Auric Enterprises: Cloud Security Threat and Vulnerability Report
VerifiedAdded on 2020/04/01
|13
|3111
|356
Report
AI Summary
This report provides a detailed threat and vulnerability analysis for Auric Enterprises, a metallurgical and mining company, as they consider migrating their operations to the Microsoft Office 365 cloud platform. The report identifies key threats, including data breaches, malicious insider attacks, intruder attacks, inadequate diligence, and vulnerabilities specific to SCADA systems. It explores vulnerabilities such as predictable session identifiers, SQL injection, cross-site scripting, and file upload issues. The report then outlines control measures to mitigate these risks, encompassing data protection strategies, measures to prevent malicious insider activities, strategies to mitigate intruder attacks and data loss, actions to address inadequate diligence, and specific control measures for SCADA systems. The report emphasizes the importance of antivirus software, strong authentication methods, encryption, network security, and professional expertise to ensure a secure and successful cloud migration for Auric Enterprises.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
Auric Enterprises Threat and Vulnerability Analysis
Name of the Student
Name of the University
Author’s note
Auric Enterprises Threat and Vulnerability Analysis
Name of the Student
Name of the University
Author’s note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
Abstract
Auric Enterprise carries out metallurgical and mining operations in Central Australia. They
should adopt the cloud platform provided by Microsoft Office 365 to carry out their business
activities on the cloud. The threats associated with adopting the cloud technology have been
discussed in this report. Also, the vulnerabilities or the weakness of the cloud technology has
been detailed in the report as well. The threats like data breaches, intruders attack, inadequate
diligence have been elaborated. The threats associated with SCADA systems have been
showcased thus a detailed insight or the overview of the company’s business activities can be
received. Finally, the control measures to diminish those mentioned threats have been
mentioned.
Abstract
Auric Enterprise carries out metallurgical and mining operations in Central Australia. They
should adopt the cloud platform provided by Microsoft Office 365 to carry out their business
activities on the cloud. The threats associated with adopting the cloud technology have been
discussed in this report. Also, the vulnerabilities or the weakness of the cloud technology has
been detailed in the report as well. The threats like data breaches, intruders attack, inadequate
diligence have been elaborated. The threats associated with SCADA systems have been
showcased thus a detailed insight or the overview of the company’s business activities can be
received. Finally, the control measures to diminish those mentioned threats have been
mentioned.
2AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
Table of Contents
1. Introduction............................................................................................................................2
2. Threats....................................................................................................................................2
i. Data Breaches.....................................................................................................................2
ii. Malicious insiders..............................................................................................................3
iii. Intruder attack and permanent data loss...........................................................................3
iv. Inadequate diligence.........................................................................................................4
v. Threats related to SCADA System....................................................................................4
3. Vulnerabilities........................................................................................................................4
4. Control measures....................................................................................................................7
i. Avoiding data protection.....................................................................................................7
ii. Avoiding malicious insiders..............................................................................................7
ii. Mitigating intruder attack and permanent data loss...........................................................7
iv. Mitigating inadequate diligence........................................................................................8
v. Control over SCADA systems...........................................................................................8
5. Conclusion..............................................................................................................................8
6. References............................................................................................................................10
Table of Contents
1. Introduction............................................................................................................................2
2. Threats....................................................................................................................................2
i. Data Breaches.....................................................................................................................2
ii. Malicious insiders..............................................................................................................3
iii. Intruder attack and permanent data loss...........................................................................3
iv. Inadequate diligence.........................................................................................................4
v. Threats related to SCADA System....................................................................................4
3. Vulnerabilities........................................................................................................................4
4. Control measures....................................................................................................................7
i. Avoiding data protection.....................................................................................................7
ii. Avoiding malicious insiders..............................................................................................7
ii. Mitigating intruder attack and permanent data loss...........................................................7
iv. Mitigating inadequate diligence........................................................................................8
v. Control over SCADA systems...........................................................................................8
5. Conclusion..............................................................................................................................8
6. References............................................................................................................................10
3AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
1. Introduction
Auric Enterprise conducts metallurgical and mining operation in Australia. They want
to move to the cloud to enhance their business activities for good [2]. They should adopt the
cloud platform provided by Microsoft Office 365 to carry out their business activities on the
cloud.
This report will highlight the threats and the vulnerabilities that Auric can face while
moving to the cloud platform. Also, the control measures to mitigate those risks will be
showcased.
2. Threats
Auric Enterprises want to move to the Cloud as they want to enhance the business
activities and also want to carry out their business activities in a secure manner [4]. They use
IPv4 internet connectivity and a strong up-to-date firewall, however, if they migrate to the
cloud they will have to face threats which must be addressed. At first, there is a chance of
getting data breaches.
i. Data Breaches
They use the MSSQL databases for storing the sensitive secretive data of their
customers in their database. After migrating to the cloud, their cloud database will be
controlled by third-party cloud vendor, if their database gets compromised then Auric will
have to face devastating consequences [7]. Auric will have to pay fines of about $10,000,000.
The data breach will also affect their brand name. They will lose reputation; they will lose the
brand name. They will lose the customer base as well. Since they are opting to move to
Microsoft Azure cloud platform, Auric will not have total control over their data, Microsoft
even has the privilege to access the data, so the data is not cent percent authenticated [3].
Even though they use strong up-to-date firewall the risks still reside within.
1. Introduction
Auric Enterprise conducts metallurgical and mining operation in Australia. They want
to move to the cloud to enhance their business activities for good [2]. They should adopt the
cloud platform provided by Microsoft Office 365 to carry out their business activities on the
cloud.
This report will highlight the threats and the vulnerabilities that Auric can face while
moving to the cloud platform. Also, the control measures to mitigate those risks will be
showcased.
2. Threats
Auric Enterprises want to move to the Cloud as they want to enhance the business
activities and also want to carry out their business activities in a secure manner [4]. They use
IPv4 internet connectivity and a strong up-to-date firewall, however, if they migrate to the
cloud they will have to face threats which must be addressed. At first, there is a chance of
getting data breaches.
i. Data Breaches
They use the MSSQL databases for storing the sensitive secretive data of their
customers in their database. After migrating to the cloud, their cloud database will be
controlled by third-party cloud vendor, if their database gets compromised then Auric will
have to face devastating consequences [7]. Auric will have to pay fines of about $10,000,000.
The data breach will also affect their brand name. They will lose reputation; they will lose the
brand name. They will lose the customer base as well. Since they are opting to move to
Microsoft Azure cloud platform, Auric will not have total control over their data, Microsoft
even has the privilege to access the data, so the data is not cent percent authenticated [3].
Even though they use strong up-to-date firewall the risks still reside within.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
ii. Malicious insiders
Other than the data breaches there is still a chance of losing credentials. The
enterprise's systems use various kinds of authentication measures to safeguard their system
and the database [6]. The authentication systems which is used widely applied and are quite
popular are passwords and phone-based authentication. The passwords must be strong
enough otherwise the data can be breached. But the enterprises use weak passwords in
general which can be guessed easily and are easily recognizable. That makes the system more
vulnerable to threats. Auric must implement a strong password to protect their database from
the data breaches. Also, they must use two-way verification system to enhance the security of
the database [8]. Auric CEO’s assistant must be aware of this fact and should not share the
password and since every action is carried out online the password leaks will prove very
costly to them. Often the insiders are great threats to the organization.
iii. Intruder attack and permanent data loss
The hackers and the intruders can attack Auric system and can make the whole system
vulnerable. Auric needs to use updated hardware, software and application programs, the
outdated systems are more vulnerable to threats. Auric also needs to keep a backup of data.
The malware attack can lead to havoc; the intruders can steal data can also delete data
permanently [6]. Again the DDoS attack or ransomware attack can lead to vulnerabilities.
The attackers hijacked one's system and then disallow the authorized to gain access to their
own system. The authorized users can only gain access to their system if they are willing to
pay some handsome amount of money. Also after getting access to their system, there is no
guarantee the data will be retrieved back [9]. That is why the intruders is a big threat to cloud
technology.
ii. Malicious insiders
Other than the data breaches there is still a chance of losing credentials. The
enterprise's systems use various kinds of authentication measures to safeguard their system
and the database [6]. The authentication systems which is used widely applied and are quite
popular are passwords and phone-based authentication. The passwords must be strong
enough otherwise the data can be breached. But the enterprises use weak passwords in
general which can be guessed easily and are easily recognizable. That makes the system more
vulnerable to threats. Auric must implement a strong password to protect their database from
the data breaches. Also, they must use two-way verification system to enhance the security of
the database [8]. Auric CEO’s assistant must be aware of this fact and should not share the
password and since every action is carried out online the password leaks will prove very
costly to them. Often the insiders are great threats to the organization.
iii. Intruder attack and permanent data loss
The hackers and the intruders can attack Auric system and can make the whole system
vulnerable. Auric needs to use updated hardware, software and application programs, the
outdated systems are more vulnerable to threats. Auric also needs to keep a backup of data.
The malware attack can lead to havoc; the intruders can steal data can also delete data
permanently [6]. Again the DDoS attack or ransomware attack can lead to vulnerabilities.
The attackers hijacked one's system and then disallow the authorized to gain access to their
own system. The authorized users can only gain access to their system if they are willing to
pay some handsome amount of money. Also after getting access to their system, there is no
guarantee the data will be retrieved back [9]. That is why the intruders is a big threat to cloud
technology.
5AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
iv. Inadequate diligence
The employees of Auric are not aware of the cloud technology and the cloud services,
also the management team are not much knowledgeable, they need professional assistance
and also need time to learn the cloud technology from scratch [1]. Initially, they will make
blunders and thus they can face huge losses initially, they can lose the market share. That is
why this is a great threat for the company.
v. Threats related to SCADA System
a. Lack of monitoring: The lack of active network monitoring can lead to
unscrupulous activities and thus it is a possible threat.
b. Updates: The SCADA systems are inconvenient, the configuration issues arise
while the software is updated. The software does not comply with the hardware components
[7].
c. Lack of knowledge about the device: Auric technicians must have knowledge
about the SCADA systems to use it in an effective way.
d. Not estimating the traffic: The Auric managers and Auric CIO must know the type
of network via which their company’s network is going through. CIO knows the advantages
of the SCADA systems but he is not aware of the risks, so he must act responsibly [8].
e. Authentic loopholes: The weak password is assign of weak authentication and the
SCADA system can be vulnerable due to this reason.
3. Vulnerabilities
i. Predictable session identifiers: The Base 64 can be decided by the attackers and the
attackers can reverse engineer the algorithm for their convenience.
iv. Inadequate diligence
The employees of Auric are not aware of the cloud technology and the cloud services,
also the management team are not much knowledgeable, they need professional assistance
and also need time to learn the cloud technology from scratch [1]. Initially, they will make
blunders and thus they can face huge losses initially, they can lose the market share. That is
why this is a great threat for the company.
v. Threats related to SCADA System
a. Lack of monitoring: The lack of active network monitoring can lead to
unscrupulous activities and thus it is a possible threat.
b. Updates: The SCADA systems are inconvenient, the configuration issues arise
while the software is updated. The software does not comply with the hardware components
[7].
c. Lack of knowledge about the device: Auric technicians must have knowledge
about the SCADA systems to use it in an effective way.
d. Not estimating the traffic: The Auric managers and Auric CIO must know the type
of network via which their company’s network is going through. CIO knows the advantages
of the SCADA systems but he is not aware of the risks, so he must act responsibly [8].
e. Authentic loopholes: The weak password is assign of weak authentication and the
SCADA system can be vulnerable due to this reason.
3. Vulnerabilities
i. Predictable session identifiers: The Base 64 can be decided by the attackers and the
attackers can reverse engineer the algorithm for their convenience.
6AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
ii. Over-dependence on client-side validation: The hackers by changing the settings
of browser security and disallow JavaScript to bypass the validation procedures [5].
iii. SQL injection: The hackers can exploit the SQL injection weakness and
vulnerabilities and their operations range from excavating database access to acquire
command execution.
iv. Unauthorised execution of operations: The hackers by gaining credentials and
session tokens can exploit the system and can make the whole system vulnerable, thus the
system can lose authorization [10].
v. Cross-Site Scripting: The hackers can steal cookies and vital data of the browser
session and make the system vulnerable. The hackers having extensible knowledge on HTML
and also on the scripting language exploit the security of the system.
vi. File upload issues: The applications, as well as the files, are vulnerable to
malware attacks. The XSS exploits and Trojans and the virus can make the whole system and
the database vulnerable to attack [12].
vii. Lack of account lockout: The absence of account lockout can make the whole
system and the database liable to hackers’ attacks and they will access the attack multiple
times and will steal information according to their convenience and steal information data.
They will also keep an eye on the website constantly to know the secrets of the organization.
viii. No rules for passwords: The weak passwords can lead them to access the
database and the system at will. The hackers by Brute-Force method enters the system with
ease and can exploit the system [6].
ii. Over-dependence on client-side validation: The hackers by changing the settings
of browser security and disallow JavaScript to bypass the validation procedures [5].
iii. SQL injection: The hackers can exploit the SQL injection weakness and
vulnerabilities and their operations range from excavating database access to acquire
command execution.
iv. Unauthorised execution of operations: The hackers by gaining credentials and
session tokens can exploit the system and can make the whole system vulnerable, thus the
system can lose authorization [10].
v. Cross-Site Scripting: The hackers can steal cookies and vital data of the browser
session and make the system vulnerable. The hackers having extensible knowledge on HTML
and also on the scripting language exploit the security of the system.
vi. File upload issues: The applications, as well as the files, are vulnerable to
malware attacks. The XSS exploits and Trojans and the virus can make the whole system and
the database vulnerable to attack [12].
vii. Lack of account lockout: The absence of account lockout can make the whole
system and the database liable to hackers’ attacks and they will access the attack multiple
times and will steal information according to their convenience and steal information data.
They will also keep an eye on the website constantly to know the secrets of the organization.
viii. No rules for passwords: The weak passwords can lead them to access the
database and the system at will. The hackers by Brute-Force method enters the system with
ease and can exploit the system [6].
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
ix. Storing unencrypted passwords in the database: The hackers by installing virus
can know the hidden passwords and can also access the hidden files stored in the system
which are unencrypted [11].
x. Username enumeration: By the method of phishing the hackers can acquire the
username and the password to access the cloud system and thus it is a vulnerable issue.
xi. Session Timeout: The authenticated user does not sign out the database after the
usage of the cloud platform or often they forget to log out, thus provides the opportunity for
the hackers to exploit the system with ease [13].
xii. Not displaying the previous sessions: Often the users or the customers are not
displayed the time and the source of previous logins. The users unknowingly enter the
credentials that is the username and the password and their privacy can be compromised in
this way. This is a sort of phishing and the cloud data can be breached.
xiii. Cookie Secure Flag Not Setting properly: The hackers can engineer a
connectivity between server and the client and in this way the cookies which gets transmitted
via these connectivity channel and the hackers can exploit the system by accessing those
cookies [15].
xiv. Weak ciphers that are enabled in web server SSL configuration: The hackers
can exploit the network and can record the conversion in transit and thus can crack the SSL
key.
ix. Storing unencrypted passwords in the database: The hackers by installing virus
can know the hidden passwords and can also access the hidden files stored in the system
which are unencrypted [11].
x. Username enumeration: By the method of phishing the hackers can acquire the
username and the password to access the cloud system and thus it is a vulnerable issue.
xi. Session Timeout: The authenticated user does not sign out the database after the
usage of the cloud platform or often they forget to log out, thus provides the opportunity for
the hackers to exploit the system with ease [13].
xii. Not displaying the previous sessions: Often the users or the customers are not
displayed the time and the source of previous logins. The users unknowingly enter the
credentials that is the username and the password and their privacy can be compromised in
this way. This is a sort of phishing and the cloud data can be breached.
xiii. Cookie Secure Flag Not Setting properly: The hackers can engineer a
connectivity between server and the client and in this way the cookies which gets transmitted
via these connectivity channel and the hackers can exploit the system by accessing those
cookies [15].
xiv. Weak ciphers that are enabled in web server SSL configuration: The hackers
can exploit the network and can record the conversion in transit and thus can crack the SSL
key.
8AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
4. Control measures
i. Avoiding data protection
The data breaches generally occur accidentally or they are carried out by the intruders.
He breaches are quite difficult to recognise, thus to stay at the safe side Auric Enterprise must
install antivirus software at their premises, the antivirus can protect Auric from any kind of
threats and vulnerabilities [15]. The malware and the virus attack can be mitigated to a large
extent simply by installing this software. The software can cater real-time protection. Auric
can stay in peace by simply updating the antivirus software. The finance data of the database
can be well secured.
ii. Avoiding malicious insiders
The CEO of Auric Enterprise should be careful of the malicious insiders. It may
happen that his assistant shares the passwords with others, and the CEO is completely
unaware of that. He must monitor the system and the database regularly and should keep
track of any unscrupulous activities within the system. Instead he gives full responsibility to
his assistant [16]. Again, he should hire an assistant that knows English, in this way he can
communicate well with his assistant.
ii. Mitigating intruder attack and permanent data loss
The intruder attack can be mitigated or can be controlled by applying certain
encryption procedures alongside firewall while conducting business activities on the cloud
platform [13]. The data can be encrypted by Advanced Encryption Standard (AES) 256.
Again, the network must be secure enough to carry out the cloud computing activities. All the
data must be transmitted via secured HTTP success utilizing SSL [5]. Only the managers
must be given the permission to access the entire database and the rest of the employees must
be given control over certain areas of the database.
4. Control measures
i. Avoiding data protection
The data breaches generally occur accidentally or they are carried out by the intruders.
He breaches are quite difficult to recognise, thus to stay at the safe side Auric Enterprise must
install antivirus software at their premises, the antivirus can protect Auric from any kind of
threats and vulnerabilities [15]. The malware and the virus attack can be mitigated to a large
extent simply by installing this software. The software can cater real-time protection. Auric
can stay in peace by simply updating the antivirus software. The finance data of the database
can be well secured.
ii. Avoiding malicious insiders
The CEO of Auric Enterprise should be careful of the malicious insiders. It may
happen that his assistant shares the passwords with others, and the CEO is completely
unaware of that. He must monitor the system and the database regularly and should keep
track of any unscrupulous activities within the system. Instead he gives full responsibility to
his assistant [16]. Again, he should hire an assistant that knows English, in this way he can
communicate well with his assistant.
ii. Mitigating intruder attack and permanent data loss
The intruder attack can be mitigated or can be controlled by applying certain
encryption procedures alongside firewall while conducting business activities on the cloud
platform [13]. The data can be encrypted by Advanced Encryption Standard (AES) 256.
Again, the network must be secure enough to carry out the cloud computing activities. All the
data must be transmitted via secured HTTP success utilizing SSL [5]. Only the managers
must be given the permission to access the entire database and the rest of the employees must
be given control over certain areas of the database.
9AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
iv. Mitigating inadequate diligence
Auric must hire a professional who is knowledgeable about all the products of the
cloud platform and who is expert in accessing the cloud platform [2]. The managers should
learn all the aspects of the cloud technology and should help the subordinates and also
encourage the subordinates so that they can learn the cloud technology as soon as possible
and can use the technology in agile effective manner [13]. Though they will face issues
initially, will make blunders, however they should adopt the cloud technology for good and
this will certainly help them in long run.
v. Control over SCADA systems
SCADA system can be protected and secured if the system is well monitored by the
managers and admins of Auric. The hardware and the software must be updated
simultaneously the SCADA system should be built keeping in mind the software must
comply with the hardware configuration [14]. Also in this case the managers should hire a
professional who will assist the managers and his subordinates to apply the SCADA systems
in an efficient way. Besides they should know the traffic type which is transmitting through
network and analyzing the traffic the managers can take effective decisions [8]. Only the
authorized users must be given the control to access the SCADA system completely. In this
way the SCADA system can be secured.
5. Conclusion
It can be concluded from the above discourse that Auric can be greatly benefitted
from the cloud technology and Microsoft cloud platform. Microsoft 365 Office Suite has the
capabilities to offer them the best cloud solutions to scale up the business. Thus they should
adopt the cloud technology for good. The threats associated with adopting the cloud
technology have been discussed in this report. Also the vulnerabilities or the weakness of the
iv. Mitigating inadequate diligence
Auric must hire a professional who is knowledgeable about all the products of the
cloud platform and who is expert in accessing the cloud platform [2]. The managers should
learn all the aspects of the cloud technology and should help the subordinates and also
encourage the subordinates so that they can learn the cloud technology as soon as possible
and can use the technology in agile effective manner [13]. Though they will face issues
initially, will make blunders, however they should adopt the cloud technology for good and
this will certainly help them in long run.
v. Control over SCADA systems
SCADA system can be protected and secured if the system is well monitored by the
managers and admins of Auric. The hardware and the software must be updated
simultaneously the SCADA system should be built keeping in mind the software must
comply with the hardware configuration [14]. Also in this case the managers should hire a
professional who will assist the managers and his subordinates to apply the SCADA systems
in an efficient way. Besides they should know the traffic type which is transmitting through
network and analyzing the traffic the managers can take effective decisions [8]. Only the
authorized users must be given the control to access the SCADA system completely. In this
way the SCADA system can be secured.
5. Conclusion
It can be concluded from the above discourse that Auric can be greatly benefitted
from the cloud technology and Microsoft cloud platform. Microsoft 365 Office Suite has the
capabilities to offer them the best cloud solutions to scale up the business. Thus they should
adopt the cloud technology for good. The threats associated with adopting the cloud
technology have been discussed in this report. Also the vulnerabilities or the weakness of the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
cloud technology has been detailed in the report as well. The threats like data breaches,
intruders attack, inadequate diligence have been elaborated. Again, the threats associated with
SCADA systems have been showcased thus a detailed insight or the overview of the
company’s business activities can be received. At last, the control measures to mitigate those
five threats have been detailed.
cloud technology has been detailed in the report as well. The threats like data breaches,
intruders attack, inadequate diligence have been elaborated. Again, the threats associated with
SCADA systems have been showcased thus a detailed insight or the overview of the
company’s business activities can be received. At last, the control measures to mitigate those
five threats have been detailed.
11AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
6. References
[1] Hashizume, Keiko, David G. Rosado, Eduardo Fernández-Medina, and Eduardo B.
Fernandez. "An analysis of security issues for cloud computing." Journal of Internet Services
and Applications 4, no. 1, 2013: 5.
[2] Islam, Tariqul, D. Manivannan, and Sherali Zeadally. "A classification and
characterization of security threats in cloud computing." Int. J. Next-Gener. Comput 7, no. 1,
2016.
[3] Chou, Te-Shun. "Security threats on cloud computing vulnerabilities." International
Journal of Computer Science & Information Technology 5, no. 3, 2013: 79.
[4] AlZadjali, Amira M., Ali H. Al-Badi, and Saqib Ali. "An Analysis of the Security Threats
and Vulnerabilities of Cloud Computing in Oman." In Intelligent Networking and
Collaborative Systems (INCOS), 2015 International Conference on, pp. 423-428. IEEE,
2015.
[5] Xiao, Zhifeng, and Yang Xiao. "Security and privacy in cloud computing." IEEE
Communications Surveys & Tutorials 15, no. 2, 2013: 843-859.
[6] Zhang, Su, Xinwen Zhang, and Xinming Ou. "After we knew it: empirical study and
modeling of cost-effectiveness of exploiting prevalent known vulnerabilities across iaas
cloud." In Proceedings of the 9th ACM symposium on Information, computer and
communications security, pp. 317-328. ACM, 2014.
[7] Khalil, Issa M., Abdallah Khreishah, and Muhammad Azeem. "Cloud computing security:
a survey." Computers 3, no. 1, 2014: 1-35.
[8] Tari, Zahir. "Security and privacy in cloud computing." IEEE Cloud Computing1, no. 1,
2014: 54-57.
6. References
[1] Hashizume, Keiko, David G. Rosado, Eduardo Fernández-Medina, and Eduardo B.
Fernandez. "An analysis of security issues for cloud computing." Journal of Internet Services
and Applications 4, no. 1, 2013: 5.
[2] Islam, Tariqul, D. Manivannan, and Sherali Zeadally. "A classification and
characterization of security threats in cloud computing." Int. J. Next-Gener. Comput 7, no. 1,
2016.
[3] Chou, Te-Shun. "Security threats on cloud computing vulnerabilities." International
Journal of Computer Science & Information Technology 5, no. 3, 2013: 79.
[4] AlZadjali, Amira M., Ali H. Al-Badi, and Saqib Ali. "An Analysis of the Security Threats
and Vulnerabilities of Cloud Computing in Oman." In Intelligent Networking and
Collaborative Systems (INCOS), 2015 International Conference on, pp. 423-428. IEEE,
2015.
[5] Xiao, Zhifeng, and Yang Xiao. "Security and privacy in cloud computing." IEEE
Communications Surveys & Tutorials 15, no. 2, 2013: 843-859.
[6] Zhang, Su, Xinwen Zhang, and Xinming Ou. "After we knew it: empirical study and
modeling of cost-effectiveness of exploiting prevalent known vulnerabilities across iaas
cloud." In Proceedings of the 9th ACM symposium on Information, computer and
communications security, pp. 317-328. ACM, 2014.
[7] Khalil, Issa M., Abdallah Khreishah, and Muhammad Azeem. "Cloud computing security:
a survey." Computers 3, no. 1, 2014: 1-35.
[8] Tari, Zahir. "Security and privacy in cloud computing." IEEE Cloud Computing1, no. 1,
2014: 54-57.
12AURIC ENTERPRISES THREAT AND VULNERABILITY ANALYSIS
[9] Rasheed, Hassan. "Data and infrastructure security auditing in cloud computing
environments." International Journal of Information Management34, no. 3, 2014: 364-368.
[10] Lin, Guoyuan, Danru Wang, Yuyu Bie, and Min Lei. "MTBAC: a mutual trust based
access control model in cloud computing." China Communications 11, no. 4, 2014: 154-162.
[11] Latif, Rabia, Haider Abbas, Saïd Assar, and Qasim Ali. "Cloud computing risk
assessment: a systematic literature review." In Future Information Technology, pp. 285-295.
Springer, Berlin, Heidelberg, 2014.
[12] Jula, Amin, Elankovan Sundararajan, and Zalinda Othman. "Cloud computing service
composition: A systematic literature review." Expert Systems with Applications 41, no. 8,
2014: 3809-3824.
[13] Hutchings, Alice, Russell G. Smith, and Lachlan James. "Criminals in the Cloud: Crime,
Security Threats, and Prevention Measures." Cybercrime Risks and Responses: Eastern and
Western Perspectives 2015: 146.
[14] Ali, Mazhar, Samee U. Khan, and Athanasios V. Vasilakos. "Security in cloud
computing: Opportunities and challenges." Information Sciences 305, 2015: 357-383.
[15] Mi, Qing, Zhen-tao Ni, and Xiao-duan Wang. "Research on security threats and
Countermeasures for Cloud Computing." 2015.
[16] McGrath, Michael P., Matthew Hicks, Thomas Wiest, and Daniel C. McPherson.
"Controlling utilization in a multi-tenant platform-as-a-service (PaaS) environment in a cloud
computing system." U.S. Patent 8,850,432, issued September 30, 2014.
[9] Rasheed, Hassan. "Data and infrastructure security auditing in cloud computing
environments." International Journal of Information Management34, no. 3, 2014: 364-368.
[10] Lin, Guoyuan, Danru Wang, Yuyu Bie, and Min Lei. "MTBAC: a mutual trust based
access control model in cloud computing." China Communications 11, no. 4, 2014: 154-162.
[11] Latif, Rabia, Haider Abbas, Saïd Assar, and Qasim Ali. "Cloud computing risk
assessment: a systematic literature review." In Future Information Technology, pp. 285-295.
Springer, Berlin, Heidelberg, 2014.
[12] Jula, Amin, Elankovan Sundararajan, and Zalinda Othman. "Cloud computing service
composition: A systematic literature review." Expert Systems with Applications 41, no. 8,
2014: 3809-3824.
[13] Hutchings, Alice, Russell G. Smith, and Lachlan James. "Criminals in the Cloud: Crime,
Security Threats, and Prevention Measures." Cybercrime Risks and Responses: Eastern and
Western Perspectives 2015: 146.
[14] Ali, Mazhar, Samee U. Khan, and Athanasios V. Vasilakos. "Security in cloud
computing: Opportunities and challenges." Information Sciences 305, 2015: 357-383.
[15] Mi, Qing, Zhen-tao Ni, and Xiao-duan Wang. "Research on security threats and
Countermeasures for Cloud Computing." 2015.
[16] McGrath, Michael P., Matthew Hicks, Thomas Wiest, and Daniel C. McPherson.
"Controlling utilization in a multi-tenant platform-as-a-service (PaaS) environment in a cloud
computing system." U.S. Patent 8,850,432, issued September 30, 2014.
1 out of 13
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.