Professional Documents
Culture Documents
Instructor’s Name
Since intrusion detection systems are of two type, the anomaly-based intrusion detection
pinpoint unknown attacks. The anomaly-based intrusion detection system can detect a new
malware, adapt them, and use machine learning technique to create baseline of trustworthy
activities. The Hybrid Intrusion detection system use signature-based and anomaly-based
tricking the intrusion prevention system into thinking that there is no attack taking place. Some
of the techniques from the cybercriminals that the IDS is capable of understanding include; low-
Composition
Intrusion Detection system(IDS) is made out of three distinct segments. The primary
segment is the sensors. Sensors are utilized to produce security occasions which trigger the
interruption discovery framework. The subsequent segment is a control center. The control
center is utilized to screen occasions and cautions and the control sensors. The third segment of
the guidance identification framework is a Motor/engine. The motor records all the information
found by the sensors in from the database and uses an arrangement of rules to create alarms from
Approach of implementation
Resource profiling: in this approach, IDS measures the system-wide use of resources
and make a historical profile. If there is an abnormal reading, the system registers that there is an
3
illicit activity underway (Greek for Greeks, 2020). However, this approach can be difficult for
the system since interpreting the meaning of changes that occur all over the system can be
challenging (Greek for Greeks, 2020). However, the approach is set to detect that if there is an
increase in the use of data or activity in history, there is something benign occurring such as an
I. Micro Focus ArcSight ESM: this type of SIEMs has an open architecture which
give ArcSight capabilities to stand out. The tool is capable of ingesting data from
wide range of sources than many other SIEMs products. Its structure can also be used
2. Solar winds Threats Monitor: it is a powerful security tool that focus on SIEM solutions
such as analyzing security logs and cross-checking the anomalies that comes with global threat
database. This toll is usually automated and give the users intelligent response on security events
and alerts.
i. Logical security, access control and Encryption risks: The risks occurs in SaaS
and PaaS. MTA cloud data services provides fundamental data security and
protection through encryption protocol and each tenant owe the encryption keys and
in some cases can manage, create, store, and destroy their own keys(Patrizio,2021).
ii. Management risks: They are risks that affects IaaS or PaaS. Their origin is from
iii. Governance, controlling and auditing risks: They are type of risks that are also
surrounded by SoD in the cloud computing context and are mostly around the role of
clarification and definition. It can occur in SaaS, IaaS or even on PaaS (Patrizio,2021)
b. Counter-measures
I. Isolation mechanism: to avoid data destruction risk, it is important to isolate the data
in case of challenges such as network or power outages which would limit data access to
challenges that may come with technical errors inhibiting data accessibility.
the third party that is it trustworthy. The multi-tenancy cloud system must be trusted by
other systems by setting reasonable metrics which can be used to determine if the system
can be trusted(Patrizio,2021). The history behavior can help to evaluate the property of a
system and evaluate if its valid or would result in management, governance, and legal
risks.
III. Homomorphic encryption: it is a mechanism in which cipher text is processed without the
need to decrypt the data prior to processing (Patrizio, 2021). The process helps to
Microsoft Azure would be suitable cloud service to migrate into for the business
enterprise. The cloud will help the organization achieve its target such as development of
department and storage infrastructure because it offers storage services and data management. It
is possible to store data and access them in Azure cloud using SMB, REST, AND APIs
protocols. Data management services are offered whereby department development will be
possible in that there is a subset structure that helps with data handling, warehousing, and SQL
which would help in creating segments for different departments (Drake & Turner, 2021).
In addition, Microsoft azure helps with computation and analytical services which is one
of the aimed benefit for the enterprise. The organization aims at marketing, sales, and analytical
services and with Azure, it will be possible to public and manage website data and market to
potential customers. This can help with customer support especially with the virtual machines in
Linus and Microsoft windows platforms (Drake & Turner, 2021). It will also be possible to have
HR processes done with Microsoft azure in that it provides users with global content delivery
network(CDN) for images, videos, and applications that HR department would require for the
team force (Drake & Turner, 2021). It will be easy for the HR department to manage its
Since Azure has media services, engineering department will be engaged to help with
analytics, encoding, and streaming of products that need to be marketed through the enterprise’
website. This will make it convenient for customers to make enquiries at any time of the day
since the cloud system would help in storing and retrieving information for 24/7. However, it is
7
advisable for the enterprise to have backup plans in the case where management risks may occur
With plan B, customer support would be increased although in rare cases, Microsoft
azure has been observed to have major issues such as system failure. However, risks from the
enterprise side such as power outages can result in breakdown of management processes though
the cloud servers. There are additional services such as availability of HockeyApp in the cloud
computing system which is designed for mobile uses for development, and testing of mobile
Apps (Spring People, 2017). The team members or the engineering department can use the Apps
though mobile phones as alternatives when desktops have prompt issues. The app helps with
collecting real-time analytics that show the behavior of users and provide notification (Spring
People, 2017). If team members download the Apps in their mobiles, it will be easier for the HR
management to monitor the behaviors’ of the team while conducting their duties in the field and
QUESTION TWO
2. Network: SDN network model is more preferable due to its high availability. SDN
network system has a wide range of coverage Mogull, Arlen, & Gilbert et al., 2021). It is
capable of sustaining more than one virtual system or even multiple segments of network
isolation Mogull, Arlen, & Gilbert et al., 2021). The SDN network model is compatible
to security programs such as firewalls and anti-virus which protects data from threats and
risks.
3. Compute/capability. This is accounting of assignments and allocating of computing
tasks to specific users or departments (Rothman,2021). Such assignments may include
enabling or disabling of mobile access. Updating of the data systems with current
information, Security management and testing through the whole system (Rothman,
2021). Tasks may also be added to clear redundant files in the IT system to reduce
chances of threats like the denial of service.
1. Cloud providers should set up a good communication platform of contacting users and
being in touch with them when need of enquiry (Mogull, Arlen, & Gilbert et al., 2021).
The provider should understand the content and know the exact place to access them
(Mogull, Arlen, & Gilbert et al., 2021). To achieve a good response system data
standards and communication requirements should not be compromised. Testing and
evaluation of the data transmission processes must be done early enough to avoid
incidences of communication barriers. Appropriate data forensics is commendable for a
reliable system.
2. Cloud servants must use the correct methods of managing and controlling information
systems to have better results. It is appropriate that the managers and users have step by
step verification of data communication to eliminate future breakdowns (Mogull, Arlen,
& Gilbert et al., 2021). Data recovery plan should also be planed incase a user forgets his
or her verification code or password. This improves the efficiency of information back
up. There should be a good plan on techniques to retrieve data and store in the cloud
computing servers. Back up plans on data storage should be implemented to help with
risk such as management, governance and legal issues when there is data bleach or
exposing customers’ credential details to potential attackers.
10
A user must be aware of security strengths of their cloud managers (Mogull, Arlen, &
Gilbert et al., 2021). Organizations should understand whether the public security
provider has complied with security guidelines and regulations as per the general data
protection regulation from the European Union
Organizations should install fundamental data security programs in data systems to curb
all risks and threats (Rothman, 2021). Security programs will reduce risks assocciated
with malware infection and other botnet attackers. This will help in ensuring that the
customers data are protected from cyber criminals to conduct any fraudulent activity.
Automation of data system helps in attainment of a good data environment since
malwares are easily detected (Rothman. 2021). It is import to have automated data
system to be notified in case of any attack. The administrator should take immediate
actions to ensure that they create strong password and encrypt all the routers in case of
shared password.
Be conversant with artificial data architectures that have updated information security
features (Mogull, Arlen, & Gilbert et al., 2021). It is important to train all the team
members to be aware of techniques and expertise needed when handling architecture
infrastructure during data storage and retrieval. This will reduce negligence that may
result in exposure of crucial data that attackers may take advantage off.
11
information and ensures that all nonhuman tools are phased out. Human users also
have to have the right access code or password. This qualifies this principle to be an
cases of illegal and malicious access are totally eliminated. According to Cyberark
(2021) the principle of least privilege is a reliable information management tool since
to ensure that there are no threatening activities taking place (Cyberark,2021). The
administrator accounts have been set to report any anomalous activity that may take
place. Time of access is also specified thus accounts run privileged commands on a
short term basis (Cyberark,2021). Organizations can prefer to use this model
ii. Security Triad: The CIA triad is a highly preferred information security practice
to key in the right password or passcode to access to the system. Some advanced
systems require the users to have their biometrics such as the finger prints
(Walkowski, D. (2019)
12
that strict protective measures are taken to secure data. It is adopted from the military
industry: Physical controls – these are necessary measures that ensures the physical
IT are secured from physical damage. This can be achieved by fitting the rooms with
locked doors and employing security guards to man the entrance. These controls
include security measures that prevent physical access to IT systems, such as security
are instructed to what extent they are allowed to get especially when handling
confidential information.
with specific keywords that is distinguished for every user. Precise access policies
should be implemented for an effective and efficient system. Duties in the system
STRIDE
Spoofing: Spoofing refers presenting of oneself as someone else. It entails faking someone’s
identity to appear like him or her. Most people who pose like people they are not never have
necessary permissions(Imperva.com.2021). If data on transit is tampered with the end user does
Repudiation: This is tampering with information in a system secretly. It may be due to reasons
Denial of Service: Denial of service hinders rightful users from accessing information from the
information system by making such information unavailable. This mostly happens when an
information system is not protected from virus(Imperva.com.2021). The virus multiply tasks and
data files hence occupying all the storage. There is no working space left in the disc to do the
services.
Elevation of Privileges: Elevation of Privileges happen when a user access into a system
cunningly beyond what they are permitted. For example, a student changing their grades in a
school’s system.
This is the Process for Attack Simulation and Threat Analysis which is a modern information
security model. It eliminates threats to the data systems using a seven step risk control which is
sensitive to all database system. The aim of PASTA model is to advance business information
recording ensuring a secure and reliable data keeping. The final output of PASTA ensures that a
business maintain technical requirements that is secure and dependable (Modeler.com. (2019).
All potential treats and risks are addressed by an attacker centric methodology in combination
with the PASTA model. This model enhances scoring of data, data can also be saved in numerals
and it management meets the requirements of and complies with analysis requirements. PASTA
15
methodology has a high profile and is used in many well doing firms. This is because it has no
Challenges
information security health organizations invest in acquiring a good health care services
neglecting technical information system, the cost of repairing a broken system is high a
result(Imperva.com.2021).
solutions installation is difficult to old health care organizations because some of their IT
equipment has already been phased out yet they still want to retain them. Some
organizations have refused to upgrade to escape the cost of cloud services ENISA,2021
and they keep on using old and insecure data system. Cloud system solutions keep on
advancing and tightening security measures but which demands for more cash. system
developers do not supply updates to their client organizations thus they are exposed to
Threats
1. Lack of tracing back functionality; in case of malicious repudiation Logs the system
involved(Imperva.com.2021). The login details are tampered with hence making it hard
to trace the individual responsible for the cybercrime. System transparency may also
expose confidential personal information for example patient’s health details in the case
2. Unauthorized data access (information leakage): a cloud client can access maliciously
This may also happen due to insufficient threat management leaving patients data
exposed to terrorism.
prone to many security threats such as virus which destroys data in the system. They are
also prone to threat such as denial of service (Imperva.com.2021). The malware programs
are so many and easily attack in case of a gap of access is available. A system can also be
QUESTION FOUR
Security attack I: Pupils’ data destroyed after attack on Redborne upper school and
2. Scope: Attack accessed the students’ data and tampered the server causing data loss
5. Summary of the case: Red borne Upper School have been hit by attacks causing loss of
resourceful data in the academic award program. The school reported that the school’s
data wasn’t taken away, malfunctioning of the school’s server occurred as is was
tampered with. To ensure that no student is underprivileged for the cause occurred,
parents were informed that the process of rebuilding the servers had commenced since no
data had left the server as well as no unlicensed individuals had accessed. Report passed
was that students’ educational registers were preserved in a different server which was
safe, this proved guarantee of the actual grades award. Nevertheless, since some of the
data lost was vital in the process, coursework would instead be used in-place. The school
also proved to have access to ample of the information that can be used in the grades
6. Weaknesses
I. The school learnt not to condense all the resourceful data in a single server
II. The grades award process can also be done using data stored within the school’s
2. Security attack II: Social network platform Gab hacked after rookie coding era
(unknown)
b. Scope: the attack hit the users database and distorted the data contained causing riot at
Capitol Hill.
c. Method used: through database backend data retrieval and SQL injection, used a simple
e. Summary of the case: The attack was influenced by a slew between Republican and
democrats who were immigrants. The access credentials were mishandled and user’s
data concerning the election-stealing was exposed whereby in association to the former
president promoters causing riots at capitol hill, report said that Gab's public posts and
profiles among other private information was also hacked. This included user passwords
and group passwords. Its’ revealed that retaining the details of the data leaked was the
best due to its sensitivity and the enormous amounts of private information contained.
Watchwords for private groups were unencrypted, since the raised area reveals to
operators when they generate. The entire saga was to gather the presidency win for the
19
position bid that was due. The entire process backfired before the end as amazon noted
the misconduct and booted parler from its hosting services creating a barrier to the
hacker to access the information contained (Colley, Moore, & Society, 2020).
1. Updating the security of the program to retain the users’ password without
disclosing
3.Security attack III: Dutch car company rdc.in hit by cyber criminals (7.3 million)
b. Scope: the attack caused the change in the ownership of cars and personal attack of a
leader in parliament
e. Summary of the case: RDC a firm that offers car garages and IT services contained data
that was stolen by hackers, the hackers were able to access the private information of all
the users who had transacted with the company over the period. The company was
fearing that the hackers might change the information of those who own the cars involved
since data containing online sale of cars was also hacked. Issues pertaining online
scammers is also evident using personal data of other persons causing personal attacks. It
was noted that a certain a parliament leader was affected out of the attack since they had
f. Weaknesses
20
1. Vulnerability of the portal used and accessibility of the data since the security is
weak
a. Updating the security of the program to retain the users password without disclosing
4.Security attack IV: Online food delivery chain yemeksepeti hit by cyber-attack
b. Scope: personal data leaked to the hackers but did not access the credit cards
information
users’ were shared. This was against the law regarding the data protection.
Investigation was conducted to identify the cause of the leakage which is yet to be
revealed. The users were informed of the damage caused to aid in protecting their
own data leaked. Luckily enough, irrespective of the personal data that leaked data
pertaining the credit card of clients were not taken by hackers, as the payment scheme
Much regrets were passed to the service provider and promised to work on attaining
the goal of the platform which is providing security and the satisfaction to clients and
f. Weaknesses: Vulnerability of the portal used and accessibility of the data since the
security is weak
g. Key insights or lesson from scenarios: discuss what the school learnt
1. Updating the security of the program to retain the users’ password without disclosing
List of References
1. Nate Drake , Brian Turner. (2021). Best cloud computing services of 2021: Virtual IT infrastructure
for Digital Transformation. Retrieved from https://www.techradar.com/best/best-cloud-computing-
services
2. AICPA. (2021). Segregation of duties. Retrieved from
https://www.aicpa.org/interestareas/informationtechnology/resources/value-strategy-through-
segregation-of-duties.htmSes
3. Comparitech. (2021). 10 Best SIEM Tools for 2021: Vendors & Solutions Ranked . Retrieved from
https://www.comparitech.com/net-admin/siem-tools/
4. Cyberarc. (2021). The Principle of Least Privilege (PoLP) . Retrieved from
https://www.cyberark.com/what-is/least-privilege/
5. Colley, T., Moore, M. J. N. M., & Society. (2020). The challenges of studying 4chan and
the Alt-Right:‘Come on in the water’s fine’. 1461444820948803.
6. Gagova, I. J. r. n. M. T. (2008). THE ENLARGEMENT OF THE EUROPEAN UNION:
NEW POSSIBILITIES FOR REGIONAL DISTRIBUTION. The case of Brightpoint Inc.
in Bulgaria.
7. ENISA. (2021). Cloud Security for Healthcare Services: European Union for Cybersecurity .
8. Imperva.com. (2021). Defence in Depth. Retrieved from
https://www.imperva.com/learn/application-security/defense-in-depth/
9. Gencer, Y. G. J. C. B. R. (2017). Structural Design of an E-Commerce Business:
Yemeksepeti. com Example From Turkey. 16(7), 327-336.
10. Knighton, C. (2016). Westminster Abbey Restored. In The Church of Mary Tudor (pp.
109-155): Routledge
11. Modeler.com. (2019). Stride, VAST, Trike, & More: Which Threat Modeling Methodology is Right
For Your Organization? Retrieved from https://threatmodeler.com/threat-modeling-methodologies-
overview-for-your-business/
12. Patrizio, A. (2021). What is Multi-Tenant Architecture? Retrieved from
https://www.datamation.com/cloud/what-is-multi-tenant-architecture/
13. P. P. Purpura, "Internal Threats and Countermeasures," 2013. [Online]. Available: Page 111-243.
14. Rich Mogull,James Arlen,Francoise Gilbert,Adrian Lane,David Mortman,Gunnar Peterson, & Mike
Rothman. (2021). Security Guidance: For Critical Areas of Focus in Cloud Computing v4.0 .
15. Springpeople. (2017). What is Microsoft Azure – Features Benefits & Best Practices . Retrieved
from https://www.springpeople.com/blog/what-is-microsoft-azure-features-benefits-best-practices/
22
16. Walkowski, D. (2019). What Is the CIA Triad?:Understanding the significance of the three
foundational information security principles: confidentiality, integrity, and availability . Retrieved from
https://www.f5.com/labs/articles/education/what-is-the-cia-triad