. The defence mechanisms must be ready to deliver the quality security
service that can make the entire system vulnerable. The employees of the organisation if
access the vulnerable software the virus will spread across the system and the database will
suffer (Diovu & Agee, 2017).
xi. Denial of Service attack: The Denial of Service attack is another serious attack
that the HR database can suffer from (Garcia-Alfaro & Perez, 2017). The vulnerable attack
from the hackers can make things worse, it basically shut down the computer system and the
computer database, this attack generally sabotages the owner’s computer and disallows the
owners of the server and the computer system to not use the computer system. The hackers
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7CLOUD PRIVACY AND SECURITY
can access the private information of the HR database, the clients’ details, their account
details, the hackers can leak the information for personal interest. Also, the attack can cause
permanent damage to the system and the files (Wu, Song & Moon, 2017). The data loss can
be a huge loss for the HR database. There are other forms of Denial of Service attack. In this
scenario, one master computer takes control of a certain group of computers and these group
of computers are responsible to spread the malicious activities across the HR database and the
HR system (Biancotti, 2017). This can shut down the server of the HR database completely.
The zombie computers if attack the HR system, bombardment can occur and this
bombardment happens due to transactions of corrupted and malicious data flow.
xii. Problems of logging out: The clients in casualty often forget to log out of the
system. The clients’ network is not highly secured, thus taking advantage of the insecure
network, the hackers can gain entry to the system causing huge disruption to the organisation
as a whole (Hawkins, 2017). The data leaks are possible in this way the HR database can be
under threats the data of the database can be stolen. The clients, as well as the employees of
the company, have to face the harassments due to the heavy attack. The reputation can be
seriously challenged due to this.
xiii. Passwords: The clients often choose the weak passwords for their system and
thus creates an opportunity for the hackers. In this, the personal data of the clients’ data can
be breached and the organisation will have to take the maximum responsibility for this (Xiao
et al., 2017). With the help of brute force method, the vulnerabilities residing within get
exposed. Thus the clients must be steady while setting a password for the system.
xiv. Phishing attack: The phishing attack is conducted by the hackers to hack the
personal accounts. The hackers develop a look-alike website of the DAS by copying the
HTML code of the genuine site and can cheat the clients (Chowdhury, 2017). The clients by
can access the private information of the HR database, the clients’ details, their account
details, the hackers can leak the information for personal interest. Also, the attack can cause
permanent damage to the system and the files (Wu, Song & Moon, 2017). The data loss can
be a huge loss for the HR database. There are other forms of Denial of Service attack. In this
scenario, one master computer takes control of a certain group of computers and these group
of computers are responsible to spread the malicious activities across the HR database and the
HR system (Biancotti, 2017). This can shut down the server of the HR database completely.
The zombie computers if attack the HR system, bombardment can occur and this
bombardment happens due to transactions of corrupted and malicious data flow.
xii. Problems of logging out: The clients in casualty often forget to log out of the
system. The clients’ network is not highly secured, thus taking advantage of the insecure
network, the hackers can gain entry to the system causing huge disruption to the organisation
as a whole (Hawkins, 2017). The data leaks are possible in this way the HR database can be
under threats the data of the database can be stolen. The clients, as well as the employees of
the company, have to face the harassments due to the heavy attack. The reputation can be
seriously challenged due to this.
xiii. Passwords: The clients often choose the weak passwords for their system and
thus creates an opportunity for the hackers. In this, the personal data of the clients’ data can
be breached and the organisation will have to take the maximum responsibility for this (Xiao
et al., 2017). With the help of brute force method, the vulnerabilities residing within get
exposed. Thus the clients must be steady while setting a password for the system.
xiv. Phishing attack: The phishing attack is conducted by the hackers to hack the
personal accounts. The hackers develop a look-alike website of the DAS by copying the
HTML code of the genuine site and can cheat the clients (Chowdhury, 2017). The clients by
8CLOUD PRIVACY AND SECURITY
entering the credentials can get deceit and by getting the details of the clients the hackers can
hack the accounts of the HR database.
2.2. The risks and threats to the employee data after migration to a SaaS application
The potential risks associated with HR database are-
i. If the enterprise wants to keep back up of the data to the cloud and want to shift to the
cloud, then the vital information handling or the sensitive information handling can be tough
as they have to obey the compliance of the cloud vendors, so they can get restriction from the
cloud vendor (Feng, Wang & Li, 2014).
ii. The enterprise if earning good should not choose the option to move to the cloud as that
can create disruptions, the cloud computing needs high maintenance, higher availability and
higher scalability (Safa et al., 2015).
iii. The enterprise will not be able to get access to the data of the cloud database as the cloud
vendors will deploy everything and the cloud vendor will take the entire charge of the data of
the database of the enterprise.
iv. Moreover, they have to opt a strong secured network server as that can provide fast
internet service as well as the security by which they can run their applications, due to this,
they have to bear the heavy expenses.
v. The enterprise will have to pay the cloud vendor on a monthly basis or yearly basis for
security and the maintenance of the data and the database (de Gusmão et al., 2016).
vi. There remain data theft risks as somehow due to the intruders' attack the security of the
database can get breached. That can lead to virus and worm attack.
entering the credentials can get deceit and by getting the details of the clients the hackers can
hack the accounts of the HR database.
2.2. The risks and threats to the employee data after migration to a SaaS application
The potential risks associated with HR database are-
i. If the enterprise wants to keep back up of the data to the cloud and want to shift to the
cloud, then the vital information handling or the sensitive information handling can be tough
as they have to obey the compliance of the cloud vendors, so they can get restriction from the
cloud vendor (Feng, Wang & Li, 2014).
ii. The enterprise if earning good should not choose the option to move to the cloud as that
can create disruptions, the cloud computing needs high maintenance, higher availability and
higher scalability (Safa et al., 2015).
iii. The enterprise will not be able to get access to the data of the cloud database as the cloud
vendors will deploy everything and the cloud vendor will take the entire charge of the data of
the database of the enterprise.
iv. Moreover, they have to opt a strong secured network server as that can provide fast
internet service as well as the security by which they can run their applications, due to this,
they have to bear the heavy expenses.
v. The enterprise will have to pay the cloud vendor on a monthly basis or yearly basis for
security and the maintenance of the data and the database (de Gusmão et al., 2016).
vi. There remain data theft risks as somehow due to the intruders' attack the security of the
database can get breached. That can lead to virus and worm attack.
9CLOUD PRIVACY AND SECURITY
vii. The SaaS applications are available due to server down or network unavailability. The
entire business operations will suffer also the clients could not be able to communicate with
the clients all throughout day and night 24x7 (Maitra & Madan, 2017). That will reduce the
productivity and thus the enterprise can face severe loss due to this attack.
Fig 2: Risk examination of the organisation’s workers
(Source: Kirti et al., 2017)
viii. The organisations must have a disaster plan ready with them as that can help them to
gain access to the data in case they want to conduct the business operations offline (Shameli-
Sendi, Aghababaei-Barzegar & Cheriet, 2016). The organisation may have to conduct the
business operations when they get into trouble like the occurrence of security breaches and
the server down or the network unavailability.
ix. They have to follow the rules and the policies set up the cloud vendors so the organisation
will not have total control over their database. They will also have to pursue the policies
vii. The SaaS applications are available due to server down or network unavailability. The
entire business operations will suffer also the clients could not be able to communicate with
the clients all throughout day and night 24x7 (Maitra & Madan, 2017). That will reduce the
productivity and thus the enterprise can face severe loss due to this attack.
Fig 2: Risk examination of the organisation’s workers
(Source: Kirti et al., 2017)
viii. The organisations must have a disaster plan ready with them as that can help them to
gain access to the data in case they want to conduct the business operations offline (Shameli-
Sendi, Aghababaei-Barzegar & Cheriet, 2016). The organisation may have to conduct the
business operations when they get into trouble like the occurrence of security breaches and
the server down or the network unavailability.
ix. They have to follow the rules and the policies set up the cloud vendors so the organisation
will not have total control over their database. They will also have to pursue the policies
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10CLOUD PRIVACY AND SECURITY
correlated with security set up by the cloud vendors; some alterations in the policies may not
be approved and encouraged by the cloud vendors.
2.3. Assess the resulting severity of risk and threat to employee data
The workers’ information can get hacked and the organisation’s risks related to security are
involved are illustrated in details-
Theft: Data theft by physical means as well due to the intruders' attack. The intruders
can gain entry into the system due to the insecure network. The internal employees who have
some grudge against the enterprise in order to take revenge can steal the vital information of
the database.
Neglect: Due to the negligence of the clients and the employees the aforesaid
organisation can get into trouble. The employees store the important files on their laptop or
smartphones, now if the smartphone gets lost then there that sensitive information can be
accessed by the intruders, thus the sensitive information of the organisation can get into the
wrong hands (Kirti et al., 2017). Again, the full format of the smartphone can be the reason
for permanent data loss as well. Again if the laptop gets malfunctioned, then if the technician
can gain access to the sensitive information and thus the data can be breached and again if the
laptop gets lost or permanently gets damaged then the data will be lost, also the intruders can
delete those important files and also can hack the passwords of the account of the system.
correlated with security set up by the cloud vendors; some alterations in the policies may not
be approved and encouraged by the cloud vendors.
2.3. Assess the resulting severity of risk and threat to employee data
The workers’ information can get hacked and the organisation’s risks related to security are
involved are illustrated in details-
Theft: Data theft by physical means as well due to the intruders' attack. The intruders
can gain entry into the system due to the insecure network. The internal employees who have
some grudge against the enterprise in order to take revenge can steal the vital information of
the database.
Neglect: Due to the negligence of the clients and the employees the aforesaid
organisation can get into trouble. The employees store the important files on their laptop or
smartphones, now if the smartphone gets lost then there that sensitive information can be
accessed by the intruders, thus the sensitive information of the organisation can get into the
wrong hands (Kirti et al., 2017). Again, the full format of the smartphone can be the reason
for permanent data loss as well. Again if the laptop gets malfunctioned, then if the technician
can gain access to the sensitive information and thus the data can be breached and again if the
laptop gets lost or permanently gets damaged then the data will be lost, also the intruders can
delete those important files and also can hack the passwords of the account of the system.
11CLOUD PRIVACY AND SECURITY
Fig 3: Data threats and risks and data security design based on that
(Source: Cherdantseva et al., 2016, pp-1-27)
Loss: As discussed earlier, the loss of devices can be the risks and threat of the
organisation. The hacktivists can enter the system and the steal the personal information from
the database and the system thus the HR database can become vulnerable. The hacktivists can
get the desired username and password and can enter their account (Cherdantseva et al.,
2016). In this way, both the clients and the organisations can suffer the huge monetary loss,
as well as the reputation of the company, can be under the threat. The organisation can even
lose the competitive edge due to the pitfalls.
Fig 3: Data threats and risks and data security design based on that
(Source: Cherdantseva et al., 2016, pp-1-27)
Loss: As discussed earlier, the loss of devices can be the risks and threat of the
organisation. The hacktivists can enter the system and the steal the personal information from
the database and the system thus the HR database can become vulnerable. The hacktivists can
get the desired username and password and can enter their account (Cherdantseva et al.,
2016). In this way, both the clients and the organisations can suffer the huge monetary loss,
as well as the reputation of the company, can be under the threat. The organisation can even
lose the competitive edge due to the pitfalls.
12CLOUD PRIVACY AND SECURITY
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in-house HR database
Security threats and the privacy risks involved
i. Privacy breaches: Due to the leaks of the private data and the information, the
clients and the employees can get embarrassed. Thus there is a chance of security breaches in
the HR database.
ii. Problems related to anonymity: The HR database if not programmed in a way such
that it can uniquely identify the clients of the organisation, then there can be data duplication
of the clients thus can violate the atomicity or the anonymity of the clients as well as the
employees of the company (Landucci et al., 2017).
iii. Issues related to data masking: Data masking is the technique which resembles
the organisation’s original data; this technique is adopted by the employees of the
organisations’ safe from the security breaches. However, this technique is not fruitful all the
time and the intruders can still gain access to the system (Younis, Malaiya, & Ray, 2014).
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application
After shifting the business applications to the cloud to the SaaS applications, the
privacy concerns that pertain are-
i. Unethical action: The SaaS applications can be utilised to find out the details of the
employees, the SaaS applications have the capability to keep track of the clients as well as the
employees, the clients' every move can be saved and thus any intruders having the clients'
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in-house HR database
Security threats and the privacy risks involved
i. Privacy breaches: Due to the leaks of the private data and the information, the
clients and the employees can get embarrassed. Thus there is a chance of security breaches in
the HR database.
ii. Problems related to anonymity: The HR database if not programmed in a way such
that it can uniquely identify the clients of the organisation, then there can be data duplication
of the clients thus can violate the atomicity or the anonymity of the clients as well as the
employees of the company (Landucci et al., 2017).
iii. Issues related to data masking: Data masking is the technique which resembles
the organisation’s original data; this technique is adopted by the employees of the
organisations’ safe from the security breaches. However, this technique is not fruitful all the
time and the intruders can still gain access to the system (Younis, Malaiya, & Ray, 2014).
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application
After shifting the business applications to the cloud to the SaaS applications, the
privacy concerns that pertain are-
i. Unethical action: The SaaS applications can be utilised to find out the details of the
employees, the SaaS applications have the capability to keep track of the clients as well as the
employees, the clients' every move can be saved and thus any intruders having the clients'
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
13CLOUD PRIVACY AND SECURITY
data can destroy his or her life, the SaaS implications may not be illegal but it may take lives
of clients. This can be disastrous to the employees of the organisation as well.
ii. Inaccurate SaaS applications: Since the cloud technology is in beta mode, due to
this reason the cloud database, as well as the cloud applications, has not been tested to the
fullest that is the reason why the cloud database of HR may hold the data which is not correct
and this can create confusion (Modi et al., 2013). Due to the wrong implication of the data
models or use of any faulty algorithm can result in shocking results, the employees can take
the wrong decision thus the employees and the clients can suffer due to this.
Fig 4: The risks occurred due to shifting to cloud platform
(Source: Erdogan et al., 2015, pp- 90-112)
data can destroy his or her life, the SaaS implications may not be illegal but it may take lives
of clients. This can be disastrous to the employees of the organisation as well.
ii. Inaccurate SaaS applications: Since the cloud technology is in beta mode, due to
this reason the cloud database, as well as the cloud applications, has not been tested to the
fullest that is the reason why the cloud database of HR may hold the data which is not correct
and this can create confusion (Modi et al., 2013). Due to the wrong implication of the data
models or use of any faulty algorithm can result in shocking results, the employees can take
the wrong decision thus the employees and the clients can suffer due to this.
Fig 4: The risks occurred due to shifting to cloud platform
(Source: Erdogan et al., 2015, pp- 90-112)
14CLOUD PRIVACY AND SECURITY
iii. Discrimination: The organisation has all the data so they can discriminate among
the workers of the organisation. Since data is available all the time, anyone from the
organisation can seek the opportunity to misuse the data and they can use that data to fulfil
their selfish needs.
iv. No legal protections: Since cloud computing is relatively new, the laws, policy
and the regulations have not been made, so everybody can illegally utilise the sensitive data
to fulfil their needs (Erdogan et al., 2015).
v. e-discovery concerns: The enterprises also create documents for their projects and
that involves the data mining procedures so, it may happen that the employees and clients'
personal data can get breached in some way or other causing a threat to the organisation.
3.3. Assess the resulting severity of risk and threat to the privacy of employee data
The severe risk involved is the disclosure of personally sensitive information and the
sensitive information to the public. Thus authenticity is the need of the hour. The privacy of
their clients can take away one's life. The hackers, the intruders can get access to the HR
database and can make the entire database and system vulnerable to attack. The HR database
contains the sensitive information of both the employees and the clients; again it contains the
financial data of the organisation. Since everything will be conducted online the cloud
database, SaaS applications must be considered and should well take care of (Best et al.,
2017). Also, they should take the help from the third-party cloud vendor, as the cloud vendors
have the best solutions to defend the malware attack and the best architectural design to shape
the entire enterprise.
iii. Discrimination: The organisation has all the data so they can discriminate among
the workers of the organisation. Since data is available all the time, anyone from the
organisation can seek the opportunity to misuse the data and they can use that data to fulfil
their selfish needs.
iv. No legal protections: Since cloud computing is relatively new, the laws, policy
and the regulations have not been made, so everybody can illegally utilise the sensitive data
to fulfil their needs (Erdogan et al., 2015).
v. e-discovery concerns: The enterprises also create documents for their projects and
that involves the data mining procedures so, it may happen that the employees and clients'
personal data can get breached in some way or other causing a threat to the organisation.
3.3. Assess the resulting severity of risk and threat to the privacy of employee data
The severe risk involved is the disclosure of personally sensitive information and the
sensitive information to the public. Thus authenticity is the need of the hour. The privacy of
their clients can take away one's life. The hackers, the intruders can get access to the HR
database and can make the entire database and system vulnerable to attack. The HR database
contains the sensitive information of both the employees and the clients; again it contains the
financial data of the organisation. Since everything will be conducted online the cloud
database, SaaS applications must be considered and should well take care of (Best et al.,
2017). Also, they should take the help from the third-party cloud vendor, as the cloud vendors
have the best solutions to defend the malware attack and the best architectural design to shape
the entire enterprise.
15CLOUD PRIVACY AND SECURITY
4. The threats and risks to the digital identities of Government employees from the
move to SaaS applications
The vulnerabilities, as well as threats correlateded with digital identities while shifting
to the cloud database, has been highlighted in the report.
The workers currently working in the company can get threatened if DAS moves to
cloud and starts using cloud applications. Authenticity is one of the methodologies by which
the workers and the clients can gain access to the company. The hackers basically attack the
network which is not strongly secured. The clients’ sensitive information and the
organisations’ data can get breached due to the insecure network and the lack of firewall
setup. A secured firewall can secure the network effectively. The cloud network security
provided by the cloud vendor is capable to provide the secured network with advanced
features (Shuaibu et al., 2015). Again the cloud securities provided by the cloud vendors are
beneficial to root out the Denial of Service attack. The Denial of Service attack can shut
down the server computer and blocks all the business activities.
The eavesdropping is another threat which causes disruption and it involves the access
over the network illegally and can record the conversation of the clients and the employees of
the network. The official conversation gets leaked due to the intruders attack the system.
There is another attack named masquerade which can be equally disastrous. The
hackers by taking the name and fake identity of the organisation's employees and
communicate with the clients (Bermudez, 2013). In this way, the sensitive information of the
employees gets robbed due to the attack of the hackers. This is another way the HR database
can get into trouble.
4. The threats and risks to the digital identities of Government employees from the
move to SaaS applications
The vulnerabilities, as well as threats correlateded with digital identities while shifting
to the cloud database, has been highlighted in the report.
The workers currently working in the company can get threatened if DAS moves to
cloud and starts using cloud applications. Authenticity is one of the methodologies by which
the workers and the clients can gain access to the company. The hackers basically attack the
network which is not strongly secured. The clients’ sensitive information and the
organisations’ data can get breached due to the insecure network and the lack of firewall
setup. A secured firewall can secure the network effectively. The cloud network security
provided by the cloud vendor is capable to provide the secured network with advanced
features (Shuaibu et al., 2015). Again the cloud securities provided by the cloud vendors are
beneficial to root out the Denial of Service attack. The Denial of Service attack can shut
down the server computer and blocks all the business activities.
The eavesdropping is another threat which causes disruption and it involves the access
over the network illegally and can record the conversation of the clients and the employees of
the network. The official conversation gets leaked due to the intruders attack the system.
There is another attack named masquerade which can be equally disastrous. The
hackers by taking the name and fake identity of the organisation's employees and
communicate with the clients (Bermudez, 2013). In this way, the sensitive information of the
employees gets robbed due to the attack of the hackers. This is another way the HR database
can get into trouble.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
16CLOUD PRIVACY AND SECURITY
Fig 5: Cloud computing- SaaS
(Source: Almorsy, Grundy & Müller, 2016)
The files if gets exchanged over the insecure network insecure SaaS applications, then
the hackers can steal the personal files and can modify those files according to their will and
selfish needs (Almorsy, Grundy & Müller, 2016). The workers' identity can get breached and
the files can hijack due to the loopholes created due to the attack of the intruders.
By the ransomware attack, the intruders also attack one's system can shut down the
computer even disallow the original owner to get back the SaaS applications.
The website intrusion is the hijacking of one's account and exploitation of the
sensitive information.
The integrity, availability and the confidentiality can get threatened and these are the
risks and the vulnerabilities if they try to shift their business activities to cloud technology
and use the cloud applications (Rong, Nguyen & Jaatun, 2013).
Fig 5: Cloud computing- SaaS
(Source: Almorsy, Grundy & Müller, 2016)
The files if gets exchanged over the insecure network insecure SaaS applications, then
the hackers can steal the personal files and can modify those files according to their will and
selfish needs (Almorsy, Grundy & Müller, 2016). The workers' identity can get breached and
the files can hijack due to the loopholes created due to the attack of the intruders.
By the ransomware attack, the intruders also attack one's system can shut down the
computer even disallow the original owner to get back the SaaS applications.
The website intrusion is the hijacking of one's account and exploitation of the
sensitive information.
The integrity, availability and the confidentiality can get threatened and these are the
risks and the vulnerabilities if they try to shift their business activities to cloud technology
and use the cloud applications (Rong, Nguyen & Jaatun, 2013).
17CLOUD PRIVACY AND SECURITY
5. Consideration of the operational solution and location(s) of the two SaaS providers
for HR and Contractor management
The two most popular providers of SaaS that can enhance the organisations' digital
security-related threats are Amazon AWS and Shore.com.
Sore.com is a German-based SAS provider which offers the certain advantages and it
is quite popular in Germany and neighbouring countries (Ryan, 2013). The organisation
offers security measures to check and control the risks associated with cloud platform and the
cloud vendor-
i. SaaS is capable to cater the platform where the enterprise does not have to worry about the
management of the applications and the updates of the applications (Kshetri, 2013). The
cloud vendor will take the effort to secure the system and for this reason, the employees can
stay safe and secure. The clients can also enjoy the secured service.
iii. SaaS improves execution of cloud applications and in this way, the employees can get the
fast cloud service and effective cloud service from the cloud vendor.
iv. The SaaS applications can be processed anywhere anytime from any device.
v. The security design for the SaaS associates those elements which can be shared among the
clients among the stakeholders and Store has policies regarding the SaaS model.
5. Consideration of the operational solution and location(s) of the two SaaS providers
for HR and Contractor management
The two most popular providers of SaaS that can enhance the organisations' digital
security-related threats are Amazon AWS and Shore.com.
Sore.com is a German-based SAS provider which offers the certain advantages and it
is quite popular in Germany and neighbouring countries (Ryan, 2013). The organisation
offers security measures to check and control the risks associated with cloud platform and the
cloud vendor-
i. SaaS is capable to cater the platform where the enterprise does not have to worry about the
management of the applications and the updates of the applications (Kshetri, 2013). The
cloud vendor will take the effort to secure the system and for this reason, the employees can
stay safe and secure. The clients can also enjoy the secured service.
iii. SaaS improves execution of cloud applications and in this way, the employees can get the
fast cloud service and effective cloud service from the cloud vendor.
iv. The SaaS applications can be processed anywhere anytime from any device.
v. The security design for the SaaS associates those elements which can be shared among the
clients among the stakeholders and Store has policies regarding the SaaS model.
18CLOUD PRIVACY AND SECURITY
Fig 6: Shore cloud architecture platform
(Source: "Vereinfachen Sie Ihr Geschäftsleben it Shore!", 2017)
vi. Shore caters the CRM facilities and by this approach, the employees of the organisation,
as well as the workers of the organisation, can get the benefits to the fullest. Via shore, the
workers' data can be tracked, as well as the clients' data can be tracked. Since, Shore has
taken the responsibility to provide the employees with a whole lot of benefits so they do not
have to consider the security of their enterprise, they do not have to consider the security of
the employees of the enterprise, and also they do not have to consider the security and
privacy of the clients in their company (Rong, Nguyen & Jaatun, 2013). Since Shore has
some advanced features installed within the cloud database and the enterprise they do not
have to worry about maintaining and the database and the system. The organisation will have
all the data at their fingertips and can access the data with much ease (Almorsy, Grundy &
Müller, 2016). Moreover, the organisation can get the benefits to access the database on the
go, can access the database anywhere anytime at any place from any digital device.
Fig 6: Shore cloud architecture platform
(Source: "Vereinfachen Sie Ihr Geschäftsleben it Shore!", 2017)
vi. Shore caters the CRM facilities and by this approach, the employees of the organisation,
as well as the workers of the organisation, can get the benefits to the fullest. Via shore, the
workers' data can be tracked, as well as the clients' data can be tracked. Since, Shore has
taken the responsibility to provide the employees with a whole lot of benefits so they do not
have to consider the security of their enterprise, they do not have to consider the security of
the employees of the enterprise, and also they do not have to consider the security and
privacy of the clients in their company (Rong, Nguyen & Jaatun, 2013). Since Shore has
some advanced features installed within the cloud database and the enterprise they do not
have to worry about maintaining and the database and the system. The organisation will have
all the data at their fingertips and can access the data with much ease (Almorsy, Grundy &
Müller, 2016). Moreover, the organisation can get the benefits to access the database on the
go, can access the database anywhere anytime at any place from any digital device.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
19CLOUD PRIVACY AND SECURITY
Amazon AWS is the US-based SaaS provider which has numerous benefits to offer and they
are-
i. Infrastructure capabilities- Amazon has the necessary network firewalls
assimilated with the Amazon PVC, it also has the firewalls connected with the web
applications and thus creates more scopes for Amazon and this assist in getting access to the
cloud arena of the cloud vendor (Bermudez et al., 2013). Amazon AWS thus offers private
connected service and the dedicated service from anywhere.
ii. DDoS attack- Amazon AWS has a unique strategy to defend the DDoS attack, the
Amazon AWS service has the potential to check the threats and the risks correlated with the
DDoS attack. Amazon is also known to provide the following aspects like auto-scaling,
Amazon Cloud Front and Amazon 53, that can help to check the negative impact of this
aforesaid attack.
iii. Data Encryption- SQL Server RDS, EBS, Redshift RDS, S3 caters the data
encryption methodologies by which the employee's data and the client's data can be
protected, it is nearly impossible for the attackers to gain access to a network and to gain
access to a system (Bermudez et al., 2013). Thus the software provided by Amazon can help
in securing the database.
Amazon AWS is the US-based SaaS provider which has numerous benefits to offer and they
are-
i. Infrastructure capabilities- Amazon has the necessary network firewalls
assimilated with the Amazon PVC, it also has the firewalls connected with the web
applications and thus creates more scopes for Amazon and this assist in getting access to the
cloud arena of the cloud vendor (Bermudez et al., 2013). Amazon AWS thus offers private
connected service and the dedicated service from anywhere.
ii. DDoS attack- Amazon AWS has a unique strategy to defend the DDoS attack, the
Amazon AWS service has the potential to check the threats and the risks correlated with the
DDoS attack. Amazon is also known to provide the following aspects like auto-scaling,
Amazon Cloud Front and Amazon 53, that can help to check the negative impact of this
aforesaid attack.
iii. Data Encryption- SQL Server RDS, EBS, Redshift RDS, S3 caters the data
encryption methodologies by which the employee's data and the client's data can be
protected, it is nearly impossible for the attackers to gain access to a network and to gain
access to a system (Bermudez et al., 2013). Thus the software provided by Amazon can help
in securing the database.
20CLOUD PRIVACY AND SECURITY
Fig 7: Amazon AWS cloud architecture platform
(Source: Feng, Wang & Li, 2014, pp. 57-73)
iv. Advanced management tools- AWS config, Amazon Inspector are the AWS
resources that can assist o get the desired result and this can assist in managing and the
controlling the system and the database, the advanced management tools from Amazon is
capable to handle the resources well in a secured manner (Bermudez et al., 2013).
v. Amazon Policies- Amazon is popular to cater the policies and the services like
AWS Directory Services, AWS Multi-Factor Authentication, AWS Identity and Access
Management (IAM) assists in defining the regulations and the policies via which the
advantages of the software can be gained so that both the employees and the clients can enjoy
hassle-free service.
Fig 7: Amazon AWS cloud architecture platform
(Source: Feng, Wang & Li, 2014, pp. 57-73)
iv. Advanced management tools- AWS config, Amazon Inspector are the AWS
resources that can assist o get the desired result and this can assist in managing and the
controlling the system and the database, the advanced management tools from Amazon is
capable to handle the resources well in a secured manner (Bermudez et al., 2013).
v. Amazon Policies- Amazon is popular to cater the policies and the services like
AWS Directory Services, AWS Multi-Factor Authentication, AWS Identity and Access
Management (IAM) assists in defining the regulations and the policies via which the
advantages of the software can be gained so that both the employees and the clients can enjoy
hassle-free service.
21CLOUD PRIVACY AND SECURITY
6. The issues of data sensitivity or jurisdiction that should be considered other than the
issues discussed
DAS can be largely benefitted from the IaaS cloud services, so they should adopt the
IaaS cloud services besides the SaaS cloud platform services (Feng, Wang & Li, 2014). IaaS
security framework can prove fruitful to the enterprise to employ security features in the
enterprise. IaaS is known to cater the best hardware solutions, best software solutions,
updated operating system, updated application software, updated antivirus program. Thus
DAS can enjoy the secured hassle-free cloud services from the cloud vendors. Amazon AWS
is popular among all the cloud vendors available in the market, they have the best architecture
in their business. Therefore, the employees can get the enhanced solutions by which they can
conduct the business procedures in agile effective manner. Moreover, the security aspects
can add a feather to the business. The outdated software, the outdated operating system, the
outdated hardware can prove disastrous to the company, there can be a huge risk of security
and data breaches. Thus IaaS infrastructure can provide security solutions to all security
breaches that can occur due to the mentioned outdated resources. Amazon AWS can provide
them with the advanced resources, advanced hardware, advanced software and the advanced
operating software and advanced security patches (Band et al., 2015). This can also help them
to get the competitive edge which they want to get. Adopting Amazon AWS they can stay
ahead of all others.
7. Conclusion
It can be concluded from the above discourse that the DAS can get advantages
adopting the cloud technology and adopting the cloud architecture of Shore and Amazon
AWS. DAS employees and the clients can enjoy well secured hassle-free cloud services, they
can even get benefits from the IaaS architecture along with the SaaS applications, all these
6. The issues of data sensitivity or jurisdiction that should be considered other than the
issues discussed
DAS can be largely benefitted from the IaaS cloud services, so they should adopt the
IaaS cloud services besides the SaaS cloud platform services (Feng, Wang & Li, 2014). IaaS
security framework can prove fruitful to the enterprise to employ security features in the
enterprise. IaaS is known to cater the best hardware solutions, best software solutions,
updated operating system, updated application software, updated antivirus program. Thus
DAS can enjoy the secured hassle-free cloud services from the cloud vendors. Amazon AWS
is popular among all the cloud vendors available in the market, they have the best architecture
in their business. Therefore, the employees can get the enhanced solutions by which they can
conduct the business procedures in agile effective manner. Moreover, the security aspects
can add a feather to the business. The outdated software, the outdated operating system, the
outdated hardware can prove disastrous to the company, there can be a huge risk of security
and data breaches. Thus IaaS infrastructure can provide security solutions to all security
breaches that can occur due to the mentioned outdated resources. Amazon AWS can provide
them with the advanced resources, advanced hardware, advanced software and the advanced
operating software and advanced security patches (Band et al., 2015). This can also help them
to get the competitive edge which they want to get. Adopting Amazon AWS they can stay
ahead of all others.
7. Conclusion
It can be concluded from the above discourse that the DAS can get advantages
adopting the cloud technology and adopting the cloud architecture of Shore and Amazon
AWS. DAS employees and the clients can enjoy well secured hassle-free cloud services, they
can even get benefits from the IaaS architecture along with the SaaS applications, all these
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
22CLOUD PRIVACY AND SECURITY
aspects have been highlighted in the report. DAS has planned to shift their business to the
cloud and that will surely embellish the business operations and the security of the company.
Everything has been explained in details in the report. The threats and the risks about the
database have been explained in the report, again the adopting the cloud services initially
they can face risks and they will have to deal with it. All the cloud base risks have been
showcased in the report elaborately.
aspects have been highlighted in the report. DAS has planned to shift their business to the
cloud and that will surely embellish the business operations and the security of the company.
Everything has been explained in details in the report. The threats and the risks about the
database have been explained in the report, again the adopting the cloud services initially
they can face risks and they will have to deal with it. All the cloud base risks have been
showcased in the report elaborately.
23CLOUD PRIVACY AND SECURITY
8. References
Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk
assessment framework for cloud computing environments. Security and
Communication Networks, 7(11), 2114-2124.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Band, I., Engelsman, W., Feltus, B. C., Paredes, S. G., & Diligens, D. (2015). Modeling
Enterprise Risk Management and Security with the ArchiMate®.
Bermudez, I., Traverso, S., Mellia, M., & Munafo, M. (2013, April). Exploring the cloud
from passive measurements: The Amazon AWS case. In INFOCOM, 2013
Proceedings IEEE (pp. 230-234). IEEE.
Best, D. M., Bhatia, J., Peterson, E. S., & Breaux, T. D. (2017, April). Improved cyber threat
indicator sharing by scoring privacy risk. In Technologies for Homeland Security
(HST), 2017 IEEE International Symposium on (pp. 1-5). IEEE.
Biancotti, C. (2017). Cyber attacks: preliminary evidence from the Bank of Italy's business
surveys.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA
systems. computers & security, 56, 1-27.
Chockalingam, S., Hadziosmanovic, D., Pieters, W., Teixeira, A., & van Gelder, P. (2017).
Integrated Safety and Security Risk Assessment Methods: Key Characteristics and
Applications. arXiv preprint arXiv:1707.02140.
8. References
Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk
assessment framework for cloud computing environments. Security and
Communication Networks, 7(11), 2114-2124.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Band, I., Engelsman, W., Feltus, B. C., Paredes, S. G., & Diligens, D. (2015). Modeling
Enterprise Risk Management and Security with the ArchiMate®.
Bermudez, I., Traverso, S., Mellia, M., & Munafo, M. (2013, April). Exploring the cloud
from passive measurements: The Amazon AWS case. In INFOCOM, 2013
Proceedings IEEE (pp. 230-234). IEEE.
Best, D. M., Bhatia, J., Peterson, E. S., & Breaux, T. D. (2017, April). Improved cyber threat
indicator sharing by scoring privacy risk. In Technologies for Homeland Security
(HST), 2017 IEEE International Symposium on (pp. 1-5). IEEE.
Biancotti, C. (2017). Cyber attacks: preliminary evidence from the Bank of Italy's business
surveys.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA
systems. computers & security, 56, 1-27.
Chockalingam, S., Hadziosmanovic, D., Pieters, W., Teixeira, A., & van Gelder, P. (2017).
Integrated Safety and Security Risk Assessment Methods: Key Characteristics and
Applications. arXiv preprint arXiv:1707.02140.
24CLOUD PRIVACY AND SECURITY
Chowdhury, A. (2017, February). Cyber attacks in mechatronics systems based on Internet of
Things. In Mechatronics (ICM), 2017 IEEE International Conference on (pp. 476-
481). IEEE.
de Gusmão, A. P. H., e Silva, L. C., Silva, M. M., Poleto, T., & Costa, A. P. C. S. (2016).
Information security risk analysis model using fuzzy decision theory. International
Journal of Information Management, 36(1), 25-34.
Deng, S., Zhou, A. H., Yue, D., Hu, B., & Zhu, L. P. (2017). Distributed intrusion detection
based on hybrid gene expression programming and cloud computing in a cyber
physical power system. IET Control Theory & Applications.
Diovu, R. C., & Agee, J. T. (2017, June). A cloud-based openflow firewall for mitigation
against DDoS attacks in smart grid AMI networks. In PowerAfrica, 2017 IEEE
PES (pp. 28-33). IEEE.
Erdogan, G., Seehusen, F., Stølen, K., Hofstad, J., & Aagedal, J. Ø. (2015). Assessing the
usefulness of testing for validating and correcting security risk models based on two
industrial case studies. International Journal of Secure Software Engineering
(IJSSE), 6(2), 90-112.
Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information
systems: Causal relationships of risk factors and vulnerability propagation
analysis. Information sciences, 256, 57-73.
Garcia-Alfaro, J., & Perez, G. M. (2017). Introduction to the Special Section on Critical
Systems Modelling and Security.
Hawkins, N. (2017). Why communication is vital during a cyber-attack. Network
Security, 2017(3), 12-14.
Chowdhury, A. (2017, February). Cyber attacks in mechatronics systems based on Internet of
Things. In Mechatronics (ICM), 2017 IEEE International Conference on (pp. 476-
481). IEEE.
de Gusmão, A. P. H., e Silva, L. C., Silva, M. M., Poleto, T., & Costa, A. P. C. S. (2016).
Information security risk analysis model using fuzzy decision theory. International
Journal of Information Management, 36(1), 25-34.
Deng, S., Zhou, A. H., Yue, D., Hu, B., & Zhu, L. P. (2017). Distributed intrusion detection
based on hybrid gene expression programming and cloud computing in a cyber
physical power system. IET Control Theory & Applications.
Diovu, R. C., & Agee, J. T. (2017, June). A cloud-based openflow firewall for mitigation
against DDoS attacks in smart grid AMI networks. In PowerAfrica, 2017 IEEE
PES (pp. 28-33). IEEE.
Erdogan, G., Seehusen, F., Stølen, K., Hofstad, J., & Aagedal, J. Ø. (2015). Assessing the
usefulness of testing for validating and correcting security risk models based on two
industrial case studies. International Journal of Secure Software Engineering
(IJSSE), 6(2), 90-112.
Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information
systems: Causal relationships of risk factors and vulnerability propagation
analysis. Information sciences, 256, 57-73.
Garcia-Alfaro, J., & Perez, G. M. (2017). Introduction to the Special Section on Critical
Systems Modelling and Security.
Hawkins, N. (2017). Why communication is vital during a cyber-attack. Network
Security, 2017(3), 12-14.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
25CLOUD PRIVACY AND SECURITY
Haynes, M. R., & Giblin, M. J. (2014). Homeland security risk and preparedness in police
agencies: The insignificance of actual risk factors. Police Quarterly, 17(1), 30-53.
Kirti, G., Gupta, R., Biswas, K., & Turlapati, R. R. S. (2017). Washington, DC: U.S. Patent
and Trademark Office.
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions
and institutional evolution. Telecommunications Policy, 37(4), 372-386.
Landucci, G., Argenti, F., Cozzani, V., & Reniers, G. (2017). Assessment of attack likelihood
to support security risk assessment studies for chemical facilities. Process Safety and
Environmental Protection.
Maitra, S., & Madan, S. (2017). Intelligent Cyber Security Solutions through High
Performance Computing and Data Sciences: An Integrated Approach. IITM Journal
of Management and IT, 8(1), 3-9.
Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security
issues and solutions at different layers of Cloud computing. The Journal of
Supercomputing, 63(2), 561-592.
Pawlick, J., & Zhu, Q. (2017). Strategic trust in cloud-enabled cyber-physical systems with
an application to glucose control. IEEE Transactions on Information Forensics and
Security, 12(12), 2906-2919.
Rhodes-Ousley, M. (2013). Information security the complete reference. McGraw Hill
Professional.
Rong, C., Nguyen, S. T., & Jaatun, M. G. (2013). Beyond lightning: A survey on security
challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.
Haynes, M. R., & Giblin, M. J. (2014). Homeland security risk and preparedness in police
agencies: The insignificance of actual risk factors. Police Quarterly, 17(1), 30-53.
Kirti, G., Gupta, R., Biswas, K., & Turlapati, R. R. S. (2017). Washington, DC: U.S. Patent
and Trademark Office.
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions
and institutional evolution. Telecommunications Policy, 37(4), 372-386.
Landucci, G., Argenti, F., Cozzani, V., & Reniers, G. (2017). Assessment of attack likelihood
to support security risk assessment studies for chemical facilities. Process Safety and
Environmental Protection.
Maitra, S., & Madan, S. (2017). Intelligent Cyber Security Solutions through High
Performance Computing and Data Sciences: An Integrated Approach. IITM Journal
of Management and IT, 8(1), 3-9.
Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security
issues and solutions at different layers of Cloud computing. The Journal of
Supercomputing, 63(2), 561-592.
Pawlick, J., & Zhu, Q. (2017). Strategic trust in cloud-enabled cyber-physical systems with
an application to glucose control. IEEE Transactions on Information Forensics and
Security, 12(12), 2906-2919.
Rhodes-Ousley, M. (2013). Information security the complete reference. McGraw Hill
Professional.
Rong, C., Nguyen, S. T., & Jaatun, M. G. (2013). Beyond lightning: A survey on security
challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.
26CLOUD PRIVACY AND SECURITY
Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of
solutions. Journal of Systems and Software, 86(9), 2263-2268.
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015).
Information security conscious care behaviour formation in organizations. Computers
& Security, 53, 65-78.
Shameli-Sendi, A., Aghababaei-Barzegar, R., & Cheriet, M. (2016). Taxonomy of
information security risk assessment (ISRA). Computers & Security, 57, 14-30.
Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons.
Shuaibu, B. M., Norwawi, N. M., Selamat, M. H., & Al-Alwani, A. (2015). Systematic
review of web application security development model. Artificial Intelligence
Review, 43(2), 259-276.
Szwed, P., & Skrzyński, P. (2014). A new lightweight method for security risk assessment
based on fuzzy cognitive maps. International Journal of Applied Mathematics and
Computer Science, 24(1), 213-225.
Vereinfachen Sie Ihr Geschäftsleben mit Shore!. (2017). Shore.com. Retrieved 2 September
2017, from https://www.shore.com/de/
Wu, M., Song, Z., & Moon, Y. B. (2017). Detecting cyber-physical attacks in
CyberManufacturing systems with machine learning methods. Journal of Intelligent
Manufacturing, 1-13.
Xiao, L., Xu, D., Xie, C., Mandayam, N. B., & Poor, H. V. (2017). Cloud storage defense
against advanced persistent threats: A prospect theoretic study. IEEE Journal on
Selected Areas in Communications, 35(3), 534-544.
Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of
solutions. Journal of Systems and Software, 86(9), 2263-2268.
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015).
Information security conscious care behaviour formation in organizations. Computers
& Security, 53, 65-78.
Shameli-Sendi, A., Aghababaei-Barzegar, R., & Cheriet, M. (2016). Taxonomy of
information security risk assessment (ISRA). Computers & Security, 57, 14-30.
Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons.
Shuaibu, B. M., Norwawi, N. M., Selamat, M. H., & Al-Alwani, A. (2015). Systematic
review of web application security development model. Artificial Intelligence
Review, 43(2), 259-276.
Szwed, P., & Skrzyński, P. (2014). A new lightweight method for security risk assessment
based on fuzzy cognitive maps. International Journal of Applied Mathematics and
Computer Science, 24(1), 213-225.
Vereinfachen Sie Ihr Geschäftsleben mit Shore!. (2017). Shore.com. Retrieved 2 September
2017, from https://www.shore.com/de/
Wu, M., Song, Z., & Moon, Y. B. (2017). Detecting cyber-physical attacks in
CyberManufacturing systems with machine learning methods. Journal of Intelligent
Manufacturing, 1-13.
Xiao, L., Xu, D., Xie, C., Mandayam, N. B., & Poor, H. V. (2017). Cloud storage defense
against advanced persistent threats: A prospect theoretic study. IEEE Journal on
Selected Areas in Communications, 35(3), 534-544.
27CLOUD PRIVACY AND SECURITY
Yao, J., Venkitasubramaniam, P., Kishore, S., Snyder, L. V., & Blum, R. S. (2017, March).
Network topology risk assessment of stealthy cyber attacks on advanced metering
infrastructure networks. In Information Sciences and Systems (CISS), 2017 51st
Annual Conference on (pp. 1-6). IEEE.
Younis, A. A., Malaiya, Y. K., & Ray, I. (2014, January). Using attack surface entry points
and reachability analysis to assess the risk of software vulnerability exploitability.
In High-Assurance Systems Engineering (HASE), 2014 IEEE 15th International
Symposium on (pp. 1-8). IEEE.
Yao, J., Venkitasubramaniam, P., Kishore, S., Snyder, L. V., & Blum, R. S. (2017, March).
Network topology risk assessment of stealthy cyber attacks on advanced metering
infrastructure networks. In Information Sciences and Systems (CISS), 2017 51st
Annual Conference on (pp. 1-6). IEEE.
Younis, A. A., Malaiya, Y. K., & Ray, I. (2014, January). Using attack surface entry points
and reachability analysis to assess the risk of software vulnerability exploitability.
In High-Assurance Systems Engineering (HASE), 2014 IEEE 15th International
Symposium on (pp. 1-8). IEEE.
1 out of 28
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.