Week 4 Assignment
.docx
keyboard_arrow_up
School
Brigham Young University, Idaho *
*We aren’t endorsed by this school
Course
531
Subject
Computer Science
Date
Dec 6, 2023
Type
docx
Pages
6
Uploaded by niiquash
1
Week 4 Assignment
Ammon Nii Atiapa Quarshie
School of Computer Information Science, University of the Cumberlands
ITS-532-B03: Cloud Computing
Dr. Barcus Jackson
November 14, 2023
2
Malicious Employee Threat Mitigation
Securing cloud computing environments from internal threats, especially those posed by
malicious employees, presents a set of challenges and complexities. As businesses and
organizations increasingly rely on cloud infrastructure to store and process sensitive data, the
potential for insider threats becomes more critical. Malicious employees with access to cloud
systems can compromise data integrity, confidentiality, and availability. This makes necessary a
comprehensive and proactive security strategy tailored to the unique dynamics of cloud
computing. In this context, mitigating the risk of malicious insiders involves not only traditional
security measures but also requires leveraging cloud-specific controls, monitoring mechanisms,
and user behavior analytics to ensure a resilient defense against internal threats within the
dynamic landscape of cloud environments.
According to Mahajan & Sharma (2015), a malicious insider refers to an employee of the
Cloud Service Provider who exploits their position for personal gain or other malicious
objectives, such as disgruntled employees seeking retribution. The risk posed by a malicious
insider is widely acknowledged by most organizations. For consumers of cloud services, this
threat is magnified due to the integration of IT services and customers within a unified
management domain, coupled with a general lack of transparency regarding provider processes
and procedures. In addition to complexity, there is typically limited visibility into the hiring
standards and practices for cloud employees. This situation becomes an enticing opportunity for
potential adversaries, ranging from amateur hackers to organized crime or even nation-state
sponsored intrusions. The level of access granted in such scenarios could empower adversaries to
acquire confidential data or assume complete control over cloud services with minimal risk of
detection.
3
Mahajan & Sharma (2015), further explain the motives that may be behind malicious
employees’ attacks. Hackers engage in various motives, each driven by different goals and
intentions. First and foremost, the allure of stealing valuable data serves as a significant
motivation. Data stored on the internet often holds immense value, some even valued in millions
of dollars. Gaining access to such valuable information provides hackers with the means to
generate revenue, as exemplified by instances like WikiLeaks. Another motivation lies in causing
controversy; certain attackers thrive on the thrill of chaos, and the internet, particularly the
Cloud, becomes an appealing medium for its popularity and the likelihood of successful data
theft. Additionally, revenge can be a powerful motivator, especially for former employees who,
having lost their positions, may express dissatisfaction by hacking into their former
organization's network, a task made easier when the organization utilizes Cloud services.
Conversely, some hackers adopt a helpful approach, identifying security flaws in an
organization's system to aid in improvement. Others seek to prove their intellect and gain
prestige by targeting large organizations with robust security mechanisms, turning hacking into a
career. Lastly, a group of hackers may act out of sheer curiosity, wanting to learn more about a
company or organization. While their intent may not be malicious, their actions can still pose a
danger, even if unintentional rule-breaking is involved.
In recent events, many organizations have had to deal with insider threats. One major
incident occurred at General Electric (GE). In a well-known case of insider threat, two
employees at General Electric (GE) executed a scheme involving the unauthorized download of
numerous files containing trade secrets from the company's servers. Subsequently, these files
were either uploaded to cloud storage or sent to private email addresses. Additionally, the
malicious insiders managed to persuade a system administrator to grant them improper access to
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Related Questions
Answer ASAP
arrow_forward
Hi I want to make a video presentation on this topic which should be 5 mins atleast, so need help below format:
Discussion: Misadventures of a Nation State Podcast
Discuss Darknet Diaries Episode 10. Why is this a video discussion instead of a written response? It is an important skill to master to be able to present and summarize the key concepts of a complex cybersecurity incident in a short time frame. Remember that unless you are talking to other cybersecurity professionals, probably no one thinks this stuff is as interesting as you do.
Instructions: The main purpose of the video discussion assignments is to get you to dig into the main four cybersecurity frameworks and references we use in the class. Use the context of the specific security incident to explore and explain some aspects of the NIST CSF, the CIS CSCs, ACSC Strategies to Mitigate Cyber Incidents, and the MITRE ATT&CK matrix.
Keep each discussion sub-topic focused and to approximately 1 minute for a TOTAL video…
arrow_forward
What are the potential security vulnerabilities and countermeasures in cloud computing environments?
arrow_forward
Is there a possibility that cloud security regulations might be impacted by data breaches? What are some of the countermeasures that may be taken?
arrow_forward
Explore the challenges and best practices for cloud security. Discuss techniques and tools for ensuring data privacy and compliance in a cloud environment.
arrow_forward
"The impact of hacking on life" - For the last several years cyber-attacks/hacking are in the news on a seemingly continuous basis. Some of the most recent/largest hacking events include the Solarwinds hack that was the conduit for the major breach of many US Federal agencies and the disturbing Equifax hack from 2017. Have these events and the subsequent reporting caused you to change any habits/behaviors? Please provide your thoughts on this along with why you have or have not made any changes as a result of these events.
Hint: Please don't use chat gpt
arrow_forward
HI there,
thank you in advance. Please write the correct answer by answering True and False the following questions. Namny many thanks :)
[1] The BIA results can be utilized in The risk assessment.
[2] In a Cloud Computing Environment Customers should expect that the provider has no SPOFs within their facilities and architecture.
[3] Risk can not only be reduced but also eliminated.
[4] The cloud customer is always ultimately legally liable for any loss of data even if the cloud provider demonstrates negligence or malice.
[5] Infrastructure as a service (IaaS) is the cloud model in which the cloud customer has the most responsibility and authority.
[6] PII is a major component of regulatory compliance.
[7] PaaS contains everything included in IaaS with the addition of OSs.
[8] Public clouds are multitenant environments
arrow_forward
4. College Security
Computer and online security is a growing concern for businesses of all sizes. Computer
security issues range from viruses to automated Internet attacks to outright theft, the result
of which is lost information and lost time. Security issues pop up in news articles daily, and
most business owners understand the need to secure their businesses. Your college is no
different from any other business when it comes to information security. Draft a document
identifying the questions you should ask your college's CIO to ensure information security
across your campus.
arrow_forward
How can "file signature analysis" and "magic numbers" be used to determine file types and prevent malicious file uploads in web applications?
arrow_forward
please provide screenshots and step by step information
arrow_forward
Computer Science
Captive Portal APs are very commonly found in a variety of settings. Use the Internet to research Captive Portal APs. How are they typically used? What are their security vulnerabilities? What open source products are available? Write a one-page paper on your research.
arrow_forward
Part 4: Protecting Critical Infrastructure and the Homeland
The Department of Defense (DoD) Cyber Strategy 2018 discusses the protection of critical infrastructure and the homeland. What does that mean to private organizations such as yours? If most critical infrastructure in the United States is owned by the private sector, what responsibility does the DoD have in this regard? Some would argue US laws are outdated and thus the DoD has little authority to assist. Others would argue US laws were purposely established such that the private sector would defend itself and not need assistance from the military. Obviously, for the DoD to assist, it would need the private organizations' data. Said another way, the DoD would need your data as a private citizen/customer of that organization. Those that believe our laws need to be updated argue giving up privacy for protection is legitimate. Others will argue that we should not give private information of citizens to the government for any…
arrow_forward
Businesses struggle with data security practices43% of C-suite executives and 12% of small business owners (SBOs) have experienced a data breach,according to Shred-it.While businesses are getting better at protecting their customers’ personal and sensitive information,their focus on security training and protocols has declined in the last year. This decline could poseissues for businesses, as 83% of consumers say they prefer to do business with companies whoprioritize protecting their physical and digital data.The findings reinforce the need for business owners to have data protection policies in place as threatsto data security, both physical (including paper documents, laptop computers or external hard drives)and digital (including malware, ransomware and phishing scams), have outpaced efforts andinvestments to combat them.The report, which was completed prior to COVID-19, also exposes that more focus is needed aroundinformation security in the home, where C-suites and SBOs feel the…
arrow_forward
Is cloud security vulnerable to being seriously compromised by data breaches? Is there anything that can be done to prevent this from occurring again?
arrow_forward
Discussion Forum - Unit 7
Activity 1
TASK A:
Discuss the following questions, identifying possible reasons and motives for the users at both sides of the spectrum:
Discuss why users try to break into other user's computers and information systems
Discuss why users create viruses.
Discuss who owns electronic mail systems, and why they do
TASK B:
Answer the question posed in the Panama Papers Vignette - Was it wrong to hack and leak the Panama Papers?
What technology issues led to the security breach in the Panama Papers case. What is the possible business impact of this security breach for the law firm and its customers? What should the law firm do in the future to avoid similar incidents?
TASK C:
What is the difference between a business continuity plan and a disaster recovery plan?
arrow_forward
Businesses struggle with data security practices
43% of C-suite executives and 12% of small business owners (SBOs) have experienced a data breach, according to Shred-it.
While businesses are getting better at protecting their customers’ personal and sensitive information, their focus on security training and protocols has declined in the last year. This decline could pose issues for businesses, as 83% of consumers say they prefer to do business with companies who prioritize protecting their physical and digital data.
The findings reinforce the need for business owners to have data protection policies in place as threats to data security, both physical (including paper documents, laptop computers or external hard drives) and digital (including malware, ransomware and phishing scams), have outpaced efforts and investments to combat them.
The report, which was completed prior to COVID-19, also exposes that more focus is needed around information security in the home, where C-suites and…
arrow_forward
Protect data in the cloud using identity and access management (IAM) while maintaining a paradigm of shared responsibility. What exactly is cloud security, and how does it compare to the protection that is provided on-premises?
arrow_forward
What is the significance of data encryption in cloud security? Explain encryption techniques used in cloud computing.
arrow_forward
Question 17
A cloud data breach is more serious than an ordinary data center breach because:
Question 17 options:
There are fewer threats against cloud service providers.
A cloud data breach puts data of multiple users in the hands of attackers in a single go.
Generally less sensitive data is stored on clouds
Cloud systems inherently more secure than on premise.
arrow_forward
Is cloud security susceptible to assault during a data breach? If this occurs again, what steps may be taken to prevent it?
arrow_forward
Discuss the challenges and solutions associated with cloud computing security, including data privacy and compliance.
arrow_forward
Discuss the challenges and solutions related to cloud security and data privacy.
arrow_forward
Data Security is considered a senior Management concern and responsibility. It affects every company’s operation, reputation and ultimately impacts revenue, profits, and a competitive edge. Yet many companies do not implement defenses that could help to prevent and control data breaches. In June 2012 LinkedIn a business social network site was hacked, this data breach was discovered when IT security experts discovered millions of LinkedIn passwords on a Russian underground site. The reason this happened was that the company was using outdated encryption methods and within 2 days, most passwords were cracked. What steps can a business take to keep control of its data security? What security management processes and activities in each process should a business follow to ensure they have an Information Technology Risk management strategy in place?
arrow_forward
Define/Explain the topic fully and identify the role that particular term, concept, or analysis plays in EITHER attacking or protecting digital assets.
List 1:
Database
Database management system (DBMS)
Structured query language (SQL)
Relational database
Table of data consisting of rows (tuples) and columns (attributes)
Primary and Foreign Keys
Database access control
List 2:
Malicious software (malware)
Terminology for malicious software
Viruses –mechanism, trigger, payload
dormant, propagation, triggering, and
execution phases
Boot sector infector
Polymorphic, and metamorphic viruses
worms
Scanning/fingerprinting
Spam e-mail/trojans – social engineering
System corruption
Bots
Remote control (command and control)
Phishing
Backdoor/trapdoor
Rootkit
Countermeasures
List 3:
Denial-of-service (DoS) attacks
Distributed DDoS attacks
Reflection attacks
Amplification attacks
DNS amplification attacks
Application-based bandwidth attacks
SIP flood
HTTP-based attacks
Defenses against DoS…
arrow_forward
What are the essential security considerations for organizations migrating their data and applications to the cloud?
arrow_forward
Enumerate common security vulnerabilities associated with cloud computing.
arrow_forward
SEE MORE QUESTIONS
Recommended textbooks for you
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Related Questions
- Answer ASAParrow_forwardHi I want to make a video presentation on this topic which should be 5 mins atleast, so need help below format: Discussion: Misadventures of a Nation State Podcast Discuss Darknet Diaries Episode 10. Why is this a video discussion instead of a written response? It is an important skill to master to be able to present and summarize the key concepts of a complex cybersecurity incident in a short time frame. Remember that unless you are talking to other cybersecurity professionals, probably no one thinks this stuff is as interesting as you do. Instructions: The main purpose of the video discussion assignments is to get you to dig into the main four cybersecurity frameworks and references we use in the class. Use the context of the specific security incident to explore and explain some aspects of the NIST CSF, the CIS CSCs, ACSC Strategies to Mitigate Cyber Incidents, and the MITRE ATT&CK matrix. Keep each discussion sub-topic focused and to approximately 1 minute for a TOTAL video…arrow_forwardWhat are the potential security vulnerabilities and countermeasures in cloud computing environments?arrow_forward
- Is there a possibility that cloud security regulations might be impacted by data breaches? What are some of the countermeasures that may be taken?arrow_forwardExplore the challenges and best practices for cloud security. Discuss techniques and tools for ensuring data privacy and compliance in a cloud environment.arrow_forward"The impact of hacking on life" - For the last several years cyber-attacks/hacking are in the news on a seemingly continuous basis. Some of the most recent/largest hacking events include the Solarwinds hack that was the conduit for the major breach of many US Federal agencies and the disturbing Equifax hack from 2017. Have these events and the subsequent reporting caused you to change any habits/behaviors? Please provide your thoughts on this along with why you have or have not made any changes as a result of these events. Hint: Please don't use chat gptarrow_forward
- HI there, thank you in advance. Please write the correct answer by answering True and False the following questions. Namny many thanks :) [1] The BIA results can be utilized in The risk assessment. [2] In a Cloud Computing Environment Customers should expect that the provider has no SPOFs within their facilities and architecture. [3] Risk can not only be reduced but also eliminated. [4] The cloud customer is always ultimately legally liable for any loss of data even if the cloud provider demonstrates negligence or malice. [5] Infrastructure as a service (IaaS) is the cloud model in which the cloud customer has the most responsibility and authority. [6] PII is a major component of regulatory compliance. [7] PaaS contains everything included in IaaS with the addition of OSs. [8] Public clouds are multitenant environmentsarrow_forward4. College Security Computer and online security is a growing concern for businesses of all sizes. Computer security issues range from viruses to automated Internet attacks to outright theft, the result of which is lost information and lost time. Security issues pop up in news articles daily, and most business owners understand the need to secure their businesses. Your college is no different from any other business when it comes to information security. Draft a document identifying the questions you should ask your college's CIO to ensure information security across your campus.arrow_forwardHow can "file signature analysis" and "magic numbers" be used to determine file types and prevent malicious file uploads in web applications?arrow_forward
- please provide screenshots and step by step informationarrow_forwardComputer Science Captive Portal APs are very commonly found in a variety of settings. Use the Internet to research Captive Portal APs. How are they typically used? What are their security vulnerabilities? What open source products are available? Write a one-page paper on your research.arrow_forwardPart 4: Protecting Critical Infrastructure and the Homeland The Department of Defense (DoD) Cyber Strategy 2018 discusses the protection of critical infrastructure and the homeland. What does that mean to private organizations such as yours? If most critical infrastructure in the United States is owned by the private sector, what responsibility does the DoD have in this regard? Some would argue US laws are outdated and thus the DoD has little authority to assist. Others would argue US laws were purposely established such that the private sector would defend itself and not need assistance from the military. Obviously, for the DoD to assist, it would need the private organizations' data. Said another way, the DoD would need your data as a private citizen/customer of that organization. Those that believe our laws need to be updated argue giving up privacy for protection is legitimate. Others will argue that we should not give private information of citizens to the government for any…arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Fundamentals of Information SystemsComputer ScienceISBN:9781337097536Author:Ralph Stair, George ReynoldsPublisher:Cengage LearningDatabase Systems: Design, Implementation, & Manag...Computer ScienceISBN:9781305627482Author:Carlos Coronel, Steven MorrisPublisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning