Comprehensive Risk Assessment Report: Cloud Architecture Security
VerifiedAdded on 2021/04/17
|15
|2969
|384
Report
AI Summary
This report presents a comprehensive risk assessment of a proposed cloud architecture, conducted using the ISO 27001 standards. It begins with an executive summary, followed by an introduction outlining the benefits of the ISO 27001 framework for security risk analysis, including improved security measures and standardized reporting. The report details owner specifications for various assets like cloud storage, virtual servers, and firewalls. It identifies potential threats associated with each asset, such as data theft and unauthorized access, and lists relevant vulnerabilities with CVE numbers. The Boston grid method is used to compute risk levels, and an impact table is provided. The report concludes with an overall analysis of the findings and a justification for the selected security measures, emphasizing the importance of certified security systems for building customer trust and streamlining business operations.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: CLOUD ARCHITECTURE RISK ASSESSMENT
CLOUD ARCHITECTURE RISK ASSESSMENT
Name of the student:
Name of the university:
Author note:
CLOUD ARCHITECTURE RISK ASSESSMENT
Name of the student:
Name of the university:
Author note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1CLOUD ARCHITECTURE RISK ASSESSMENT
Executive summary:
The cloud architecture has several primary and secondary assets which constitutes the overall
architecture. The asset poses security threats for the network and the cloud system. The security
concern can be network security, data security and overall system security due to data theft and illegal
access of the customer database.
In order to provide security assessment for the proposed architectural model the ISO 27001 model is
recommended. There are various benefits of using the ISO 27001 standards for the risk assessment. The
advantages are the improved security measures, standard security report, identifications of flaws in the
cloud system and standard security assessment which is independent and unbiased thus increasing the
reliability of the assessment.
In order to deal with the sensitive data of the customers, there are various legal constraints
imposed on the operations. These kind of legal constrains affect the business flow in various levels. In
order to avoid the legal issues of dealing with the customer data, certifications for the security system is
very necessary. The certifications must be well recognized to increase the authenticity of the security
system and The ISO 27001 provides that necessary assurance of the security standards that assure
smooth business operation.
It is important to have certified security hallmark for the security system. The prime benefit of
having a security system that has international certifications is that it increases the confidence of the
customer in the system as well as in the organization. It assures the customers that the data they are
providing to the organization is safe and secure. It also reduces the necessity for conducting onsite
security audits that is not only lengthy but costly as well.
Executive summary:
The cloud architecture has several primary and secondary assets which constitutes the overall
architecture. The asset poses security threats for the network and the cloud system. The security
concern can be network security, data security and overall system security due to data theft and illegal
access of the customer database.
In order to provide security assessment for the proposed architectural model the ISO 27001 model is
recommended. There are various benefits of using the ISO 27001 standards for the risk assessment. The
advantages are the improved security measures, standard security report, identifications of flaws in the
cloud system and standard security assessment which is independent and unbiased thus increasing the
reliability of the assessment.
In order to deal with the sensitive data of the customers, there are various legal constraints
imposed on the operations. These kind of legal constrains affect the business flow in various levels. In
order to avoid the legal issues of dealing with the customer data, certifications for the security system is
very necessary. The certifications must be well recognized to increase the authenticity of the security
system and The ISO 27001 provides that necessary assurance of the security standards that assure
smooth business operation.
It is important to have certified security hallmark for the security system. The prime benefit of
having a security system that has international certifications is that it increases the confidence of the
customer in the system as well as in the organization. It assures the customers that the data they are
providing to the organization is safe and secure. It also reduces the necessity for conducting onsite
security audits that is not only lengthy but costly as well.
2CLOUD ARCHITECTURE RISK ASSESSMENT
Table of Contents
Executive summary:....................................................................................................................................1
Introduction:...............................................................................................................................................3
Risk Assessment:.........................................................................................................................................4
Owner specification:...............................................................................................................................4
Type of assets:.........................................................................................................................................5
Threats for each asset:............................................................................................................................6
Threats with cloud storage:................................................................................................................6
Threats with virtual servers:...............................................................................................................6
Threats with firewall:..........................................................................................................................6
Threats with the intranet:...................................................................................................................6
Threats with web and mail servers:....................................................................................................7
Threats with the firmware and the admin and user pc:......................................................................7
Vulnerabilities for each asset:.................................................................................................................8
Level computation, using Boston gird:..................................................................................................10
Impact table specification:....................................................................................................................11
Risk identification with the risk level, using Boston grid:......................................................................12
Reference:.................................................................................................................................................13
Table of Contents
Executive summary:....................................................................................................................................1
Introduction:...............................................................................................................................................3
Risk Assessment:.........................................................................................................................................4
Owner specification:...............................................................................................................................4
Type of assets:.........................................................................................................................................5
Threats for each asset:............................................................................................................................6
Threats with cloud storage:................................................................................................................6
Threats with virtual servers:...............................................................................................................6
Threats with firewall:..........................................................................................................................6
Threats with the intranet:...................................................................................................................6
Threats with web and mail servers:....................................................................................................7
Threats with the firmware and the admin and user pc:......................................................................7
Vulnerabilities for each asset:.................................................................................................................8
Level computation, using Boston gird:..................................................................................................10
Impact table specification:....................................................................................................................11
Risk identification with the risk level, using Boston grid:......................................................................12
Reference:.................................................................................................................................................13
3CLOUD ARCHITECTURE RISK ASSESSMENT
Introduction:
The risk assessment of the proposed cloud architecture will be done using the ISO 27001
standards. It is a standard method used for the security risk analysis and gives a clear overview of the
security related factors. There are various benefits of using the ISO 27001 standards for the risk
assessment. The advantages are the improved security measures, standard security report, identifications
of flaws in the cloud system and standard security assessment (Alebrahim et al. 2015)
The standard provides a systematic approach to examine the risk of the implemented information
security system with a reference to the associated threats, vulnerabilities and impact of the threat that is
unique to the organization (Kurnianto, Isnanto and Widodo 2018).
Based on the analysis, it provides the most effective solutions to address those needs that will
improve the security of the system. It also provides the continuous assessments of security infrastructure
to meet with issues related to the system infrastructure.
The ISO 27001 is well a well recognized international standard for security assessment that
follows the criteria mentioned above. The certification, being independent and unbiased increases the
authenticity. The certification provides a systematic and scientific overview of the existing information
security practices (Hoy and Foley 2015).
The assessment report first discuses about the owner specifications that basically describes about
the hardware and software specifications used for the cloud system design. The threats associated with
each asset have also been discussed in the report. The Vulnerabilities associated with those assets has also
been highlighted with official CVE number. The Boston grid method has been used to compute the risk
level. The impact table specification has been provided in the report. With the help of the Boston grid the
risk associated with the project has been identified with the appropriate risk level. The report concludes
with the overall findings of the report with a justification for the chosen security measure.
Introduction:
The risk assessment of the proposed cloud architecture will be done using the ISO 27001
standards. It is a standard method used for the security risk analysis and gives a clear overview of the
security related factors. There are various benefits of using the ISO 27001 standards for the risk
assessment. The advantages are the improved security measures, standard security report, identifications
of flaws in the cloud system and standard security assessment (Alebrahim et al. 2015)
The standard provides a systematic approach to examine the risk of the implemented information
security system with a reference to the associated threats, vulnerabilities and impact of the threat that is
unique to the organization (Kurnianto, Isnanto and Widodo 2018).
Based on the analysis, it provides the most effective solutions to address those needs that will
improve the security of the system. It also provides the continuous assessments of security infrastructure
to meet with issues related to the system infrastructure.
The ISO 27001 is well a well recognized international standard for security assessment that
follows the criteria mentioned above. The certification, being independent and unbiased increases the
authenticity. The certification provides a systematic and scientific overview of the existing information
security practices (Hoy and Foley 2015).
The assessment report first discuses about the owner specifications that basically describes about
the hardware and software specifications used for the cloud system design. The threats associated with
each asset have also been discussed in the report. The Vulnerabilities associated with those assets has also
been highlighted with official CVE number. The Boston grid method has been used to compute the risk
level. The impact table specification has been provided in the report. With the help of the Boston grid the
risk associated with the project has been identified with the appropriate risk level. The report concludes
with the overall findings of the report with a justification for the chosen security measure.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4CLOUD ARCHITECTURE RISK ASSESSMENT
Risk Assessment:
Owner specification:
Entities vendors
Cloud storage CTERA
Virtual server F5
Mail and web server Amazon
Intranetwork Microsoft
firewall Juniper networks
Firmware for admin pc Compulabe
Authentication server Symantec
Customer database MEDHOST
Risk Assessment:
Owner specification:
Entities vendors
Cloud storage CTERA
Virtual server F5
Mail and web server Amazon
Intranetwork Microsoft
firewall Juniper networks
Firmware for admin pc Compulabe
Authentication server Symantec
Customer database MEDHOST
5CLOUD ARCHITECTURE RISK ASSESSMENT
Type of assets:
The primary assets are those that need to be incorporated at the first place to implement other
assets. The second type of assets are known as secondary assets (Puiler, Martinez and Hill 2015).
To implement the cloud architecture both hardware and software is needed. However the
software must be first incorporated first to enable the hardware to support the cloud architecture.
Hence software is the primary assets and supported hardware is the secondary asset. The primary
assets include
Cloud storage
Virtual servers
Firewall
Firmware
Intranet
Internet
Web and email server
The secondary assets include:
Admin pc
Human resource pc
User pc
Type of assets:
The primary assets are those that need to be incorporated at the first place to implement other
assets. The second type of assets are known as secondary assets (Puiler, Martinez and Hill 2015).
To implement the cloud architecture both hardware and software is needed. However the
software must be first incorporated first to enable the hardware to support the cloud architecture.
Hence software is the primary assets and supported hardware is the secondary asset. The primary
assets include
Cloud storage
Virtual servers
Firewall
Firmware
Intranet
Internet
Web and email server
The secondary assets include:
Admin pc
Human resource pc
User pc
6CLOUD ARCHITECTURE RISK ASSESSMENT
Threats for each asset:
Threats with cloud storage:
The cloud storage is provided by the third party service provider and located remotely. It is not
possible to take full control over the storage (Almorsy, Grundy and Muller 2016).
The options used for login to grant storage access is not totally secure which has been identified
by the hackers. Hence, there is high risk of data theft stored in the cloud storage (Almorsy, Grundy and
Muller 2016).
Threats with virtual servers:
Virtual server needs high level of administrations knowledge and if the administrator has lack of
understanding of the servers, then the server is likely to face security issues due to unauthorized access.
Virtual servers should be updated with the regular security patches; otherwise the server
becomes less secure and makes it easy to hack (Jokar, Arianpoo and Leung 2016).
Threats with firewall:
Firewall helps to create protection for the internal network against the attacks made via the
external internet. However, it is not suitable to defend the network against the internal security flaws.
If the system allows external communication like receiving emails from the outside sources, the
firewall cannot prevent the communication and detect flaws, if any (Singh, Jeong and Park 2016).
Threats with the intranet:
Intranet is used for the internal communication within the organization. This makes employees
fell that the network is fully secured and is not accessible from outside and due to this often weak
password is used for the login to profiles hosted on the network. This has the potential to make the
network less secure (Wang, Wei and Vangury 2014).
The access to the network is easily given to the peoples belonging to the organizations which
pose a security threats if the network is not handled properly.
Threats for each asset:
Threats with cloud storage:
The cloud storage is provided by the third party service provider and located remotely. It is not
possible to take full control over the storage (Almorsy, Grundy and Muller 2016).
The options used for login to grant storage access is not totally secure which has been identified
by the hackers. Hence, there is high risk of data theft stored in the cloud storage (Almorsy, Grundy and
Muller 2016).
Threats with virtual servers:
Virtual server needs high level of administrations knowledge and if the administrator has lack of
understanding of the servers, then the server is likely to face security issues due to unauthorized access.
Virtual servers should be updated with the regular security patches; otherwise the server
becomes less secure and makes it easy to hack (Jokar, Arianpoo and Leung 2016).
Threats with firewall:
Firewall helps to create protection for the internal network against the attacks made via the
external internet. However, it is not suitable to defend the network against the internal security flaws.
If the system allows external communication like receiving emails from the outside sources, the
firewall cannot prevent the communication and detect flaws, if any (Singh, Jeong and Park 2016).
Threats with the intranet:
Intranet is used for the internal communication within the organization. This makes employees
fell that the network is fully secured and is not accessible from outside and due to this often weak
password is used for the login to profiles hosted on the network. This has the potential to make the
network less secure (Wang, Wei and Vangury 2014).
The access to the network is easily given to the peoples belonging to the organizations which
pose a security threats if the network is not handled properly.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CLOUD ARCHITECTURE RISK ASSESSMENT
Threats with web and mail servers:
The web and mail servers in the network are secured using the firewall. However, the firewall
too has limitations and it is not a complete solution for network security. The attackers, by finding
security flaws in the firewall can get access to the servers and steal important data (Wang, Wei and
Vangury 2014).
Threats with the firmware and the admin and user pc:
Firmware is not protected using the signed cryptography. This makes firmware easy to hack,
thus gaining access to the computer systems and the hardware it contains which allows to access and
steal important data in the system (Singh, Jeong and Park 2016) .
The admin pc as well as the user pc connected to the overall network is subject to security
threats.
Threats with web and mail servers:
The web and mail servers in the network are secured using the firewall. However, the firewall
too has limitations and it is not a complete solution for network security. The attackers, by finding
security flaws in the firewall can get access to the servers and steal important data (Wang, Wei and
Vangury 2014).
Threats with the firmware and the admin and user pc:
Firmware is not protected using the signed cryptography. This makes firmware easy to hack,
thus gaining access to the computer systems and the hardware it contains which allows to access and
steal important data in the system (Singh, Jeong and Park 2016) .
The admin pc as well as the user pc connected to the overall network is subject to security
threats.
8CLOUD ARCHITECTURE RISK ASSESSMENT
Vulnerabilities for each asset:
CVE-2013-2639
Vulnerability was found in the CTERA cloud storage. The vulnerability is related to the Cross-site
scripting (XSS). With the help of the scripting, remote attackers can inject web script arbitrarily. The
script can also inject HTML through description contained in a project folder (Cvedetails.com 2018).
CVE-2016-9245
The vulnerability is related to the F5 BIG-IP systems, the platform used for the Virtual servers.
The attackers can make malicious request that will be passed to the virtual servers through an HTTP
profile. This has the capability to restart the TMM. This Vulnerability is applicable to the all the BIG-IP
APM profiles irrespective of the settings applied to the profiles. The issue is also applicable non-default
"Normalize URI”, a configuration used for iRules. The issue is also exposed with the BIG-IP LTM policies.
With the help of this Vulnerability, it is possible for the attackers to create disruption in the traffic or
create failure in the BIG-IP system (Cve.mitre.org 2018).
CVE-2008-6096
This vulnerability is related with Juniper NetScreen ScreenOS that is used for the DMZ network
in the cloud architecture. With the help of the cross-site scripting, it is possible for the remote attackers
to inject web script arbitrarily. The script can also inject HTML through user name parameters used in
the web interface of the user login page (Cve.mitre.org 2018).
CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" also known as the
mod_auth_openidc is used for the HTTP authentication server maintained by Apache software
foundation. The server does not have the ability to skip the OIDC_CLAIM_ and OIDCAuthNHeader
headers in an "OIDCUnAuthAction pass" configuration. This enables the attackers in bypassing the
authentication request made through the HTTP traffic (Cve.mitre.org 2018).
CVE-2017-11693
The vulnerability is related with the MEDHOST, a document management system that is used for
creating customer database in the cloud infrastructure. The system uses hard-coded credentials that are
necessary to request access to the database. It is not impossible for the unauthorized users to access the
database. All it takes is the knowledge of those credentials. With the help of those hard coded
credentials, it is possible for the attackers to directly communicate with the database. It is even possible
for the attackers to create modifications in the database by accessing the sensitive information
contained in the database. The database is designed with the PostgreSQL. The Account name is dms and
Vulnerabilities for each asset:
CVE-2013-2639
Vulnerability was found in the CTERA cloud storage. The vulnerability is related to the Cross-site
scripting (XSS). With the help of the scripting, remote attackers can inject web script arbitrarily. The
script can also inject HTML through description contained in a project folder (Cvedetails.com 2018).
CVE-2016-9245
The vulnerability is related to the F5 BIG-IP systems, the platform used for the Virtual servers.
The attackers can make malicious request that will be passed to the virtual servers through an HTTP
profile. This has the capability to restart the TMM. This Vulnerability is applicable to the all the BIG-IP
APM profiles irrespective of the settings applied to the profiles. The issue is also applicable non-default
"Normalize URI”, a configuration used for iRules. The issue is also exposed with the BIG-IP LTM policies.
With the help of this Vulnerability, it is possible for the attackers to create disruption in the traffic or
create failure in the BIG-IP system (Cve.mitre.org 2018).
CVE-2008-6096
This vulnerability is related with Juniper NetScreen ScreenOS that is used for the DMZ network
in the cloud architecture. With the help of the cross-site scripting, it is possible for the remote attackers
to inject web script arbitrarily. The script can also inject HTML through user name parameters used in
the web interface of the user login page (Cve.mitre.org 2018).
CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" also known as the
mod_auth_openidc is used for the HTTP authentication server maintained by Apache software
foundation. The server does not have the ability to skip the OIDC_CLAIM_ and OIDCAuthNHeader
headers in an "OIDCUnAuthAction pass" configuration. This enables the attackers in bypassing the
authentication request made through the HTTP traffic (Cve.mitre.org 2018).
CVE-2017-11693
The vulnerability is related with the MEDHOST, a document management system that is used for
creating customer database in the cloud infrastructure. The system uses hard-coded credentials that are
necessary to request access to the database. It is not impossible for the unauthorized users to access the
database. All it takes is the knowledge of those credentials. With the help of those hard coded
credentials, it is possible for the attackers to directly communicate with the database. It is even possible
for the attackers to create modifications in the database by accessing the sensitive information
contained in the database. The database is designed with the PostgreSQL. The Account name is dms and
9CLOUD ARCHITECTURE RISK ASSESSMENT
the password is hard-coded which is same not only throughout the applications but also same across all
the installation process. The customer does not have any option to change the password either. The
dms account connected to the PostgreSQL can access the database schema used for the DMS
(Cve.mitre.org 2018).
CVE-2017-9457
The vulnerability is identified with the firmware that is used in the admin pc. The firmware is
made by the Compulabe. The main issue with the firmware is that it does not include the signature
checking for firmware updates. Due to this, it is possible for anyone to modify the firmware setting
during the system flash. The modification can be done using the Phoenix “UEFI update program”. It is
not hard to obtain the Phoenix utility program. The DOS or the Windows version of the program can be
easily downloaded online. With the help of the utility program, rootkit can be installed to the computer
at the firmware level, which has the ability to corrupt the entire system, leading to the denial of the
service, even by the admin profile (Cve.mitre.org 2018).
The installation does not require the permission of the admin and the process can be completed
at the background without the knowledge of the user. Once the installation is done, it is not easily
detectable by the utilities provided by the operating service.
CVE-2017-8514
The vulnerability is related to the intranetwork that is used for the internal device connections
in the network. The intra network used is the architecture is the Microsoft SharePoint technology. The
issue that is identified in this context is that network is not strong enough to prevent unauthorized users
to access the data that is meant to be kept private and secure. Once the hackers get access to the
network, they can use the victim’s identity and perform action on behalf of the user, like changing
security setting, deleting content and it is even possible to steal important data like browser cookies and
inject malicious codes in the browser of the user (Cve.mitre.org 2018).
CVE-2017-9450
The vulnerability is the identified with the web and mail service provider Amazon Web
Services ,also known as AWS. The bootstrap tools packed called CloudFormation permits the users in
executing codes arbitrarily with root access. It helps the users in creating local files in the directory, not
specified in the system (Cve.mitre.org 2018).
the password is hard-coded which is same not only throughout the applications but also same across all
the installation process. The customer does not have any option to change the password either. The
dms account connected to the PostgreSQL can access the database schema used for the DMS
(Cve.mitre.org 2018).
CVE-2017-9457
The vulnerability is identified with the firmware that is used in the admin pc. The firmware is
made by the Compulabe. The main issue with the firmware is that it does not include the signature
checking for firmware updates. Due to this, it is possible for anyone to modify the firmware setting
during the system flash. The modification can be done using the Phoenix “UEFI update program”. It is
not hard to obtain the Phoenix utility program. The DOS or the Windows version of the program can be
easily downloaded online. With the help of the utility program, rootkit can be installed to the computer
at the firmware level, which has the ability to corrupt the entire system, leading to the denial of the
service, even by the admin profile (Cve.mitre.org 2018).
The installation does not require the permission of the admin and the process can be completed
at the background without the knowledge of the user. Once the installation is done, it is not easily
detectable by the utilities provided by the operating service.
CVE-2017-8514
The vulnerability is related to the intranetwork that is used for the internal device connections
in the network. The intra network used is the architecture is the Microsoft SharePoint technology. The
issue that is identified in this context is that network is not strong enough to prevent unauthorized users
to access the data that is meant to be kept private and secure. Once the hackers get access to the
network, they can use the victim’s identity and perform action on behalf of the user, like changing
security setting, deleting content and it is even possible to steal important data like browser cookies and
inject malicious codes in the browser of the user (Cve.mitre.org 2018).
CVE-2017-9450
The vulnerability is the identified with the web and mail service provider Amazon Web
Services ,also known as AWS. The bootstrap tools packed called CloudFormation permits the users in
executing codes arbitrarily with root access. It helps the users in creating local files in the directory, not
specified in the system (Cve.mitre.org 2018).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10CLOUD ARCHITECTURE RISK ASSESSMENT
Level computation, using Boston gird:
Level computation, using Boston gird:
11CLOUD ARCHITECTURE RISK ASSESSMENT
Impact table specification:
Security issues Impact
Protection of data Medium
Interface attack Low
SSH attack Medium
Virtualization of hardware Medium
Virtualization of software High
Malicious code High
Utility computing Low
SLA High
Impact table specification:
Security issues Impact
Protection of data Medium
Interface attack Low
SSH attack Medium
Virtualization of hardware Medium
Virtualization of software High
Malicious code High
Utility computing Low
SLA High
12CLOUD ARCHITECTURE RISK ASSESSMENT
Risk identification with the risk level, using Boston grid:
Identified risk Risk level
Privacy Medium
Signature Attack Low
Credential attack Medium
API attack Medium
User credential attack Medium
Publisher credential attack High
ARP Spoofing High
MAC spoofing Medium
Hack of computer system Low
Script High
Client attacks Low
Hacking High
Risk identification with the risk level, using Boston grid:
Identified risk Risk level
Privacy Medium
Signature Attack Low
Credential attack Medium
API attack Medium
User credential attack Medium
Publisher credential attack High
ARP Spoofing High
MAC spoofing Medium
Hack of computer system Low
Script High
Client attacks Low
Hacking High
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13CLOUD ARCHITECTURE RISK ASSESSMENT
Reference:
Alebrahim, A., Hatebur, D., Fassbender, S., Goeke, L. and Côté, I., 2015. A pattern-based and tool-
supported risk analysis method compliant to iso 27001 for cloud systems. International Journal of Secure
Software Engineering (IJSSE), 6(1), pp.24-46.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv
preprint arXiv:1609.01107.
Cve.mitre.org. (2018). CVE -CVE-2016-9245. [online] Available at:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9245 [Accessed 31 Mar. 2018].
Cve.mitre.org. (2018). CVE -Search Results. [online] Available at:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2008-6096 [Accessed 31 Mar. 2018].
Cve.mitre.org. (2018). CVE -Search Results. [online] Available at:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2017-6062 [Accessed 31 Mar. 2018].
Cve.mitre.org. (2018). CVE -Search Results. [online] Available at:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=+CVE-2017-11693 [Accessed 31 Mar. 2018].
Cve.mitre.org. (2018). CVE -Search Results. [online] Available at:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2017-9457 [Accessed 31 Mar. 2018].
Cve.mitre.org. (2018). CVE -Search Results. [online] Available at:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2017-8514 [Accessed 31 Mar. 2018].
Cve.mitre.org. (2018). CVE -Search Results. [online] Available at:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2017-9450 [Accessed 31 Mar. 2018].
Cvedetails.com. (2018). CVE-2013-2639 : Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage
OS before 3.2.29.0, 3.2.42.0, and earlier allows remote. [online] Available at:
https://www.cvedetails.com/cve/CVE-2013-2639/ [Accessed 31 Mar. 2018].
Hoy, Z. and Foley, A., 2015. A structured approach to integrating audits to create organisational
efficiencies: ISO 9001 and ISO 27001 audits. Total Quality Management & Business Excellence, 26(5-6),
pp.690-702.
Reference:
Alebrahim, A., Hatebur, D., Fassbender, S., Goeke, L. and Côté, I., 2015. A pattern-based and tool-
supported risk analysis method compliant to iso 27001 for cloud systems. International Journal of Secure
Software Engineering (IJSSE), 6(1), pp.24-46.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv
preprint arXiv:1609.01107.
Cve.mitre.org. (2018). CVE -CVE-2016-9245. [online] Available at:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9245 [Accessed 31 Mar. 2018].
Cve.mitre.org. (2018). CVE -Search Results. [online] Available at:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2008-6096 [Accessed 31 Mar. 2018].
Cve.mitre.org. (2018). CVE -Search Results. [online] Available at:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2017-6062 [Accessed 31 Mar. 2018].
Cve.mitre.org. (2018). CVE -Search Results. [online] Available at:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=+CVE-2017-11693 [Accessed 31 Mar. 2018].
Cve.mitre.org. (2018). CVE -Search Results. [online] Available at:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2017-9457 [Accessed 31 Mar. 2018].
Cve.mitre.org. (2018). CVE -Search Results. [online] Available at:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2017-8514 [Accessed 31 Mar. 2018].
Cve.mitre.org. (2018). CVE -Search Results. [online] Available at:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2017-9450 [Accessed 31 Mar. 2018].
Cvedetails.com. (2018). CVE-2013-2639 : Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage
OS before 3.2.29.0, 3.2.42.0, and earlier allows remote. [online] Available at:
https://www.cvedetails.com/cve/CVE-2013-2639/ [Accessed 31 Mar. 2018].
Hoy, Z. and Foley, A., 2015. A structured approach to integrating audits to create organisational
efficiencies: ISO 9001 and ISO 27001 audits. Total Quality Management & Business Excellence, 26(5-6),
pp.690-702.
14CLOUD ARCHITECTURE RISK ASSESSMENT
Jokar, P., Arianpoo, N. and Leung, V., 2016. A survey on security issues in smart grids. Security and
Communication Networks, 9(3), pp.262-273.
Kurnianto, A., Isnanto, R. and Widodo, A.P., 2018. Assessment of Information Security Management
System based on ISO/IEC 27001: 2013 On Subdirectorate of Data Center and Data Recovery Center in
Ministry of Internal Affairs. In E3S Web of Conferences (Vol. 31, p. 11013). EDP Sciences.
Pulier, E., Martinez, F. and Hill, D.C., ServiceMesh Inc, 2015. System and method for a cloud computing
abstraction layer. U.S. Patent 8,931,038.
Singh, S., Jeong, Y.S. and Park, J.H., 2016. A survey on cloud computing security: Issues, threats, and
solutions. Journal of Network and Computer Applications, 75, pp.200-222.
Wang, Y., Wei, J. and Vangury, K., 2014, January. Bring your own device security issues and challenges.
In Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th (pp. 80-85). IEEE.
Jokar, P., Arianpoo, N. and Leung, V., 2016. A survey on security issues in smart grids. Security and
Communication Networks, 9(3), pp.262-273.
Kurnianto, A., Isnanto, R. and Widodo, A.P., 2018. Assessment of Information Security Management
System based on ISO/IEC 27001: 2013 On Subdirectorate of Data Center and Data Recovery Center in
Ministry of Internal Affairs. In E3S Web of Conferences (Vol. 31, p. 11013). EDP Sciences.
Pulier, E., Martinez, F. and Hill, D.C., ServiceMesh Inc, 2015. System and method for a cloud computing
abstraction layer. U.S. Patent 8,931,038.
Singh, S., Jeong, Y.S. and Park, J.H., 2016. A survey on cloud computing security: Issues, threats, and
solutions. Journal of Network and Computer Applications, 75, pp.200-222.
Wang, Y., Wei, J. and Vangury, K., 2014, January. Bring your own device security issues and challenges.
In Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th (pp. 80-85). IEEE.
1 out of 15
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.