ITC596 - Cloud Computing & Cyber Attacks Risk Management Report

Verified

Added on 2023/06/08

AI Summary

This report delves into the critical aspects of IT risk management, focusing on the challenges and vulnerabilities associated with cloud computing and cyber attacks. It begins by defining cloud computing and its inherent risks, such as loss of visibility, unauthorized access, data deletion, and compromised administrative data. Various risk management techniques are then explored, including implementing robust protections, adhering to data exchange standards, utilizing single sign-on accounts, and employing end-to-end encryption. The report further addresses the rising issue of cyber attacks, detailing their consequences like data theft, fraud, malware, and denial-of-service attacks. It identifies different types of cyber attacks, including spyware, ransomware, malware, DDoS, brute force attacks, and phishing. Finally, the report outlines risk management techniques to combat these attacks, such as vulnerability scanning, intrusion detection systems, firewalls, employee training, regular antivirus updates, password changes, and data backups. This document is available on Desklib, a platform offering study tools and resources for students.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: IT RISK MANAGEMENT
Cloud Computing Risk Management and Cyber attacks
Name of the student:
Name of the university:
Author note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1IT RISK MANAGEMENT
Table of Contents
Task 1...............................................................................................................................................2
Cloud computing and risk management......................................................................................2
Risks of cloud computing........................................................................................................2
Risk management techniques..................................................................................................2
Task 2...............................................................................................................................................2
Cyber-attacks...............................................................................................................................2
Consequences of cyber-attacks................................................................................................2
Risk management techniques..................................................................................................2
References........................................................................................................................................2

2IT RISK MANAGEMENT
Task 1:
Cloud computing and risk management:
Cloud Computing is the method of using remote server networks held in internet that
stores manages and processes huge amount of data. Most of the IT companies are transferring all
its data to the cloud. Cloud computing is defined as computing with the help of internet (Arora,
Parashar & Transforming, 2013). In the past, people had to download software in their personal
computer in order to run a specific application or program. With the advancement of technology
and the discovery of cloud system, this has become quite easy and the same kind of application
was made available through the internet (Hashem, Yaqoob, Anuar, Mokhtar, Gani & Khan,
2015). It has a number of advantages like it can be accessible from everywhere, it is quite
flexible and secured.
Risks of cloud computing:
The cloud computing suffers from a number of disadvantages. There are various risks of
completely shifting to cloud. They are listed below:
 While shifting the assets and operations to cloud the organization lose visibility to several
assets and operation.
 Due to the lower costs of the PaaS and the SaaS products, the information in the cloud
becomes vulnerable to unauthorized access (Almorsy, Grundy & Müller, 2016). Illegal
access to cloud will result in identity theft and personal information theft.
 Sometimes in the cloud system tenants cannot be separated that gives the attackers an
opportunity to gain access to the resources of the organization from other organization
assets or data.

3IT RISK MANAGEMENT
 Another risk related to cloud computing is the deletion of data. When organization move
all its data to cloud then some of the data becomes inaccessible or cannot be viewed.
There lies the risk. The organization will not be able to track the data or check whether it
is there or not.
 If the hackers gain access to the users cloud account then they will easily be able to
access the organization administrative data. This will put the organization at risk.
To eliminate the risks related to cloud computing organisation should plan should plan strategies.
Risk mitigation processes should be undertaken to fight with the risks. The problems can be
solved at the organisation level.
Risk management techniques:
 Several protections should be implemented and account information should not be shared
between the users.
 Service agreements to exchange data with cloud should follow the current standards.
 An organisation can have several cloud services. However, the user should have a Single
sign-on account that will maintain single account information (Brender & Markov, 2013).
This will help the cloud system to maintain security in the data.
 Encryption is necessary. End-to-end encryption will help to secure the data in cloud. Data
should be encrypted before shifting it to cloud. These encrypted data can only be
decrypted with the help of correct encryption key. Therefore, information cannot be
stolen easily from the cloud. Even if it is stolen, the original data cannot be retrieved
unless the exact encryption key is used.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4IT RISK MANAGEMENT
Task 2:
Cyber-attacks:
Cyber-attacks is one of the rising issues in IT sector today. Hackers deliberately exploits
the computer network or systems by using malicious codes for altering data and cause
disruptions in the system (Rid & Buchanan, 2015). This leads to cybercrimes like data and
identity theft. Cyber-attacks are commonly known as Computer network attacks or CNA.
Consequences of cyber-attacks:
The main consequences of cyber-attacks on computer networks are listed below:
 Data theft, fraud and malware functioning of the system.
 Most common consequences of cyber-attacks like spoofing, spamming Trojans and
viruses that disrupts the system.
 DoS that is Denial of Service and Distributed Denial of Service.
 Exploitation of private and public web browsers.
Hackers does these activities to steal personal information of employees and provide them to the
rival companies. Some rival companies hire hackers to get this kind of information. This
information help them to make an idea of the business strategies that a particular company is
planning to increase its turnover rate. The hackers first create codes or programs that will steal or
copy the information from one computer system to the other. Then they introduce these codes
into a particular computer that performs all the desired actions and disrupts the working of it
(Hartmann & Steup, 2013). This creates a situation of distributed denial of service when all the
computers in the network denies service. The consequences of cyber- attack on business is loss
of money. There are eight types of cyber-attacks that can affect business. They are listed below:

5IT RISK MANAGEMENT
 Spyware- Spyware is a type of software that collects information without informing
others or in other words by spying.
 Ransomware- This is extreme version of spyware that mounts on a computer or other
smart devices and make changes accordingly so that the user is locked and cannot access
the computer.
 Malware- Malware is the software that is introduced in the computer externally by
hackers that internally makes changes in the system (Uma & Padmavathi, 2013). There
are several type of malware that exists like worms, viruses and Trojans.
 Distributed Denial of Service attack- This type of cyber-attack brings the entire system
or network into a halt.
 Brute force cyber-attack- This is an automated attack that tracks a password and figures
them out to enter into a network.
 Phishing- This is the attack process through emails.
Risk management techniques:
Considering the above attacks the business organisations should plan strategies to eliminate these
attacks. The methods that they follow are scanning the vulnerabilities of the attack, attack
detection systems and firewall (Mousavian, Valenzuela & Wang, 2015). Other methods like
training the employees with cyber security principles, updating the antiviruses regularly,
regularly changing passwords so that it cannot be tracked, and make copies of business
information that will act as a backup in case cyber-attack takes place.

6IT RISK MANAGEMENT
References:
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing
using encryption algorithms. International journal of engineering research and
applications, 3(4), 1922-1926.
Brender, N., & Markov, I. (2013). Risk perception and risk management in cloud computing:
Results from a case study of Swiss companies. International journal of information
management, 33(5), 726-733.
Hartmann, K., & Steup, C. (2013, June). The vulnerability of UAVs to cyber attacks-An
approach to the risk assessment. In Cyber Conflict (CyCon), 2013 5th International
Conference on (pp. 1-23). IEEE.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The
rise of “big data” on cloud computing: Review and open research issues. Information
Systems, 47, 98-115.
Mousavian, S., Valenzuela, J., & Wang, J. (2015). A probabilistic risk mitigation model for
cyber-attacks to PMU networks. IEEE Transactions on Power Systems, 30(1), 156-165.
Rid, T., & Buchanan, B. (2015). Attributing cyber attacks. Journal of Strategic Studies, 38(1-2),
4-37.
Uma, M., & Padmavathi, G. (2013). A Survey on Various Cyber Attacks and their Classification.
IJ Network Security, 15(5), 390-396.