Virtualization: Risks and Mitigation Strategies in IT Risk Management

Verified

Added on  2024/07/01

|7
|1397
|371
AI Summary
This assignment explores the concept of virtualization, its characteristics, and the associated risks. It delves into real-world threats within virtual environments and examines various types of virtualization. The paper also discusses risk mitigation strategies, including complex infrastructure, organization, overflow management, and security patches. By understanding these aspects, organizations can effectively manage and mitigate risks associated with virtualization.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
ITC 596
IT RISK MANAGEMENT

ASSIGNMENT 1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Topic Name: Virtualization
INTRODUCTION

According to Microsoft (2018), Virtualization is a technique that is used for the creating a

simulated environment or sometimes called as a Virtual Environment. It is opposite of the

Physical Environment in which there is need of the Physical Components locally. Mostly the

Virtualization includes Operating System, Hardware, Storage Devices that are computer

generated. This helps in making partition for the each and every single physical machine to be

distributed as a bunch of Virtual machines. The Created Virtual machines could be used a

different machine. Also, every virtual machine could have a different set of configurations.

Simpler terms, Virtualization is a technique that is used to create a virtual environment using the

physical or host system resources. It is helpful as it gives you the advantage to access different

type of Operating System over one single machine.

Characteristics of Virtualization:

Encapsulation: Most Virtual Machines are stored in the physical system as one single file
this makes the identification of the machines easier. So, the encapsulation of those Virtual

Machines could be represented as a whole entity. So, it increases the protection of the

application as they cannot infer with each other processes.

Partitioning: In a Virtual Environment, a single host system could be partitioned between
different applications and the Operating systems.

Isolation: In the Virtual Environment, each Virtual Machine Instance is stored in a way
that it does not affect other virtual machines. Due to this Characteristic if one instance of

the Virtual Machine Fails it does not affect other Virtual Machines.

Flexible: The Virtual machine Servers are Flexible as they could be configured according to
the needs of the software or the production.

Scalable: It is very Important characteristics in the Virtualization. One can easily scale up
or scale down the system according to the needs.

Other characteristics include Accessibility, Efficiency, Security within the Virtual Machines

(Sareen, 2013).

Risk Associated with Virtualization:

Loss of Sensitive Data stored within the Virtual Machine
Compromisation of Hypervisor Security
Use of Self-Service Portal for the hijacking
Over-allocation of the Resources
Resources Exhaustion via various Virtual Machines
Risk arises due to the API’s provided by the Cloud Service Provider
Document Page
Document Page
Real Threats within the Virtual Environment:
Infecting the Virtual Machines using the Malware
Malware from One Virtual Environment starts to infect the Host Servers
Data Loss due to Ports Hijacking
When the different Virtual Environments are associated with the different levels of trust
Pathway hijacking from public cloud to the hybrid cloud system (Lombardi & Di Pietro,
2014).

Types of Virtualization:

Hardware Virtualization
Desktop Virtualization
Nested Virtualization
Cloud Virtualization
Software Virtualization
Memory Virtualization
Storage Virtualization
Data Virtualization
Network Virtualization
Risk Alleviation in the Virtualization:

Complex Infrastructure: The more complex network of the Virtual Machines could help to
minimize the risk of exposing to the minimal risks like server hijacking and it could help in

spotting anomalies.

Organization: A development plan needs to be associated with the creation of the Virtual
Environment beforehand

Overflow Management: It is hard to track when a single system has too many Virtual
Environment so a proper flow of management needs to be implied in order to make a

better system.

Security Patches: To minimize the security within the Virtual Environment, the Host
System along with the Virtual Environment needs to improve Security every short span of

time (Yang, Lee & Yoo, 2014).

References:

Microsoft. (2018). Retrieved from https://azure.microsoft.com/en-in/overview/what-is-

virtualization/

Sareen, P. (2013). Cloud computing: types, architecture, applications, concerns, virtualization

and role of it governance in cloud.
International Journal of Advanced Research in Computer
Science and Software Engineering
, 3(3).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Yang, H., Lee, D., & Yoo, S. (2014). A study on stable web server system using virtualization
technology against attacks.
Multimedia Tools And Applications, 74(16), 6381-6390. doi:
10.1007/s11042-014-2109-9

Lombardi, F., & Di Pietro, R. (2014). Virtualization and Cloud Security: Benefits, Caveats, and

Future Developments.
Computer Communications And Networks, 237-255. doi: 10.1007/978-3-
319-10530-7_10
Document Page
Topic Name: Pageup Data Breach
Introduction:

PageUp is an Australian Organization that helps in managing the Data of applicant for the ease of

HR, they provide software that is managed by various companies for the Recruitment process. On

May 23, 2018, the company data was compromised when the unauthenticated person gets the

access to the PageUp mainframe and get the information of more than hundreds and thousands

of job applicants got leaked. It happened during a meetup when much more applicant has applied

for the recruitment process. According to PageUp, even if the application was sent for the

reference checking all the details related to the application of the applicant was compromised

and hacked. The Data Breach has exposed massive data on the applicants including their Date of

Birth, Cell Numbers, Home Address, Job Location, and so on. PageUp reported this to the

Australian Cyber Security Centre (ACSC) about this security breach and they are getting help with

other cyber-crime organization for this data breach.

How Did it happen?

This data breach happened without the knowledge of the PageUp Security team as an

Unknown/Unauthenticated Person go the access to the PageUp mainframe somehow and leaked

the information of thousands of users of PageUp. As the PageUp store, sensitive data like Date of

birth, Address, Cell Number, Financial Details of the Applicants this attack it could harm the users

on personal level as the hacker might use it for the personal gain. As per the PageUp, the attack

was contained and they claim it is safe to use now. They also suggest the users go through the

necessary steps for securing their accounts.

Exposure of Vulnerabilities:

The vulnerabilities that are exposed during this attack was:

Cloud Storage: The Data that was stored on the cloud was highly vulnerable and was
jeopardise at first and was leaked.

Use of third-party service provides for the data analysis and the data management
Another cause could be the inner hacking of the mainframe, meaning any employee use
the access token in an unauthenticated manner

As there was rush in the application of the applicants there might be a possible chance
that the PageUp corporation is using some measure that was not tested and lead to the

exposure of the system to unauthenticated person (
Davies, 2018)
Recommendation by the Company

For those who think their accounts are hacked, company official said:

Change password for the PageUp account
Document Page
If the password for any social media account is same as the previous PageUp account.
Change it also.

2 step verification needs to be enabled if was not enabled previously
Do not respond to the potential phishing emails
Install Reliable Antivirus on the system
Patch the Operating System with the recommended application or software
(Pageuppeople, 2018)

Data that might be lost:

According to the PageUp, the following data might have been compromised:

Employees data of PageUp
Clients Data of PageUp
Job References of those Clients
Agencies details (Pageuppeople, 2018)
References:

Pageuppeople. (2018).
Pageuppeople.com. Retrieved 28 July 2018, from
https://www.pageuppeople.com/unauthorised-activity-on-it-system/

Davies, A. (2018).
PageUp data breach: thousands of job seekers' details potentially
exposed
. the Guardian. Retrieved 28 July 2018, from
https://www.theguardian.com/technology/2018/jun/07/thousands-of-job-seekers-details-

potentially-exposed-in-hack
1 out of 7
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]