Risk Assessment based on Cloud Security
VerifiedAdded on  2023/06/03
|13
|4730
|351
AI Summary
The report provides valuable insights for the implementation of the IDS technology and its impact on the security of the organization. The subject of the report is risk assessment based on cloud security, and the course code, course name, and college/university are not mentioned.
Contribute Materials
Your contribution can guide someoneâs learning journey. Share your
documents today.
Running head: RISK ASSESSMENT BASED ON CLOUD SECURITY
Risk Assessment based on Cloud Security
Name of the Student
Name of the University
Authorâs note
Risk Assessment based on Cloud Security
Name of the Student
Name of the University
Authorâs note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1RISK ASSESSMENT BASED ON CLOUD SECURITY
Table of Contents
1. Executive Summary.....................................................................................................................2
1.1 Statement of Intrusion Detection System within Gigantic Corporation................................2
1.1.1 Company Outline............................................................................................................2
1.1.2 Outline of Roles and Responsibilities of the Lead Consultant of IT Risk Assessment..2
1.1.3 Outline of New Technology...........................................................................................3
1.2 Overview of Technical Recommendations............................................................................4
1.2.1 Security Architecture of IDS Technology......................................................................4
1.2.2 Strategic, Tactical and Contingency Planning................................................................4
1.2.3 Financial Aspects of the Project.....................................................................................5
2. Risk Assessment based on Threats, Vulnerabilities and Consequences......................................6
2.1 Existing IT Control Framework.............................................................................................6
2.1.1 Policy and Procedures.....................................................................................................6
2.1.2 Best Recommended Practices.........................................................................................6
2.1.3 Current Evidences...........................................................................................................6
2.2 Identification and Discussion about the Major Threat Agents..............................................7
2.2.1 List of Agents of Threats................................................................................................7
2.2.2 Issues...............................................................................................................................7
2.2.3 Consequences.................................................................................................................8
2.3 Mitigation of Risks and Impacts on System..........................................................................9
2.3.1 Impact.............................................................................................................................9
2.3.2 Mitigation.......................................................................................................................9
3. Literature Review........................................................................................................................9
3.1 Protection Mechanisms for Employing Security...................................................................9
3.1.1 Safe Guards.....................................................................................................................9
3.1.2 Security Mechanisms......................................................................................................9
3.1.3 Key Principle of Information Security.........................................................................10
4. Conclusion.................................................................................................................................10
5. References..................................................................................................................................11
Table of Contents
1. Executive Summary.....................................................................................................................2
1.1 Statement of Intrusion Detection System within Gigantic Corporation................................2
1.1.1 Company Outline............................................................................................................2
1.1.2 Outline of Roles and Responsibilities of the Lead Consultant of IT Risk Assessment..2
1.1.3 Outline of New Technology...........................................................................................3
1.2 Overview of Technical Recommendations............................................................................4
1.2.1 Security Architecture of IDS Technology......................................................................4
1.2.2 Strategic, Tactical and Contingency Planning................................................................4
1.2.3 Financial Aspects of the Project.....................................................................................5
2. Risk Assessment based on Threats, Vulnerabilities and Consequences......................................6
2.1 Existing IT Control Framework.............................................................................................6
2.1.1 Policy and Procedures.....................................................................................................6
2.1.2 Best Recommended Practices.........................................................................................6
2.1.3 Current Evidences...........................................................................................................6
2.2 Identification and Discussion about the Major Threat Agents..............................................7
2.2.1 List of Agents of Threats................................................................................................7
2.2.2 Issues...............................................................................................................................7
2.2.3 Consequences.................................................................................................................8
2.3 Mitigation of Risks and Impacts on System..........................................................................9
2.3.1 Impact.............................................................................................................................9
2.3.2 Mitigation.......................................................................................................................9
3. Literature Review........................................................................................................................9
3.1 Protection Mechanisms for Employing Security...................................................................9
3.1.1 Safe Guards.....................................................................................................................9
3.1.2 Security Mechanisms......................................................................................................9
3.1.3 Key Principle of Information Security.........................................................................10
4. Conclusion.................................................................................................................................10
5. References..................................................................................................................................11
2RISK ASSESSMENT BASED ON CLOUD SECURITY
1. Executive Summary
The report is based in the severe forms of impact that have been felt with the impact of
the security platforms within the cloud computing environment. This report assesses all the
necessary areas based on the different forms of risks, which might affect the Gigantic
Corporation. The IT organization is facing some tremendous challenges with the implementation
of cloud security platforms and tools. They are trying to implement to a project based on the
cloud security platforms. The project is based on Intrusion Detection System (IDS), which is
purely designed for fitting into the needs of the organizational sector (Snapp et al., 2017). The
major need for the design of this project is purely based on building an interface and bridging the
gap between stakeholders and technologists within the project. The IDS technology would
majorly help in translating the major difficulties into successful endeavors. It would also help the
major stakeholders within the project to take various kinds of smart decisions (Ashfaq et al.,
2017). This report would help in assessing the IDS technology and provide valuable insights for
the implementation of the project within Gigantic Corporation. The thorough assessment of the
project would also help in understanding the business needs of implementing the project.
1.1 Statement of Intrusion Detection System within Gigantic Corporation
1.1.1 Company Outline
Gigantic Corporation is an IT organization that is primarily based in Australia. The
organization provides various kinds of IT solutions and services. They offer end-to-end services
to their customers a business clients who are based in several other countries. The organizations
helps in providing hardware and software based solutions to other companies. Gigantic
Corporation also holds the responsibility for establishing strong business relations, maintain high
form of services and thus monitor control over the various applications that are being developed
within the information technological systems.
The company helps in driving the business needs of the organisation. As Gigantic
Corporation holds a huge reputation in providing various kinds of solution to their clients
therefore they help in maintaining these services. They are also responsible for solving any kind
of unwanted situations that might occur within the systems. They also support their business
clients with all kinds of needs, which might be needed at any point of time. The company also
has a tilt towards the use of cloud computing platforms within the module of their business. This
is meant for bring efficiency within the processes of work in the sector.
1.1.2 Outline of Roles and Responsibilities of the Lead Consultant of IT Risk Assessment
The primary role of the Lead Consultant is to understand the current situations of work
within the sector of Gigantic Corporation. The consultant has to look into the details of the
organisation, understand them and thus be able to plan some form of strategies that would be
helpful for mitigating the concerns that might raise within the systems. They should conduct an
assessment over the security prospects of the systems and thus be able to develop solutions by
gaining vast insights (Peltier, 2016). Based on the current scenarios, it has been understood that
Gigantic Corporation is facing some major form of issues in relation with the aspects of security.
Therefore the organisation is focusing on the needs of development of a cloud based platform.
1. Executive Summary
The report is based in the severe forms of impact that have been felt with the impact of
the security platforms within the cloud computing environment. This report assesses all the
necessary areas based on the different forms of risks, which might affect the Gigantic
Corporation. The IT organization is facing some tremendous challenges with the implementation
of cloud security platforms and tools. They are trying to implement to a project based on the
cloud security platforms. The project is based on Intrusion Detection System (IDS), which is
purely designed for fitting into the needs of the organizational sector (Snapp et al., 2017). The
major need for the design of this project is purely based on building an interface and bridging the
gap between stakeholders and technologists within the project. The IDS technology would
majorly help in translating the major difficulties into successful endeavors. It would also help the
major stakeholders within the project to take various kinds of smart decisions (Ashfaq et al.,
2017). This report would help in assessing the IDS technology and provide valuable insights for
the implementation of the project within Gigantic Corporation. The thorough assessment of the
project would also help in understanding the business needs of implementing the project.
1.1 Statement of Intrusion Detection System within Gigantic Corporation
1.1.1 Company Outline
Gigantic Corporation is an IT organization that is primarily based in Australia. The
organization provides various kinds of IT solutions and services. They offer end-to-end services
to their customers a business clients who are based in several other countries. The organizations
helps in providing hardware and software based solutions to other companies. Gigantic
Corporation also holds the responsibility for establishing strong business relations, maintain high
form of services and thus monitor control over the various applications that are being developed
within the information technological systems.
The company helps in driving the business needs of the organisation. As Gigantic
Corporation holds a huge reputation in providing various kinds of solution to their clients
therefore they help in maintaining these services. They are also responsible for solving any kind
of unwanted situations that might occur within the systems. They also support their business
clients with all kinds of needs, which might be needed at any point of time. The company also
has a tilt towards the use of cloud computing platforms within the module of their business. This
is meant for bring efficiency within the processes of work in the sector.
1.1.2 Outline of Roles and Responsibilities of the Lead Consultant of IT Risk Assessment
The primary role of the Lead Consultant is to understand the current situations of work
within the sector of Gigantic Corporation. The consultant has to look into the details of the
organisation, understand them and thus be able to plan some form of strategies that would be
helpful for mitigating the concerns that might raise within the systems. They should conduct an
assessment over the security prospects of the systems and thus be able to develop solutions by
gaining vast insights (Peltier, 2016). Based on the current scenarios, it has been understood that
Gigantic Corporation is facing some major form of issues in relation with the aspects of security.
Therefore the organisation is focusing on the needs of development of a cloud based platform.
3RISK ASSESSMENT BASED ON CLOUD SECURITY
These would be meant for measuring the security prospects of the organisation. Hence the Lead
Consultant has been hired by Gigantic Corporation for helping in the implementation of an
Intrusion Detection System (IDS) technology (Liao et al., 2013). This technological system
would be meant for protecting the features of security and thus implement better forms of
processes within the existing business systems.
The basic responsibilities of the Lead Consultant is:
ï· To work with the higher executives for understanding the challenges faced by the
business, identify and assess the risks and thus enable better form of performance within
the business. These are meant for removal of operational risks faced by the organization.
ï· Establish proper form of communication and thus perform better coordination levels with
different stakeholders, technical experts. This also includes the ecosystem of the business
of the client.
ï· Identify the potential risks and the issues, which might arise within the development of a
project.
ï· Developing and implementing software solutions for the client business, which would fit
within the culture of the organization. This would also help in improving the business
performance of the concerned organization and thus provide immense benefits for the
client.
1.1.3 Outline of New Technology
The new form of technical system, which might be implemented within the organization
is Intrusion Detection System with the effect based on Cloud Security. The impact of IDS and
the included tools meant for the analysis would be helpful for securing the network environment
of the concerned organization. The impact of IDS technology would be purely meant for
providing effective forms of solutions meant for the purposes of the organisation. It would also
prove to be a useful factor for detecting several forms of unauthorized access within the
computing systems. These IDS systems would completely track the various movements within
the network and would also monitor the entire track records of the organisation (Patel et al.,
2013). The IDS systems have a high form of sensor that detects the various kinds of intrusions
within the computing systems. It would then send an alert message to the security team who
would then be able to monitor the systems and thus provide solutions accordingly.
In the age of technology, it has been majorly observed that there could be a vast range of
attacks on the computing systems. These attacks would be mostly meant for gaining a wide
access over the internal assets and data of the organization. Hence a proper mechanism of
detection of the attacks and securing the computing systems is highly necessary. The impact of
IDS technologies would majorly be helpful for ensuring the security of the data of the
organization and maintain a proper business procedure.
The report helps in assessing the different definitions of IDS and their vast level of
properties based on the aspect of cloud computing. The reports supports the discussion on the
cloud computing paradigms and the detection of intrusion by the IDS technology. It also provide
recommendations based on the prevention of such kinds of attacks (Modi et al., 2013).
These would be meant for measuring the security prospects of the organisation. Hence the Lead
Consultant has been hired by Gigantic Corporation for helping in the implementation of an
Intrusion Detection System (IDS) technology (Liao et al., 2013). This technological system
would be meant for protecting the features of security and thus implement better forms of
processes within the existing business systems.
The basic responsibilities of the Lead Consultant is:
ï· To work with the higher executives for understanding the challenges faced by the
business, identify and assess the risks and thus enable better form of performance within
the business. These are meant for removal of operational risks faced by the organization.
ï· Establish proper form of communication and thus perform better coordination levels with
different stakeholders, technical experts. This also includes the ecosystem of the business
of the client.
ï· Identify the potential risks and the issues, which might arise within the development of a
project.
ï· Developing and implementing software solutions for the client business, which would fit
within the culture of the organization. This would also help in improving the business
performance of the concerned organization and thus provide immense benefits for the
client.
1.1.3 Outline of New Technology
The new form of technical system, which might be implemented within the organization
is Intrusion Detection System with the effect based on Cloud Security. The impact of IDS and
the included tools meant for the analysis would be helpful for securing the network environment
of the concerned organization. The impact of IDS technology would be purely meant for
providing effective forms of solutions meant for the purposes of the organisation. It would also
prove to be a useful factor for detecting several forms of unauthorized access within the
computing systems. These IDS systems would completely track the various movements within
the network and would also monitor the entire track records of the organisation (Patel et al.,
2013). The IDS systems have a high form of sensor that detects the various kinds of intrusions
within the computing systems. It would then send an alert message to the security team who
would then be able to monitor the systems and thus provide solutions accordingly.
In the age of technology, it has been majorly observed that there could be a vast range of
attacks on the computing systems. These attacks would be mostly meant for gaining a wide
access over the internal assets and data of the organization. Hence a proper mechanism of
detection of the attacks and securing the computing systems is highly necessary. The impact of
IDS technologies would majorly be helpful for ensuring the security of the data of the
organization and maintain a proper business procedure.
The report helps in assessing the different definitions of IDS and their vast level of
properties based on the aspect of cloud computing. The reports supports the discussion on the
cloud computing paradigms and the detection of intrusion by the IDS technology. It also provide
recommendations based on the prevention of such kinds of attacks (Modi et al., 2013).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4RISK ASSESSMENT BASED ON CLOUD SECURITY
1.2 Overview of Technical Recommendations
1.2.1 Security Architecture of IDS Technology
The security architecture embedded within the IDS technology is mainly based on
different forms of system structures. This would be a combination of the externally visible
properties, various kinds of software components and would also define the various relationships
between them. The properties that are externally visible is based on the inclusion of different
kinds of properties that includes mechanisms based on handling of faults, performance
characteristics and use of sharable resources (Jun & Chi, 2014).
(Fig 1: Software Security Architecture of IDS)
The different other kinds of model based on IDS would mainly emerge based on the
usage of IDS within the networking cluster. The Cluster Head Module (CHM) could be regarded
as another form of proposed model. The inbuilt architecture based on CHM would be running on
the cluster head node (Hidoussi et al., 2015). The inbuilt architecture would be responsible for
the initiation process of detection of the severe kinds of intrusions and thus provide an action
based response that focuses on receiving of requests.
1.2.2 Strategic, Tactical and Contingency Planning
The technologies based on IDS would make use of the defense in-depth form of strategy.
They would also play a major role based on the protection of useful form of information. The
layered form of approach would be mainly based for protecting the informational systems within
the organisation (Schumacher et al., 2013). Hence, this form of strategically designed approach
would help for assisting the organization on preventing, detecting and thus responding to critical
intrusions.
1.2 Overview of Technical Recommendations
1.2.1 Security Architecture of IDS Technology
The security architecture embedded within the IDS technology is mainly based on
different forms of system structures. This would be a combination of the externally visible
properties, various kinds of software components and would also define the various relationships
between them. The properties that are externally visible is based on the inclusion of different
kinds of properties that includes mechanisms based on handling of faults, performance
characteristics and use of sharable resources (Jun & Chi, 2014).
(Fig 1: Software Security Architecture of IDS)
The different other kinds of model based on IDS would mainly emerge based on the
usage of IDS within the networking cluster. The Cluster Head Module (CHM) could be regarded
as another form of proposed model. The inbuilt architecture based on CHM would be running on
the cluster head node (Hidoussi et al., 2015). The inbuilt architecture would be responsible for
the initiation process of detection of the severe kinds of intrusions and thus provide an action
based response that focuses on receiving of requests.
1.2.2 Strategic, Tactical and Contingency Planning
The technologies based on IDS would make use of the defense in-depth form of strategy.
They would also play a major role based on the protection of useful form of information. The
layered form of approach would be mainly based for protecting the informational systems within
the organisation (Schumacher et al., 2013). Hence, this form of strategically designed approach
would help for assisting the organization on preventing, detecting and thus responding to critical
intrusions.
5RISK ASSESSMENT BASED ON CLOUD SECURITY
The planning based on critical tactics would be vastly relevant within the IDS
technology. The impact of cloud security would help the improvement of operations and thus
would provide an all-round security over the organisation (Mitchell & Chen, 2014). Cloud
computing paradigms have vastly impacted the improvement of the infrastructure of IDS.
Contingency planning is one of the routine developed plan. These kinds of plans would
promptly respond to the upcoming threats in such emergency situations. This kind of plan also
includes the backup of data, preparing of critical kind of facilities and proper kinds of plan on
migration (Dawson Jr, Crespo & Brewster, 2013). These kind of plans would also help to
facilitate the continuation of business processes and thus recover from disasters.
1.2.3 Financial Aspects of the Project
The Lead Consultant would be responsible for designing a model based on alert
prioritization model. This model would be responsible for assessing the risks. This model would
make use of severe kinds of indicators based on the detection severe kinds of assets. The Loss
Expectancy concerning the project would hold meaningful for the estimation of potential risks.
This would also project the potential loss over the organization (Finnerty, 2013).
The planning based on critical tactics would be vastly relevant within the IDS
technology. The impact of cloud security would help the improvement of operations and thus
would provide an all-round security over the organisation (Mitchell & Chen, 2014). Cloud
computing paradigms have vastly impacted the improvement of the infrastructure of IDS.
Contingency planning is one of the routine developed plan. These kinds of plans would
promptly respond to the upcoming threats in such emergency situations. This kind of plan also
includes the backup of data, preparing of critical kind of facilities and proper kinds of plan on
migration (Dawson Jr, Crespo & Brewster, 2013). These kind of plans would also help to
facilitate the continuation of business processes and thus recover from disasters.
1.2.3 Financial Aspects of the Project
The Lead Consultant would be responsible for designing a model based on alert
prioritization model. This model would be responsible for assessing the risks. This model would
make use of severe kinds of indicators based on the detection severe kinds of assets. The Loss
Expectancy concerning the project would hold meaningful for the estimation of potential risks.
This would also project the potential loss over the organization (Finnerty, 2013).
6RISK ASSESSMENT BASED ON CLOUD SECURITY
2. Risk Assessment based on Threats, Vulnerabilities and Consequences
2.1 Existing IT Control Framework
2.1.1 Policy and Procedures
There are various kinds of policies and procedures, which would be helpful for detecting
the various kinds of countermeasures. These form of countermeasures could include the
extensive use of firewalls and IDs. These measures help in the design of the security posture of
Gigantic Corporation. They would also help in the mitigation of risks. They would also be able
to maintain financial and competitive viability of the concerning organization (Safa et al., 2015).
During the initial phases of the implementation of IDS based technology, there should be a
proper kind of system. This system would help in providing a definition of policies and would
guide in the process of evaluation and would also help in assisting on the use of tools and
techniques based on detecting intrusions. Hence this would also help for the increase of chances
of the design of a proper form of architecture of IDS technologies (Schumacher et al., 2013). The
various kinds of policies and procedures would help in the integration of system information and
protect the valuable assets of Gigantic Corporation.
2.1.2 Best Recommended Practices
There are some form of recommended practices that could be implemented within
Gigantic Corporation based on their implementation of the IDS technology project. These are:
ï· Use of such kind of tools of IDS that are mainly focused on industry standards for
properly analyzing the signatures and their behaviors based on the various attack stages
(Hassan, 2013).
ï· Developing of several kind of processes based on sending of alerts to the managerial
level of the organization.
ï· Integrating different procedures, which would help in incident based response for
investigating and thus escalating different kinds of issues based on confirmed incidents.
ï· Scheduling of regular form of updates, which would be helpful for detecting signatures
(Butun, Morgera & Sankar, 2014).
2.1.3 Current Evidences
The present form of evidences, which are based on the impact of IDS technologies are focused
on the use of ad hoc based approach. This kind of approach is recommended for the purpose of
matching of characteristics based on specific form of targets environments (Shamshirband et al.,
2013). IDS technology could be used majorly for detecting unauthorized access and thus send
alerts to the top level of management.
Based on the current scenario, it could be discussed that IDS technological systems would be
able to shut the links, which could pose serious forms of attacks. They could also slow down the
pace at which the internet platform is being accessed. These kinds of technologies would try to
make some kinds of attempts for identifying the potential attackers.
2. Risk Assessment based on Threats, Vulnerabilities and Consequences
2.1 Existing IT Control Framework
2.1.1 Policy and Procedures
There are various kinds of policies and procedures, which would be helpful for detecting
the various kinds of countermeasures. These form of countermeasures could include the
extensive use of firewalls and IDs. These measures help in the design of the security posture of
Gigantic Corporation. They would also help in the mitigation of risks. They would also be able
to maintain financial and competitive viability of the concerning organization (Safa et al., 2015).
During the initial phases of the implementation of IDS based technology, there should be a
proper kind of system. This system would help in providing a definition of policies and would
guide in the process of evaluation and would also help in assisting on the use of tools and
techniques based on detecting intrusions. Hence this would also help for the increase of chances
of the design of a proper form of architecture of IDS technologies (Schumacher et al., 2013). The
various kinds of policies and procedures would help in the integration of system information and
protect the valuable assets of Gigantic Corporation.
2.1.2 Best Recommended Practices
There are some form of recommended practices that could be implemented within
Gigantic Corporation based on their implementation of the IDS technology project. These are:
ï· Use of such kind of tools of IDS that are mainly focused on industry standards for
properly analyzing the signatures and their behaviors based on the various attack stages
(Hassan, 2013).
ï· Developing of several kind of processes based on sending of alerts to the managerial
level of the organization.
ï· Integrating different procedures, which would help in incident based response for
investigating and thus escalating different kinds of issues based on confirmed incidents.
ï· Scheduling of regular form of updates, which would be helpful for detecting signatures
(Butun, Morgera & Sankar, 2014).
2.1.3 Current Evidences
The present form of evidences, which are based on the impact of IDS technologies are focused
on the use of ad hoc based approach. This kind of approach is recommended for the purpose of
matching of characteristics based on specific form of targets environments (Shamshirband et al.,
2013). IDS technology could be used majorly for detecting unauthorized access and thus send
alerts to the top level of management.
Based on the current scenario, it could be discussed that IDS technological systems would be
able to shut the links, which could pose serious forms of attacks. They could also slow down the
pace at which the internet platform is being accessed. These kinds of technologies would try to
make some kinds of attempts for identifying the potential attackers.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7RISK ASSESSMENT BASED ON CLOUD SECURITY
In the recent kinds of development of the systems based on IDS technologies, it could be defined
that the software would be purely based on the proper form of combination of hardware and
software based systems (Joshi & Pimprale, 2013). Many of the IDS focused software would
mainly depend on same form of servers and devices. These IDS would consist of different
advanced form of firewalls, proxies or other kinds of software that would perform continuous
operation within the systems. The recent developments in the systems of IDS would enable them
to detect any forms of potential attacks within the systems and thus would be able to provide
different kinds of suggestions based on prevention of the systems. The IDS systems would also
be able to detect any form of internal as well as internal attacks on the computing systems.
2.2 Identification and Discussion about the Major Threat Agents
2.2.1 List of Agents of Threats
The threat agents are defined as such forms of potential actors who pose different forms
of threats within the security systems. They are a kind of entity within the system who perform
different forms of activities that poses threats to the computing systems. Different forms of
threats that are prone to the computing systems include malwares, ransomware, Trojan and many
virus attacks. These vital threats occur within the internal structure of the organization and thus
increase the vulnerability of the organization (Can & Sahingoz, 2015).
(Fig 2: Depiction of an Intrusion Detection System)
2.2.2 Issues
The most common types of issues that are mostly faced by the IDS technologies are:
ï· Managing of a high level of alerts on the computing systems.
In the recent kinds of development of the systems based on IDS technologies, it could be defined
that the software would be purely based on the proper form of combination of hardware and
software based systems (Joshi & Pimprale, 2013). Many of the IDS focused software would
mainly depend on same form of servers and devices. These IDS would consist of different
advanced form of firewalls, proxies or other kinds of software that would perform continuous
operation within the systems. The recent developments in the systems of IDS would enable them
to detect any forms of potential attacks within the systems and thus would be able to provide
different kinds of suggestions based on prevention of the systems. The IDS systems would also
be able to detect any form of internal as well as internal attacks on the computing systems.
2.2 Identification and Discussion about the Major Threat Agents
2.2.1 List of Agents of Threats
The threat agents are defined as such forms of potential actors who pose different forms
of threats within the security systems. They are a kind of entity within the system who perform
different forms of activities that poses threats to the computing systems. Different forms of
threats that are prone to the computing systems include malwares, ransomware, Trojan and many
virus attacks. These vital threats occur within the internal structure of the organization and thus
increase the vulnerability of the organization (Can & Sahingoz, 2015).
(Fig 2: Depiction of an Intrusion Detection System)
2.2.2 Issues
The most common types of issues that are mostly faced by the IDS technologies are:
ï· Managing of a high level of alerts on the computing systems.
8RISK ASSESSMENT BASED ON CLOUD SECURITY
ï· Understanding and thus investigating the alerts in an automatic manner.
ï· Gaining of proper form of knowledge and investigate the alerts.
ï· Ensuring that the deployment of the IDS technology would be successfully installed and
they are able to function in an efficient manner.
2.2.3 Consequences
The selection of inappropriate kind of IDS systems would lead to tremendous
consequences that might affect the concerned organization. Some of the sever forms of
consequences are:
ï· Damage to the Reputation of the Company â The improper implementation of IDS
technology would be leading to the damage of the reputation of the organisation. The
different forms of imposing threats would damage the internal processes within the
system and thus get access to the assets of the company (Chung et al., 2013).
ï· Failure of Projects â The failure of managing of risks within the projects would lead to
projects getting failed at the final stages of testing. This might lead to huge loss over the
business processes.
ï· Delaying of Projects â There might be different forms of risks that could affect within
the system. This might lead to the delay in the time of the delivery of the concerned
projects (Abduvaliyev et al., 2013).
(Fig 3: Working Scenario of IDS Technologies in Organisation)
ï· Understanding and thus investigating the alerts in an automatic manner.
ï· Gaining of proper form of knowledge and investigate the alerts.
ï· Ensuring that the deployment of the IDS technology would be successfully installed and
they are able to function in an efficient manner.
2.2.3 Consequences
The selection of inappropriate kind of IDS systems would lead to tremendous
consequences that might affect the concerned organization. Some of the sever forms of
consequences are:
ï· Damage to the Reputation of the Company â The improper implementation of IDS
technology would be leading to the damage of the reputation of the organisation. The
different forms of imposing threats would damage the internal processes within the
system and thus get access to the assets of the company (Chung et al., 2013).
ï· Failure of Projects â The failure of managing of risks within the projects would lead to
projects getting failed at the final stages of testing. This might lead to huge loss over the
business processes.
ï· Delaying of Projects â There might be different forms of risks that could affect within
the system. This might lead to the delay in the time of the delivery of the concerned
projects (Abduvaliyev et al., 2013).
(Fig 3: Working Scenario of IDS Technologies in Organisation)
9RISK ASSESSMENT BASED ON CLOUD SECURITY
2.3 Mitigation of Risks and Impacts on System
2.3.1 Impact
The different kinds of impact of the risks based within the organisation are:
ï· Safety and Health â The inappropriate assessment of risks would lead to the severe
forms of impact on the health aspects of the systems and business processes.
ï· Time â The impact of risks within the systems would lead to delaying of several
processes. Without a proper form of evaluation, the end products would not be delivered
to the customers.
ï· Financial â Inappropriate assessment of projects could lead to financial losses of
revenue, expenses and incur other forms of costs within the organisation (Creech & Hu,
2014).
2.3.2 Mitigation
There are different kinds of strategies, which could be implemented within the business
processes of the organisation. These would be with the help of the IDS technologies:
ï· Personal data kept within the organisational premises should be protected and secures
against the detection of any form of intrusion. Hence the computing systems should be
kept updated on a regular basis (Stanciu, 2013).
ï· The organization should focus on the implementation of IDS based technologies.
ï· The security systems within the organization should be updated on a regular basis. They
should make use of a stream preprocessor based on the purpose of reassembling the
received packets. A Unicode preprocessor should be used for countering different forms
of techniques based on evasion. These would be primarily be based on Unicode
encoding.
3. Literature Review
3.1 Protection Mechanisms for Employing Security
3.1.1 Safe Guards
There are different kinds of mechanisms based on safe guards that could be implemented
with the use of Strategic based systems. These would include the customizable forms of
accessibility cards, biometric systems, perimeter fencing and antivirus software (Mitchell &
Chen, 2015). These systems could be implemented within the security prospects of the
organization based on safeguarding the environment of the cloud systems used by the
organization.
3.1.2 Security Mechanisms
The different mechanisms based on the implementation of the secured cloud platform are:
2.3 Mitigation of Risks and Impacts on System
2.3.1 Impact
The different kinds of impact of the risks based within the organisation are:
ï· Safety and Health â The inappropriate assessment of risks would lead to the severe
forms of impact on the health aspects of the systems and business processes.
ï· Time â The impact of risks within the systems would lead to delaying of several
processes. Without a proper form of evaluation, the end products would not be delivered
to the customers.
ï· Financial â Inappropriate assessment of projects could lead to financial losses of
revenue, expenses and incur other forms of costs within the organisation (Creech & Hu,
2014).
2.3.2 Mitigation
There are different kinds of strategies, which could be implemented within the business
processes of the organisation. These would be with the help of the IDS technologies:
ï· Personal data kept within the organisational premises should be protected and secures
against the detection of any form of intrusion. Hence the computing systems should be
kept updated on a regular basis (Stanciu, 2013).
ï· The organization should focus on the implementation of IDS based technologies.
ï· The security systems within the organization should be updated on a regular basis. They
should make use of a stream preprocessor based on the purpose of reassembling the
received packets. A Unicode preprocessor should be used for countering different forms
of techniques based on evasion. These would be primarily be based on Unicode
encoding.
3. Literature Review
3.1 Protection Mechanisms for Employing Security
3.1.1 Safe Guards
There are different kinds of mechanisms based on safe guards that could be implemented
with the use of Strategic based systems. These would include the customizable forms of
accessibility cards, biometric systems, perimeter fencing and antivirus software (Mitchell &
Chen, 2015). These systems could be implemented within the security prospects of the
organization based on safeguarding the environment of the cloud systems used by the
organization.
3.1.2 Security Mechanisms
The different mechanisms based on the implementation of the secured cloud platform are:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10RISK ASSESSMENT BASED ON CLOUD SECURITY
ï· Hash Functions â This mechanism is used in a one-way process. The primary property
of hashing is to lock down a certain message and an authorized key would be sent to the
other user who would be able to unlock the message.
ï· Digital Signature â This form of mechanism would help in the providing authentic form
of data that would also help in maintaining the integrity of the information. The message
would also be assigned a kind of digital signature before the transmission of information.
ï· Encryption â This kind of mechanism for the security would help in the conversion of
plaintext data into a certain string of characters. It is also known as an encryption key.
The secret message would be establishes and would be shared among the authorized
parties (Ryan, 2013).
3.1.3 Key Principle of Information Security
The primary principle of the security of information is based on protecting the different
forms of assets of the organization. In the recent time, there has been major form of incidents
based on theft of data and assets of a particular organization. Hence the securing of the data of
the organization is a very important aspects, which should be highly considered. The prime
benefits of information security based on the platforms of cloud would be based on the network
and computing services that would depend on data storage. Therefore, the main principle of the
securing of information is measuring the adaptability, scalability and economical assurance
based in the organization.
4. Conclusion
The above discussion helps in concluding about the importance of implementation of the
project based on Intrusion Detection System within the organization. The organisation provides
different kinds of solutions for the business and would thus require different kinds of
mechanisms based on the security aspects. Hence the implementation of the IDS technologies
would prove to be a major help for the security of the organisation and would thus be able to
meet the objectives of the business.
ï· Hash Functions â This mechanism is used in a one-way process. The primary property
of hashing is to lock down a certain message and an authorized key would be sent to the
other user who would be able to unlock the message.
ï· Digital Signature â This form of mechanism would help in the providing authentic form
of data that would also help in maintaining the integrity of the information. The message
would also be assigned a kind of digital signature before the transmission of information.
ï· Encryption â This kind of mechanism for the security would help in the conversion of
plaintext data into a certain string of characters. It is also known as an encryption key.
The secret message would be establishes and would be shared among the authorized
parties (Ryan, 2013).
3.1.3 Key Principle of Information Security
The primary principle of the security of information is based on protecting the different
forms of assets of the organization. In the recent time, there has been major form of incidents
based on theft of data and assets of a particular organization. Hence the securing of the data of
the organization is a very important aspects, which should be highly considered. The prime
benefits of information security based on the platforms of cloud would be based on the network
and computing services that would depend on data storage. Therefore, the main principle of the
securing of information is measuring the adaptability, scalability and economical assurance
based in the organization.
4. Conclusion
The above discussion helps in concluding about the importance of implementation of the
project based on Intrusion Detection System within the organization. The organisation provides
different kinds of solutions for the business and would thus require different kinds of
mechanisms based on the security aspects. Hence the implementation of the IDS technologies
would prove to be a major help for the security of the organisation and would thus be able to
meet the objectives of the business.
11RISK ASSESSMENT BASED ON CLOUD SECURITY
5. References
Abduvaliyev, A., Pathan, A. S. K., Zhou, J., Roman, R., & Wong, W. C. (2013). On the vital
areas of intrusion detection systems in wireless sensor networks. IEEE Communications
Surveys & Tutorials, 15(3), 1223-1237.
Ashfaq, R. A. R., Wang, X. Z., Huang, J. Z., Abbas, H., & He, Y. L. (2017). Fuzziness based
semi-supervised learning approach for intrusion detection system. Information
Sciences, 378, 484-497.
Butun, I., Morgera, S. D., & Sankar, R. (2014). A survey of intrusion detection systems in
wireless sensor networks. IEEE communications surveys & tutorials, 16(1), 266-282.
Can, O., & Sahingoz, O. K. (2015, May). A survey of intrusion detection systems in wireless
sensor networks. In Modeling, Simulation, and Applied Optimization (ICMSAO), 2015
6th International Conference on (pp. 1-6). IEEE.
Chung, C. J., Khatkar, P., Xing, T., Lee, J., & Huang, D. (2013). NICE: Network intrusion
detection and countermeasure selection in virtual network systems. IEEE transactions on
dependable and secure computing, 10(4), 198-211.
Creech, G., & Hu, J. (2014). A semantic approach to host-based intrusion detection systems
using contiguous and discontiguous system call patterns. IEEE Transactions on
Computers, 63(4), 807-819.
Dawson Jr, M. E., Crespo, M., & Brewster, S. (2013). DoD cyber technology policies to secure
automated information systems. International Journal of Business Continuity and Risk
Management, 4(1), 1-22.
Finnerty, J. D. (2013). Project financing: Asset-based financial engineering. John Wiley & Sons.
Hassan, M. M. (2013). Current studies on intrusion detection system, genetic algorithm and
fuzzy logic. arXiv preprint arXiv:1304.3535.
Joshi, S. A., & Pimprale, V. S. (2013). Network Intrusion Detection System (NIDS) based on
data mining. International Journal of Engineering Science and Innovative Technology
(IJESIT), 2(1), 95-98.
Jun, C., & Chi, C. (2014, January). Design of complex event-processing ids in internet of things.
In Measuring Technology and Mechatronics Automation (ICMTMA), 2014 Sixth
International Conference on (pp. 226-229). IEEE.
Liao, H. J., Lin, C. H. R., Lin, Y. C., & Tung, K. Y. (2013). Intrusion detection system: A
comprehensive review. Journal of Network and Computer Applications, 36(1), 16-24.
Mitchell, R., & Chen, I. R. (2014). A survey of intrusion detection techniques for cyber-physical
systems. ACM Computing Surveys (CSUR), 46(4), 55.
Mitchell, R., & Chen, R. (2015). Behavior rule specification-based intrusion detection for safety
critical medical cyber physical systems. IEEE Transactions on Dependable and Secure
Computing, 12(1), 16-30.
5. References
Abduvaliyev, A., Pathan, A. S. K., Zhou, J., Roman, R., & Wong, W. C. (2013). On the vital
areas of intrusion detection systems in wireless sensor networks. IEEE Communications
Surveys & Tutorials, 15(3), 1223-1237.
Ashfaq, R. A. R., Wang, X. Z., Huang, J. Z., Abbas, H., & He, Y. L. (2017). Fuzziness based
semi-supervised learning approach for intrusion detection system. Information
Sciences, 378, 484-497.
Butun, I., Morgera, S. D., & Sankar, R. (2014). A survey of intrusion detection systems in
wireless sensor networks. IEEE communications surveys & tutorials, 16(1), 266-282.
Can, O., & Sahingoz, O. K. (2015, May). A survey of intrusion detection systems in wireless
sensor networks. In Modeling, Simulation, and Applied Optimization (ICMSAO), 2015
6th International Conference on (pp. 1-6). IEEE.
Chung, C. J., Khatkar, P., Xing, T., Lee, J., & Huang, D. (2013). NICE: Network intrusion
detection and countermeasure selection in virtual network systems. IEEE transactions on
dependable and secure computing, 10(4), 198-211.
Creech, G., & Hu, J. (2014). A semantic approach to host-based intrusion detection systems
using contiguous and discontiguous system call patterns. IEEE Transactions on
Computers, 63(4), 807-819.
Dawson Jr, M. E., Crespo, M., & Brewster, S. (2013). DoD cyber technology policies to secure
automated information systems. International Journal of Business Continuity and Risk
Management, 4(1), 1-22.
Finnerty, J. D. (2013). Project financing: Asset-based financial engineering. John Wiley & Sons.
Hassan, M. M. (2013). Current studies on intrusion detection system, genetic algorithm and
fuzzy logic. arXiv preprint arXiv:1304.3535.
Joshi, S. A., & Pimprale, V. S. (2013). Network Intrusion Detection System (NIDS) based on
data mining. International Journal of Engineering Science and Innovative Technology
(IJESIT), 2(1), 95-98.
Jun, C., & Chi, C. (2014, January). Design of complex event-processing ids in internet of things.
In Measuring Technology and Mechatronics Automation (ICMTMA), 2014 Sixth
International Conference on (pp. 226-229). IEEE.
Liao, H. J., Lin, C. H. R., Lin, Y. C., & Tung, K. Y. (2013). Intrusion detection system: A
comprehensive review. Journal of Network and Computer Applications, 36(1), 16-24.
Mitchell, R., & Chen, I. R. (2014). A survey of intrusion detection techniques for cyber-physical
systems. ACM Computing Surveys (CSUR), 46(4), 55.
Mitchell, R., & Chen, R. (2015). Behavior rule specification-based intrusion detection for safety
critical medical cyber physical systems. IEEE Transactions on Dependable and Secure
Computing, 12(1), 16-30.
12RISK ASSESSMENT BASED ON CLOUD SECURITY
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., & Rajarajan, M. (2013). A survey of
intrusion detection techniques in cloud. Journal of network and computer
applications, 36(1), 42-57.
Patel, A., Taghavi, M., Bakhtiyari, K., & JĂșNior, J. C. (2013). An intrusion detection and
prevention system in cloud computing: A systematic review. Journal of network and
computer applications, 36(1), 25-41.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of
solutions. Journal of Systems and Software, 86(9), 2263-2268.
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015).
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, 65-78.
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., & Sommerlad, P.
(2013). Security Patterns: Integrating security and systems engineering. John Wiley &
Sons.
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., & Sommerlad, P.
(2013). Security Patterns: Integrating security and systems engineering. John Wiley &
Sons.
Shamshirband, S., Anuar, N. B., Kiah, M. L. M., & Patel, A. (2013). An appraisal and design of
a multi-agent system based cooperative wireless intrusion detection computational
intelligence technique. Engineering Applications of Artificial Intelligence, 26(9), 2105-
2127.
Snapp, S. R., Brentano, J., Dias, G., Goan, T. L., Heberlein, L. T., Ho, C. L., & Levitt, K. N.
(2017). DIDS (Distributed Intrusion Detection System)-Motivation, Architecture, and An
Early Prototype.
Stanciu, N. (2013). Technologies, methodologies and challenges in network intrusion detection
and prevention systems. Informatica Economica, 17(1).
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., & Rajarajan, M. (2013). A survey of
intrusion detection techniques in cloud. Journal of network and computer
applications, 36(1), 42-57.
Patel, A., Taghavi, M., Bakhtiyari, K., & JĂșNior, J. C. (2013). An intrusion detection and
prevention system in cloud computing: A systematic review. Journal of network and
computer applications, 36(1), 25-41.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of
solutions. Journal of Systems and Software, 86(9), 2263-2268.
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015).
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, 65-78.
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., & Sommerlad, P.
(2013). Security Patterns: Integrating security and systems engineering. John Wiley &
Sons.
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., & Sommerlad, P.
(2013). Security Patterns: Integrating security and systems engineering. John Wiley &
Sons.
Shamshirband, S., Anuar, N. B., Kiah, M. L. M., & Patel, A. (2013). An appraisal and design of
a multi-agent system based cooperative wireless intrusion detection computational
intelligence technique. Engineering Applications of Artificial Intelligence, 26(9), 2105-
2127.
Snapp, S. R., Brentano, J., Dias, G., Goan, T. L., Heberlein, L. T., Ho, C. L., & Levitt, K. N.
(2017). DIDS (Distributed Intrusion Detection System)-Motivation, Architecture, and An
Early Prototype.
Stanciu, N. (2013). Technologies, methodologies and challenges in network intrusion detection
and prevention systems. Informatica Economica, 17(1).
1 out of 13
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.