Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Cyber Security Risks and Solutions in Cloud Computing

Verified

Added on 2020/04/07

AI Summary

The assignment delves into the multifaceted realm of cyber security within cloud computing environments. It examines various threats and vulnerabilities inherent to cloud platforms, ranging from data breaches and denial-of-service attacks to insider threats and insecure APIs. Furthermore, the document analyzes existing security solutions and best practices designed to mitigate these risks, encompassing encryption, access control, intrusion detection systems, and secure coding practices. The aim is to provide a comprehensive understanding of the challenges and opportunities presented by cloud security.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student
Name of the University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1IT RISK MANAGEMENT
Table of Contents
Introduction..........................................................................................................................2
1. Overview of the case study and illustration of the big data security Infrastructure........2
1.1 Overview....................................................................................................................2
1.2. Infrastructure Diagram..............................................................................................3
2. Top and most significant threats......................................................................................5
2.1. Most significant threat identified..............................................................................7
3. Threat Agents, Their Impact and threat probability........................................................7
4. ETL process Improvement..............................................................................................9
5. Current State of IT security in ENISA..........................................................................10
Conclusion.........................................................................................................................11
References..........................................................................................................................12

2IT RISK MANAGEMENT
Introductions
The case study discusses the threats and the security issues associated with the process of
data mining and use of big data. Big data refers to the storage of large amount of Data that can be
mined for significant benefits in organizations and business (Wu et al., 2014). These data can be
a very useful for business related decision making and therefore holds utmost importance. Thus,
there are certain risks associated with the mining of big data. The case study discusses the
different threats associated with ENISA and the various processes that can be implemented in
elimination of the threats. The different threats agents and the threat mitigation processes are
discussed in the following paragraphs (Inukollu, Arsi & Ravuri, 2014)-
1. Overview of the case study and illustration of the big data security Infrastructure
1.1 Overview
The case study focuses on the big data landscape and the ENISA big data threat. The
content of the case study puts a light to the different use of big data and the associated risk with
the process of data mining (Wright & De Hert, 2012). The key threat agents associated with the
data breaches due the use of big data is clearly depicted in the case study. It further elaborates the
impact of the big data, which is huge in thriving of the data driven economy. The use of big data
is wide in fields such as military applications, fighting terrorism and research work (Gonzalez et
al., 2012). Therefore, protecting the process of data mining and ensuring a secure data mining is
essential. The case study discusses the process of ETL ( ENISA threat landscape) and suggests
different risk management and mitigation processes for mitigating the risks associated with the
big data landscape ( ENISA 2017). The case study aims at giving providing a clear picture of the
risks and threats associated with the big data landscape. The risk is widespread due to the

3IT RISK MANAGEMENT
involvement of cloud storage in order to store the big data. The threat infrastructure diagram of
ENISA is illustrated below-
1.2. Infrastructure Diagram

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4IT RISK MANAGEMENT

5IT RISK MANAGEMENT
Figure 1: Representing the ENISA big data security Infrastructure
(Source: created by author using MS Visio)
2. Top and most significant threats
The storage and the access of huge amount of data is subjected to different types of risks.
The top threats associated with ENISA are elaborated below ( ENISA, 2017)-
1) Malicious code/ software activity: One of the top threats associated with the big data is
the use of malicious code and software in order to extract information unethically. These are doe
by infusing different threat agents into the system, which includes, viruses, Trojan horses,
trapdoors, backdoors, ransomware and so on. These threats are infused with the system with the
help of certain malicious codes and software. The attacker installs these programs into the
system and gains access to the entire system by running these codes (Theoharidou, Tsalis &
Gritzalis, 2013). The risk from these malicious activity is high since the malware can easily
spread to different systems.
The assets that are mainly targeted by this threat include database and computing
infrastructure model.
2) Data leak due to unsecure API: Big data is based on cloud storage as it helps in easy
access of the data. however, cloud storage is a very unsecure platform and the use of unsecure
API further leads to significant data breaches and data loss. Different types of injection attacks
can be launched making use of unsecure API and therefore this can be considered as a significant
threat agent.

6IT RISK MANAGEMENT
The assets that are targeted by this threat includes software and computing models of the
information system.
3) Denial of service attack: Denial of service attack freezes the system thus making the
resources unavailable for the legitimate users. A severe denial of service attack may lead to the
permanent unavailability of the resources. These attacks can however be controlled by implying
effective measures (Tan et al., 2014).
The assets that are mainly targeted by this attack includes networks and servers of the
system.
4) Rogue Certificate usage: This is other threat agent associated with the illegal usage of
data and data breach. Rogue or false certificate can be used unethically to gain access to the
systems the attackers are unauthorized to access (Pearson, 2013). This may result in severe data
loss, data leakage and data modification and misuse of data
The assets that are mainly targeted by this threat include hardware , software and its
associated data.
5) Improper designing of the security systems: This is another major reason of the data
security issues associated with the big data. Improper designing of security system or using an
out of date security may lead to severe data loss. An inadequate system may further lead to
improper data update thus giving rise to data redundancy (Theoharidou et al., 2013).
The assets that are targeted by this threat include data and applications.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7IT RISK MANAGEMENT
6) Identity fraud: Accessing the data by unauthorized person, by impersonating someone
one else can be termed as identity theft. This is a significant threat as it might result in loss of
confidential data and information (Roberts, Indermaur & Spiranovic, 2013).
The assets that are mainly targeted by the threat identity fraud includes personal
identifiable information , back end services and the servers associated with the system.
2.1. Most significant threat identified
Out of the top threats identified in the previous section of the report, the top threat is
definitely the threat associated with the usage or infusion of malicious codes and programs into
the system. This is because, with the help of this threat, the attacker may easily gain access to the
system and manipulate the data stored in them (Chen & Zhao, 2012). This risk associated with
this type of threat is very high and therefore, this threat agent is the most significant threat agent
in the big data landscape (Pavlyushchik, 2014).
3. Threat Agents, Their Impact and threat probability
The top threat agents associated with the big data landscape, identified from the case
study are elaborated below-
1) Corporation: The corporation or the organization that uses big data for its business
benefits is a major threat agent associated with the security concerns related to the big data. This
is because it is easier for them to manipulate and misuse these data fro their business benefits and
gain competitive advantage in the market.
2)Cyber criminals: This is one of the most significant threat agents associated with the
data breach and data loss. The main objective of cyber criminals is financial benefit by making

8IT RISK MANAGEMENT
the use of the mined data and therefore the impact of the attack by these threat agents is very
high.
3) Cyber Terrorist: Cyber terrorists are more dangerous than cyber criminals as the
methods used in the launching the attacks are more sophisticated in case of cyber terrorists.
These threat agents mainly target large organizations, as impact over these organization effects a
large part of the society as well (Taylor, Fritsch & Liederbach, 2014).
4) Employees: One of the major threat agents is employees of the organization. They can
be termed as threat insiders as well. Employee posses a sound knowledge of the data and security
system of a particular organization and therefore manipulation of data by the threat insider is
easier and sometimes unrecognizable.
5) Nation States: Nation States is one of the most significant threat agent associated with
the security issues of big data landscape. Nation states are the most sophisticated cyber criminals
and have high-level skill and expertise.
6) Script Kiddies: This threat agents uses ready-made code and programs in order to
launch an attack. Therefore, this type of attack and the threat agent is less dangerous and can be
eliminated by implementing proper security measures.
Minimizing the Impact of the Threat
In order to minimize the threats associated with the big data, the recommended measures
that can be taken are elaborated below-

9IT RISK MANAGEMENT
1) Using an effective security system coupled with the cryptographic methods of
encryption limits the use and access of the data thus preventing the data loss and data breaches
(Stallings & Tahiliani, 2014).
2) Access control can be implied to limit the access of data only to authorized person.
These may reduce the data breach considerably (Brucker et al., 2012). Access control only
enables a registered person to access and data.
3) Training the staffs and employees in order to build awareness among them can be an
effective method of preventing any sorts of threats by threat insider.
Probability Trend of the Threats
The probability of the threat is high as the attacker is coming up with different methods
of implementing an attack. In order to prevent these attacks, proper security measures are needed
to be taken. The associated threats are increasing in number and therefore, it becomes essential to
eliminate it as soon as possible.
4. ETL process Improvement
ETL or the ENISA Threat landscape investigates and reports about the threats associated
with different organizations. The document or report by ETL mainly deals with the threats
associated with the information and communication technology assets (ENISA, 2017). The
major loophole in the process of ETL is that, I only focuses on the technology issue and not the
issues cause by the threat agents. The process of ETL can be improved by including a detailed
and a structured report of the all types of threats associated with the big data and their possible
effects. ENISA threat landscape or ETL provides a structure and the overview of the threats

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10IT RISK MANAGEMENT
associated with the merging trends. It is mainly based on the publicly available data and reports
the identified threats, and threat agents with the threats prioritized according to the frequency of
appearance. Now this process can be improved by prioritizing the threat according to the impact
caused and not by the frequency of appearance as minor threats such as denial of service attack
can appear a several number of times but can cause less damage than some other threats whose
frequency of appearance is less (Cherdantseva et al,. 2016).
Figure 2: Representing the Structure of ETL
(Source: (ENISA, 2017))
5. Current State of IT security in ENISA

11IT RISK MANAGEMENT
ENISA is not satisfied with the current security state of the organization as the
organization is still exposed to the several cyber threats. The security essentials are needed to be
updated in order to ensure the security of the big data. The threat agents and the attackers are
growing stronger day by day and therefore updating the security systems becomes essential (Von
Solms & Van Niekerk, 2013). A stronger security system and proper supervision of the system is
essential. The report identifies and discusses the risk associated with the information system of
ENSA, which proves that there are certain loopholes associated with the structure of the security
essentials in the organization. This is a major reason of ENISA being unsatisfied with the current
security state. Different security measures can be undertaken by ENISA in order to remove the
risks associated with the security system, which includes, using a proper intrusion detection
system in order to prevent the data loss and data manipulation. Furthermore, the process of ETL
can be improved by prioritizing the risks according to their impact in order to detect and
eliminate several threats associated with the system (Albakri et al., 2014).
Conclusion
Therefore, from the above discussion, it can be concluded that ENISA is exposed to
number of threats and the report discusses the different threat agents responsible for data
breaches, data loss and data manipulation. The report suggests the different procedures by which
the risk associated with the process of mining the big data can be eliminated. The ENISA Threat
landscape deals with identifying and reporting different threats associated with various
organizations. Use of big data is very significant in today’s world and therefore, ensuring various
security measures for the same is essential as well. The report concludes with the current state of
IT security in ENISA and recommends few ways to address the issues.

12IT RISK MANAGEMENT
References
Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk
assessment framework for cloud computing environments. Security and Communication
Networks, 7(11), 2114-2124.
Big Data Threat Landscape — ENISA. (2017). Enisa.europa.eu. Retrieved 6 September 2017,
from https://www.enisa.europa.eu/publications/bigdata-threat-landscape
Brucker, A. D., Hang, I., Lückemeyer, G., & Ruparel, R. (2012, June). SecureBPMN: Modeling
and enforcing access control requirements in business processes. In Proceedings of the
17th ACM symposium on Access Control Models and Technologies (pp. 123-126).
ACM.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud
computing. In Computer Science and Electronics Engineering (ICCSEE), 2012
International Conference on (Vol. 1, pp. 647-651). IEEE.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016).
A review of cyber security risk assessment methods for SCADA systems. computers &
security, 56, 1-27.
Gonzalez, N., Miers, C., Redigolo, F., Simplicio, M., Carvalho, T., Näslund, M., & Pourzandi,
M. (2012). A quantitative analysis of current security concerns and solutions for cloud
computing. Journal of Cloud Computing: Advances, Systems and Applications, 1(1), 11.
Inukollu, V. N., Arsi, S., & Ravuri, S. R. (2014). Security issues associated with big data in
cloud computing. International Journal of Network Security & Its Applications, 6(3), 45.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13IT RISK MANAGEMENT
Pavlyushchik, M. A. (2014). U.S. Patent No. 8,713,631. Washington, DC: U.S. Patent and
Trademark Office.
Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security for
Cloud Computing (pp. 3-42). Springer London.
Roberts, L. D., Indermaur, D., & Spiranovic, C. (2013). Fear of cyber-identity theft and related
fraudulent activity. Psychiatry, Psychology and Law, 20(3), 315-328.
Seshardi, V., Ramzan, Z., Satish, S., & Kalle, C. (2012). U.S. Patent No. 8,266,698. Washington,
DC: U.S. Patent and Trademark Office.
Stallings, W., & Tahiliani, M. P. (2014). Cryptography and network security: principles and
practice (Vol. 6). London: Pearson.
Tan, Z., Jamdagni, A., He, X., Nanda, P., & Liu, R. P. (2014). A system for denial-of-service
attack detection based on multivariate correlation analysis. IEEE transactions on parallel
and distributed systems, 25(2), 447-456.
Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism.
Prentice Hall Press.
Theoharidou, M., Tsalis, N., & Gritzalis, D. (2013, June). In cloud we trust: Risk-Assessment-as-
a-Service. In IFIP International Conference on Trust Management (pp. 100-110).
Springer, Berlin, Heidelberg.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security.
computers & security, 38, 97-102.

14IT RISK MANAGEMENT
Wright, D., & De Hert, P. (2012). Introduction to privacy impact assessment. In Privacy Impact
Assessment (pp. 3-32). Springer Netherlands.
Wu, X., Zhu, X., Wu, G. Q., & Ding, W. (2014). Data mining with big data. IEEE transactions
on knowledge and data engineering, 26(1), 97-107.

1 out of 15

+13062052269

info@desklib.com

Cyber Security Risks and Solutions in Cloud Computing

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Cyber Security Risks in Cloud Computing

Cybersecurity Risks and Cloud Computing

Improving ENISA Big Data Security Threat Detection and Prevention

Top Threats in ENISA: Cybersecurity Risks and Mitigation Strategies

Optimizing Database Storage: A Study on Big Data Integration

Enhancing ENISA Big Data Infrastructure Security Features