Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

IT Risk Management: Cloud Security

Verified

Added on 2023/06/04

AI Summary

This report provides a risk assessment on the case of Gigantic Corporation executing a project on cloud security, specifically the DDoS detection and prevention system. It discusses various threats and vulnerabilities for cloud security, including unauthenticated utilization of data, compromise in the internet accessible management APIs, reduction in the visibility and control of data, stealing of credentials, insiders' threats, and deletion of data. The report also provides recommendations for mitigation and protection mechanisms required for information security in this project.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IT RISK MANAGEMENT
IT Risk Management: Cloud Security
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
IT RISK MANAGEMENT
Table of Contents
Executive Summary...................................................................................................................2
Cloud Security........................................................................................................................2
DDoS Detection and Prevention System...............................................................................3
Attacks in Cloud Computing..................................................................................................3
Introduction................................................................................................................................4
Risk Assessment.........................................................................................................................4
Various Threats and Vulnerabilities for the Cloud Security in Gigantic Corporation...........4
Risk Assessment on the Identified Risks for the Cloud Security...........................................6
Consequences of the Identified Risks derived from IT Control Framework.........................6
Recommendations for this Project.........................................................................................7
Mitigation of Risks and Major Impact on the System...........................................................8
Literature Review.......................................................................................................................9
Protection Mechanisms Required for Information Security in this Project...........................9
Conclusion................................................................................................................................12
References................................................................................................................................14

2
IT RISK MANAGEMENT
Executive Summary
The main objective of the report is to do a risk assessment on the case of an enterprise,
known as Gigantic Corporation. The enterprise is executing a significant project on the cloud
security, called the DDoS detection and prevention system. The management of this
company has eventually recruited their risk assessment lead consultant for information
technology and information systems. The most significant responsibility of this particular risk
consultant is that he will have to provide the basic interface within the business related
stakeholders like owners and customers and even the respective technologists and even for
the major task to translate the various potential technology oriented difficulties or issues to
the risk language for this major reason of facilitation of the efficient as well as effective
process of decision making by each and every stakeholder.
Cloud Security
Cloud security refers to the significant collection of controls, technologies and policies that
are to be deployed for the proper protection of data, related infrastructure and the applications
of the specific technology of cloud computing. This cloud security is the sub domain of
network security, information security and data security. Several important and significant
issues related to security are eventually present that are closely linked to the storage providers
and cloud computing. This technology of cloud computing is considered as the fastest and the
most effective service that is helpful for the purpose of providing few of the significant
functionalities that are same as this traditional security of information technology. The
various important and noteworthy functionalities of cloud computing subsequently involve
the proper protection of any critical and sensitive information from all types of data theft,
data leakage as well as data deletion. Safety and security are the two important benefits of
this cloud security.

3
IT RISK MANAGEMENT
DDoS Detection and Prevention System
The organization has hired their risk assessment leading consultant regarding the information
technology to properly identify as well as prevent the most significant risks related to
information technology in the subsequent project of making the system of detection and
prevention of distributed denial of service attacks. The specific system is the basic collection
of techniques as well as tools, which are helpful for resisting and preventing the total impact
of the several attacks on the cloud and cloud services, which are attached with the
connectivity of Internet either by protecting their target or by simply securing the networks.
The respective normal conditions could be recognized for each and every type of network
traffic after perfectly defining the several patterns of the network traffic. The specified system
of this distributed denial of service detection or prevention also requires the major
identification or recognition of the incoming and outgoing network traffic to separate this
traffic from bots and also from the hacked web browsers. There is a major process that is to
be completed either by the signature comparison and the examination of the network traffic
attributes such as IP addresses, cookie variations, HTTP headers and even Javascript
footprints.
Attacks in Cloud Computing
The DDoS attack is the most vulnerable attack in cloud computing and for the cloud security.
The particular company of Gigantic Corporation selected the project of distributed denial of
service attack detection as well as prevention system within the core area of this cloud
security. Some other important and popular types of risks and threats within cloud computing
are the blocking of the respective IP addresses of any authenticated user and the lack of
proper synchronization of the SYN packets that are sent to their targeted system. The report
has assessed the risks and various mitigation and the various protection mechanisms are also
provided here.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
IT RISK MANAGEMENT
Introduction
The cloud security could be defined as the significant security as well as protection of
any specific type of sensitive or confidential information, which is being stored online (Rong,
Nguyen & Jaatun, 2013). Some of the most significant and important risks and threats are
present for this specific type of cloud security, which majorly includes the loss of data,
intercepting the network traffics, insecure application program interfaces or APIs, sensitive
data or information breaching, lack of options for the several providers of the cloud storages,
shared technology and many more. The company of Gigantic Corporation has subsequently
taken the core decision of execution a distinct project of the distributed denial of service
detection and prevention system within the cloud security (Almorsy, Grundy & Müller,
2016). This report will be describing a detailed discussion about this particular organization
as well as the project they have decided to execute. A proper assessment of risks is being
completed for each and every identified risk as well as the respective consequences of these
risks as per a respective control framework of information technology. Moreover, some
protection mechanisms will be provided here.
Risk Assessment
Various Threats and Vulnerabilities for the Cloud Security in Gigantic Corporation
The respective cloud computing technology is one of the most important and a
noteworthy technology that is responsible for safe and secured data transfer. However, in
spite of having of such important advantages and benefits, few of the threats, vulnerabilities
and threats are subsequently present for this particular technology that are quite dangerous
and risky for the company of Gigantic Corporation (Aljawarneh, 2013). Amongst them, the
major risks are provided below:

5
IT RISK MANAGEMENT
i) Unauthenticated Utilization of Data: The most significant threat for the cloud
security within the company of Gigantic Corporation is the unauthorized and unauthenticated
utilization of sensitive information and data (Krasnyanskaya & Tylets, 2015). The newer
services can be promptly provisioned and thus all the aspects of the on demand self servicing
that would be help the staffs of this organization for the purpose of enabling the various
services without even taking consent of IT experts.
ii) Compromise in the Internet Accessible Management APIs: Another important
and significant risk for the cloud security for the company of Gigantic Corporation is the
respective compromise within the accessible or manageable APIs. A collection of the
application programming interface can easily manage or interact with various cloud services
and hence few issues are being faced here (Chou, 2013).
iii) Reduction in the Visibility and Control of Data: This is the next popular and
noteworthy risk within cloud security in the company of Gigantic Corporation. The hacker
often reduces the major visibility as well as control of the confidential or sensitive data. This
type of issue could even bring out the casualties in the data.
iv) Stealing of the Credentials: The various credentials are often stolen by this threat
in cloud security and hence this particular risk is to be mitigated eventually within the
company of Gigantic Corporation (Zhao, Li & Liu, 2014).
v) Insiders Threats: The staffs or the employees of the company of Gigantic
Corporation could also bring out major vulnerabilities either intentionally or unintentionally.
vi) Deletion of Data: When the sensitive data is being deleted within the company of
Gigantic Corporation, the sensitive data is lost subsequently (Mishra et al., 2013). This

6
IT RISK MANAGEMENT
particular risk can also cause some of the basic infrastructure issues for the organization and
hence an important significance is required here.
Risk Assessment on the Identified Risks for the Cloud Security
The risk assessment of all the identified risks for this cloud security is provided below
(Salah et al., 2013):
Serial Number Identified Risks Level of Risk
1. Unauthenticated Utilization of Data High
2. Compromise in the Internet Accessible
Management APIs
Low
3. Reduction in the Visibility and Control
of Data
Moderate
4. Stealing of Credentials High
5. Insiders’ Threat Low
6. Deletion of Data Moderate
Consequences of the Identified Risks derived from IT Control Framework
This IT control framework has the ability of organizing and categorizing the
organizational internal controls within the organization to create business values and
reduction of risks (Sachdev & Bhansali, 2013). Several policies and procedures are present
here. The consequences of identified risks, which are derived according to the IT control
framework, are provided below:
Serial Number Identified Risks Consequences of Risks
1. Unauthenticated Utilization of Data Major
2. Compromise in the Internet Accessible Major

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
IT RISK MANAGEMENT
Management APIs
3. Reduction in the Visibility and Control
of Data
Moderate
4. Stealing of Credentials Major
5. Insiders’ Threat Minor
6. Deletion of Data Moderate
Recommendations for this Project
The project of distributed denial of service detection and prevention system is
considered as one of the major and a basic project that would be much effective and efficient
for the organization of Gigantic Corporation (Tari, 2014). However, with the help of some
recommendations, the cloud security would be eventually benefitted and secured. The two
suitable recommendations for the cloud security in this company are provided below:
i) Utilizing Virtual Private Networks: The most important recommendation for
Gigantic Corporation is to use the VPN or virtual private network within their information
systems (Tirthani & Ganesan, 2014). It is the private network, which eventually enables all
the users to send as well as receive the confidential data within the public and shared
networks.
ii) Utilizing Parallel Networking: Another significant suggestion for the cloud
security in this company is using parallel networking (Kalaiprasath, Elankavi & Udayakumar,
2017). This particular network has ability of easily detecting the significant problem of the
attacks of distributed denial of service and hence the issues could be eventually mitigated
without many complexities.

8
IT RISK MANAGEMENT
Mitigation of Risks and Major Impact on the System
Two significant techniques for mitigation for all the identified risks and threats within
the cloud devices are provided below:
i) Deployment of the Antivirus Software and Undertaking Regular Updates: This is
the first and the most important technique for mitigating the identified risks or threats within
the cloud devices (Aljawarneh, Alawneh & Jaradat, 2017). Antivirus software is responsible
for detecting and removing all the risks or malware that are vulnerable for any specific
information system. A proper up gradation is required in this case for getting updates of all
the new and innovative risks. This particular software has the core capability of detecting as
well as preventing the attacks of distributed denial of service or any other attack like
computer viruses and malwares. It is the basic computer program, which can easily prevent,
detect and removal of malware and other vulnerabilities. A basic protection is required from
each and every threat such as DDoS attack, Trojan horse and many more (Sarwar & Khan,
2013). The web browser is also protected with this particular type of software.
Figure 1: Deployment of Antivirus Software
(Source: Khalil et al., 2013)

9
IT RISK MANAGEMENT
ii) Deployment of Firewall: The next significant technique to properly mitigate the
several threats in the cloud computing will be major deployment of the firewalls (Popa et al.,
2013). Since, this firewall is responsible for the proper detection as well as prevention of
several threats and risks; it could be easily utilized by the organization of Gigantic
Corporation. The incoming or the outgoing network traffics are easily monitored and
controlled after taking into consideration all the security regulations of IT control framework.
This deployment of firewalls will also be helpful in the establishment of the barrier within the
untrusted external network and the trusted internal network (Khan & Tuteja, 2015). Firewalls
should be implemented by this particular organization to reduce the various identified risks
and threats with perfection.
Figure 2: Deployment of Firewalls
(Source: Donald, Oli & Arockiam, 2013)
Literature Review
Protection Mechanisms Required for Information Security in this Project
As per Jouini and Rabai (2016), the protection of the various systems and devices
from each and every type of risks like data leakage, data theft and data deletion is possible by

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
IT RISK MANAGEMENT
the incorporation of the several important and vital protection mechanisms. There are various
methodologies or techniques present that help to provide security and privacy within the
cloud like the tokenization, obfuscation, proper implementation of virtual private networks or
VPNs, significant implementation of firewalls as well as antivirus software, penetration
testing, basic avoidance of the use of the public connection of the Internet and many more.
According to Gordon et al. (2015), this cloud security can be termed as one of the vital or
important securities for every user, who is subsequently worried about the safety of their data
that are stored in those cloud services. It has been seen that this type of data is completely
safe and secured over the localized servicers and hence comprise of the explicit and major
control over the confidential data and information. However, this data that is being stored in
the cloud may be much more secured or safe as the providers of cloud service comprise of the
better security measure. There are some other threats also present for these cloud devices
such as social engineering attacks or the malware (Tari, 2014). DDoS detection and
prevention system project of Gigantic Corporation is responsible for mitigating all the
identified risks within the cloud services. The major protection mechanisms for the proper
reduction of each and every such issue in the cloud services and also to maintain the security
of the information are provided below:
i) Deployment of the Virtual Private Networks: Salah et al. (2013) state that, the most
significant and important protection mechanism or methodology for the cloud security would
be significant implementation or deployment of several VPNs or virtual private network. This
specific virtual private network can be stated as the significant extension of the private
networks in a public network to enable their users for either sending or for receiving the
sensitive information in the shared or the public networks as the various computing devices
could be directly connected to the respective private networks. Hence, virtual private network

11
IT RISK MANAGEMENT
is responsible for enabling the several users to securely access the applications and network
resources.
Figure 3: Working Procedure of Virtual Private Networks
(Source: Tirthani & Ganesan, 2014)
ii) Utilization of Encryption Techniques: The most simplified process that helps to
encode or hide the specified information or message in such a way that only authenticated or
authorized users can access that data or information (Chou, 2013). This type of encryption
technique is responsible for preventing the proper interference as well as denying the
respective contents for these interceptors. Two distinct algorithms are present for the
processes of encryption as well as decryption.

12
IT RISK MANAGEMENT
Figure 4: Symmetric Encryption Technique
(Source: Aljawarneh, 2013)
There is a major impact of the two above mentioned mitigation mechanisms over the
cloud devices with the implementation of DDoS detection as well as prevention system and
this impact is quite higher. Thus, proper mitigation techniques are important to avoid the
various risks and threats.
Conclusion
Therefore, from this above provided report, conclusion could be drawn that the attack
of DDoS or distributed denial of service is considered as one of the major threat that is quite
vulnerable or threatening for cloud services and hence there is always a major requirement of
eradicating these types of risks and threats with utmost urgency for all organizations. The
distributed denial of service attack is responsible for easily shutting down the entire service
by substantially overwhelming that particular service by undertaking the major help of data
with the core help of the information so that these authenticated users cannot easily access the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13
IT RISK MANAGEMENT
various accounts such as the bank accounts and electronic mails. The complete storage
system of the confidential data eventually becomes quite vulnerable and apart from the
sensitive data, their respective onsite data may even become dangerous for these users. This
report has properly demonstrated the various risks for Gigantic Corporation and a risk
assessment is being done for the cloud security. Finally, the various consequences for all the
identified risks are provided here with their mitigation mechanisms.

14
IT RISK MANAGEMENT
References
Aljawarneh, S. (2013). Cloud security engineering: Avoiding security threats the right way.
In Cloud Computing Advancements in Design, Implementation, and Technologies(pp.
147-153). IGI Global.
Aljawarneh, S. A., Alawneh, A., & Jaradat, R. (2017). Cloud security engineering: Early
stages of SDLC. Future Generation Computer Systems, 74, 385-392.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal
of Computer Science & Information Technology, 5(3), 79.
Donald, A. C., Oli, S. A., & Arockiam, L. (2013). Mobile cloud security issues and
challenges: A perspective. International Journal of Electronics and Information
Technology (IJEIT), ISSN, 2277-3754.
Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2015). Externalities and the
magnitude of cyber security underinvestment by private sector firms: a modification
of the Gordon-Loeb model. Journal of Information Security, 6(1), 24.
Jouini, M., & Rabai, L. B. A. (2016). A security framework for secure cloud computing
environments. International Journal of Cloud Applications and Computing
(IJCAC), 6(3), 32-44.
Kalaiprasath, R., Elankavi, R., & Udayakumar, D. R. (2017). Cloud. Security and
Compliance-A Semantic Approach in End to End Security. International Journal Of
Mechanical Engineering And Technology (Ijmet), 8(5).

15
IT RISK MANAGEMENT
Khalil, I. M., Khreishah, A., Bouktif, S., & Ahmad, A. (2013, April). Security concerns in
cloud computing. In 2013 Tenth International conference on information technology:
new generations (ITNG) (pp. 411-416). IEEE.
Khan, S. S., & Tuteja, R. R. (2015). Security in cloud computing using cryptographic
algorithms. International Journal of Innovative Research in Computer and
Communication Engineering, 3(1), 148-155.
Krasnyanskaya, T. M., & Tylets, V. G. (2015). Designing the cloud technologies of
psychological security of the person. Вопросы философии и психологии, (3), 192-
199.
Mishra, A., Mathur, R., Jain, S., & Rathore, J. S. (2013). Cloud computing
security. International Journal on Recent and Innovation Trends in Computing and
Communication, 1(1), 36-39.
Popa, D., Cremene, M., Borda, M., & Boudaoud, K. (2013, January). A security framework
for mobile cloud applications. In Roedunet International Conference (RoEduNet),
2013 11th(pp. 1-4). IEEE.
Rong, C., Nguyen, S. T., & Jaatun, M. G. (2013). Beyond lightning: A survey on security
challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.
Sachdev, A., & Bhansali, M. (2013). Enhancing cloud computing security using AES
algorithm. International Journal of Computer Applications, 67(9).
Salah, K., Calero, J. M. A., Zeadally, S., Al-Mulla, S., & Alzaabi, M. (2013). Using cloud
computing to implement a security overlay network. IEEE security & privacy, 11(1),
44-53.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

16
IT RISK MANAGEMENT
Sarwar, A., & Khan, M. N. (2013). A review of trust aspects in cloud computing
security. International Journal of Cloud Computing and Services Science, 2(2), 116.
Tari, Z. (2014). Security and Privacy in Cloud Computing. IEEE Cloud Computing, 1(1), 54-
57.
Tirthani, N., & Ganesan, R. (2014). Data Security in Cloud Architecture Based on Diffie
Hellman and Elliptical Curve Cryptography. IACR Cryptology ePrint Archive, 2014,
49.
Zhao, F., Li, C., & Liu, C. F. (2014, February). A cloud computing security solution based on
fully homomorphic encryption. In Advanced Communication Technology (ICACT),
2014 16th International Conference on (pp. 485-488). IEEE.

1 out of 17

+13062052269

info@desklib.com

IT Risk Management: Cloud Security

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

IT Risk Management: Cloud Security

IT Risk Management: Cyber Security

Cybersecurity Threats and Mitigation Strategies

Risk Assessment based on Cloud Security

Risk Assessment based on Cloud Security

IT Risk Management: Threats, Vulnerabilities and Prevention Methods