Virtualization: Risks and Mitigation Strategies in IT Risk Management

Verified

Added on 2024/07/01

AI Summary

This assignment explores the concept of virtualization, its characteristics, and the associated risks. It delves into real-world threats within virtual environments and examines various types of virtualization. The paper also discusses risk mitigation strategies, including complex infrastructure, organization, overflow management, and security patches. By understanding these aspects, organizations can effectively manage and mitigate risks associated with virtualization.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

ITC 596
IT RISK MANAGEMENT
ASSIGNMENT 1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Topic Name: Virtualization
INTRODUCTION
According to Microsoft (2018), Virtualization is a technique that is used for the creating a
simulated environment or sometimes called as a Virtual Environment. It is opposite of the
Physical Environment in which there is need of the Physical Components locally. Mostly the
Virtualization includes Operating System, Hardware, Storage Devices that are computer
generated. This helps in making partition for the each and every single physical machine to be
distributed as a bunch of Virtual machines. The Created Virtual machines could be used a
different machine. Also, every virtual machine could have a different set of configurations.
Simpler terms, Virtualization is a technique that is used to create a virtual environment using the
physical or host system resources. It is helpful as it gives you the advantage to access different
type of Operating System over one single machine.
Characteristics of Virtualization:
 Encapsulation: Most Virtual Machines are stored in the physical system as one single file
this makes the identification of the machines easier. So, the encapsulation of those Virtual
Machines could be represented as a whole entity. So, it increases the protection of the
application as they cannot infer with each other processes.
 Partitioning: In a Virtual Environment, a single host system could be partitioned between
different applications and the Operating systems.
 Isolation: In the Virtual Environment, each Virtual Machine Instance is stored in a way
that it does not affect other virtual machines. Due to this Characteristic if one instance of
the Virtual Machine Fails it does not affect other Virtual Machines.
 Flexible: The Virtual machine Servers are Flexible as they could be configured according to
the needs of the software or the production.
 Scalable: It is very Important characteristics in the Virtualization. One can easily scale up
or scale down the system according to the needs.
Other characteristics include Accessibility, Efficiency, Security within the Virtual Machines
(Sareen, 2013).
Risk Associated with Virtualization:
 Loss of Sensitive Data stored within the Virtual Machine
 Compromisation of Hypervisor Security
 Use of Self-Service Portal for the hijacking
 Over-allocation of the Resources
 Resources Exhaustion via various Virtual Machines
 Risk arises due to the API’s provided by the Cloud Service Provider

Real Threats within the Virtual Environment:
 Infecting the Virtual Machines using the Malware
 Malware from One Virtual Environment starts to infect the Host Servers
 Data Loss due to Ports Hijacking
 When the different Virtual Environments are associated with the different levels of trust
 Pathway hijacking from public cloud to the hybrid cloud system (Lombardi & Di Pietro,
2014).
Types of Virtualization:
 Hardware Virtualization
 Desktop Virtualization
 Nested Virtualization
 Cloud Virtualization
 Software Virtualization
 Memory Virtualization
 Storage Virtualization
 Data Virtualization
 Network Virtualization
Risk Alleviation in the Virtualization:
 Complex Infrastructure: The more complex network of the Virtual Machines could help to
minimize the risk of exposing to the minimal risks like server hijacking and it could help in
spotting anomalies.
 Organization: A development plan needs to be associated with the creation of the Virtual
Environment beforehand
 Overflow Management: It is hard to track when a single system has too many Virtual
Environment so a proper flow of management needs to be implied in order to make a
better system.
 Security Patches: To minimize the security within the Virtual Environment, the Host
System along with the Virtual Environment needs to improve Security every short span of
time (Yang, Lee & Yoo, 2014).
References:
Microsoft. (2018). Retrieved from https://azure.microsoft.com/en-in/overview/what-is-
virtualization/
Sareen, P. (2013). Cloud computing: types, architecture, applications, concerns, virtualization
and role of it governance in cloud. International Journal of Advanced Research in Computer
Science and Software Engineering, 3(3).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Yang, H., Lee, D., & Yoo, S. (2014). A study on stable web server system using virtualization
technology against attacks. Multimedia Tools And Applications, 74(16), 6381-6390. doi:
10.1007/s11042-014-2109-9
Lombardi, F., & Di Pietro, R. (2014). Virtualization and Cloud Security: Benefits, Caveats, and
Future Developments. Computer Communications And Networks, 237-255. doi: 10.1007/978-3-
319-10530-7_10

Topic Name: Pageup Data Breach
Introduction:
PageUp is an Australian Organization that helps in managing the Data of applicant for the ease of
HR, they provide software that is managed by various companies for the Recruitment process. On
May 23, 2018, the company data was compromised when the unauthenticated person gets the
access to the PageUp mainframe and get the information of more than hundreds and thousands
of job applicants got leaked. It happened during a meetup when much more applicant has applied
for the recruitment process. According to PageUp, even if the application was sent for the
reference checking all the details related to the application of the applicant was compromised
and hacked. The Data Breach has exposed massive data on the applicants including their Date of
Birth, Cell Numbers, Home Address, Job Location, and so on. PageUp reported this to the
Australian Cyber Security Centre (ACSC) about this security breach and they are getting help with
other cyber-crime organization for this data breach.
How Did it happen?
This data breach happened without the knowledge of the PageUp Security team as an
Unknown/Unauthenticated Person go the access to the PageUp mainframe somehow and leaked
the information of thousands of users of PageUp. As the PageUp store, sensitive data like Date of
birth, Address, Cell Number, Financial Details of the Applicants this attack it could harm the users
on personal level as the hacker might use it for the personal gain. As per the PageUp, the attack
was contained and they claim it is safe to use now. They also suggest the users go through the
necessary steps for securing their accounts.
Exposure of Vulnerabilities:
The vulnerabilities that are exposed during this attack was:
 Cloud Storage: The Data that was stored on the cloud was highly vulnerable and was
jeopardise at first and was leaked.
 Use of third-party service provides for the data analysis and the data management
 Another cause could be the inner hacking of the mainframe, meaning any employee use
the access token in an unauthenticated manner
 As there was rush in the application of the applicants there might be a possible chance
that the PageUp corporation is using some measure that was not tested and lead to the
exposure of the system to unauthenticated person (Davies, 2018)
Recommendation by the Company
For those who think their accounts are hacked, company official said:
 Change password for the PageUp account

 If the password for any social media account is same as the previous PageUp account.
Change it also.
 2 step verification needs to be enabled if was not enabled previously
 Do not respond to the potential phishing emails
 Install Reliable Antivirus on the system
 Patch the Operating System with the recommended application or software
(Pageuppeople, 2018)
Data that might be lost:
According to the PageUp, the following data might have been compromised:
 Employees data of PageUp
 Clients Data of PageUp
 Job References of those Clients
 Agencies details (Pageuppeople, 2018)
References:
Pageuppeople. (2018). Pageuppeople.com. Retrieved 28 July 2018, from
https://www.pageuppeople.com/unauthorised-activity-on-it-system/
Davies, A. (2018). PageUp data breach: thousands of job seekers' details potentially
exposed. the Guardian. Retrieved 28 July 2018, from
https://www.theguardian.com/technology/2018/jun/07/thousands-of-job-seekers-details-
potentially-exposed-in-hack

1 out of 7

+13062052269

info@desklib.com

Virtualization: Risks and Mitigation Strategies in IT Risk Management

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Cloud Computing

Cloud Virtualization: Types and Providers

Cloud Computing Power Point Presentation 2022

Implementation of Virtualization in Software

Managing Services and Security

The Student Name of the University Author