1

PGD/MSC CYB_JAN20O – CLOUD SECURITY – TERMINAL ASSIGNMENT BASED ASSESSMENT

Student’s Name or Students’ Names

Department Affiliation, University Affiliation

Course Number: Course Name

Instructor’s Name

Assignment Due Date

 2

Question one (PART 1)

Purpose of intrusion detection systems

Since intrusion detection systems are of two type, the anomaly-based intrusion detection

pinpoint unknown attacks. The anomaly-based intrusion detection system can detect a new

malware, adapt them, and use machine learning technique to create baseline of trustworthy

activities. The Hybrid Intrusion detection system use signature-based and anomaly-based

detection system to increase the scope of intrusion prevention (Purpura, 2013). A

comprehensive IDS is capable of understanding the evasion techniques of cybercriminals such as

tricking the intrusion prevention system into thinking that there is no attack taking place. Some

of the techniques from the cybercriminals that the IDS is capable of understanding include; low-

bandwidth attacks, proxying, pattern change evasion, and fragmentation.

Composition

Intrusion Detection system(IDS) is made out of three distinct segments. The primary

segment is the sensors. Sensors are utilized to produce security occasions which trigger the

interruption discovery framework. The subsequent segment is a control center. The control

center is utilized to screen occasions and cautions and the control sensors. The third segment of

the guidance identification framework is a Motor/engine. The motor records all the information

found by the sensors in from the database and uses an arrangement of rules to create alarms from

the security occasions from the IDS (Intrusion Detection Systems).

Approach of implementation

Resource profiling: in this approach, IDS measures the system-wide use of resources

and make a historical profile. If there is an abnormal reading, the system registers that there is an
 3

illicit activity underway (Greek for Greeks, 2020). However, this approach can be difficult for

the system since interpreting the meaning of changes that occur all over the system can be

challenging (Greek for Greeks, 2020). However, the approach is set to detect that if there is an

increase in the use of data or activity in history, there is something benign occurring such as an

increase in workflow or a breach activity.

Two examples of Enterprise Level SIEMs

I. Micro Focus ArcSight ESM: this type of SIEMs has an open architecture which

give ArcSight capabilities to stand out. The tool is capable of ingesting data from

wide range of sources than many other SIEMs products. Its structure can also be used

for more IT expertise rather than just for Arc Sight.

Figure 1: shows image of Micro Focus ArcSight ESM (Comparitech,2021)

 4

2. Solar winds Threats Monitor: it is a powerful security tool that focus on SIEM solutions

such as analyzing security logs and cross-checking the anomalies that comes with global threat

database. This toll is usually automated and give the users intelligent response on security events

and alerts.

Figure two: Solar winds Threats Monitor(Comparitech,2021)

Question one (PART 2)

a. Risks in multi-tenancy public cloud environment

i. Logical security, access control and Encryption risks: The risks occurs in SaaS

and PaaS. MTA cloud data services provides fundamental data security and

protection through encryption protocol and each tenant owe the encryption keys and

in some cases can manage, create, store, and destroy their own keys(Patrizio,2021).

ii. Management risks: They are risks that affects IaaS or PaaS. Their origin is from

virtualization in multi-tenancy public cloud environment.

 5

iii. Governance, controlling and auditing risks: They are type of risks that are also

surrounded by SoD in the cloud computing context and are mostly around the role of

clarification and definition. It can occur in SaaS, IaaS or even on PaaS (Patrizio,2021)

b. Counter-measures

I. Isolation mechanism: to avoid data destruction risk, it is important to isolate the data

from the multi-tenancy cloud environment. Back up procedures would be recommended

in case of challenges such as network or power outages which would limit data access to

the users(Patrizio,2021). To control governance, controlling and auditing risks, it is

crucial to be on the lookout regarding communication through the servers. Information

should be readily available to respond to customers’ questions in time regardless of

challenges that may come with technical errors inhibiting data accessibility.

II. Platform attestation: it is a mechanism in which computing platform should prove to

the third party that is it trustworthy. The multi-tenancy cloud system must be trusted by

other systems by setting reasonable metrics which can be used to determine if the system

can be trusted(Patrizio,2021). The history behavior can help to evaluate the property of a

system and evaluate if its valid or would result in management, governance, and legal

risks.

III. Homomorphic encryption: it is a mechanism in which cipher text is processed without the

need to decrypt the data prior to processing (Patrizio, 2021). The process helps to

eliminate chances of malicious parties intercepting decrypted data during processing.

 6

Question one (PART 3)

Recommended suitable cloud services: Microsoft Azure

Microsoft Azure would be suitable cloud service to migrate into for the business

enterprise. The cloud will help the organization achieve its target such as development of

department and storage infrastructure because it offers storage services and data management. It

is possible to store data and access them in Azure cloud using SMB, REST, AND APIs

protocols. Data management services are offered whereby department development will be

possible in that there is a subset structure that helps with data handling, warehousing, and SQL

which would help in creating segments for different departments (Drake & Turner, 2021).

In addition, Microsoft azure helps with computation and analytical services which is one

of the aimed benefit for the enterprise. The organization aims at marketing, sales, and analytical

services and with Azure, it will be possible to public and manage website data and market to

potential customers. This can help with customer support especially with the virtual machines in

Linus and Microsoft windows platforms (Drake & Turner, 2021). It will also be possible to have

HR processes done with Microsoft azure in that it provides users with global content delivery

network(CDN) for images, videos, and applications that HR department would require for the

team force (Drake & Turner, 2021). It will be easy for the HR department to manage its

employees making work easier and convenient for the enterprise.

Since Azure has media services, engineering department will be engaged to help with

analytics, encoding, and streaming of products that need to be marketed through the enterprise’

website. This will make it convenient for customers to make enquiries at any time of the day

since the cloud system would help in storing and retrieving information for 24/7. However, it is
 7

advisable for the enterprise to have backup plans in the case where management risks may occur

due to technical and network errors (Spring People, 2017).

With plan B, customer support would be increased although in rare cases, Microsoft

azure has been observed to have major issues such as system failure. However, risks from the

enterprise side such as power outages can result in breakdown of management processes though

the cloud servers. There are additional services such as availability of HockeyApp in the cloud

computing system which is designed for mobile uses for development, and testing of mobile

Apps (Spring People, 2017). The team members or the engineering department can use the Apps

though mobile phones as alternatives when desktops have prompt issues. The app helps with

collecting real-time analytics that show the behavior of users and provide notification (Spring

People, 2017). If team members download the Apps in their mobiles, it will be easier for the HR

management to monitor the behaviors’ of the team while conducting their duties in the field and

provide appropriate guidance.

 8

QUESTION TWO

Domain 6: Business Continuity management plane.

1. Management plane (meta-structure) security. This model enhances strong security

stability mostly for the API gateways. Management plane structure is also used in web
consoles. Data security totally attained since this model has an advanced level of user
authentication (Rothman, 2021). User accounts are therefore protected from risks and
threats of cybercrime. One user can have several data accounts to reduce the blast radius
of stored information (Mogull, Arlen, & Gilbert et al., 2021). Daily administrator
accounts are more reliable than basic/ primary account holder details.
2. Continuous application of least privilege information system manages the access of the
meta- structure. It accepts the only users with the correct authentication credentials
(Rothman, 2021). To ensure the principle of least privilege the system may request the
users to provide their unique credentials such as finger prints
3. Install your system with cloud network system which has a permanent security for data.
You can access into the cloud by just providing access code or password. Enjoy the
features of cloud provider which incorporates the modern technology and provide a
continuous dependable data history (Mogull, Arlen, & Gilbert et al., 2021). Management
plane meta-structure is commendable because it is not limited to specific location hence
business transactions can progress even while away from the physical premises (Mogull,
Arlen, & Gilbert, 2021). Cloud provider and system is a protection from business failure.

Domain 7: Infrastructure development

1. Be aware of your provider’s security infrastructure. In a network security model the

initial service provider has to make sure that he or she has maintained all physical
appliances, keep and maintain the business abstraction and management of cloud layers
to ensure that they are safe and secure (Mogull, Arlen, & Gilbert et al., 2021). User
certifications and permissions are consistent and unique for every user to eliminate
chances of data theft in the business database.
 9

2. Network: SDN network model is more preferable due to its high availability. SDN
network system has a wide range of coverage Mogull, Arlen, & Gilbert et al., 2021). It is
capable of sustaining more than one virtual system or even multiple segments of network
isolation Mogull, Arlen, & Gilbert et al., 2021). The SDN network model is compatible
to security programs such as firewalls and anti-virus which protects data from threats and
risks.
3. Compute/capability. This is accounting of assignments and allocating of computing
tasks to specific users or departments (Rothman,2021). Such assignments may include
enabling or disabling of mobile access. Updating of the data systems with current
information, Security management and testing through the whole system (Rothman,
2021). Tasks may also be added to clear redundant files in the IT system to reduce
chances of threats like the denial of service.

Domain 9: Incident Responses

1. Cloud providers should set up a good communication platform of contacting users and
being in touch with them when need of enquiry (Mogull, Arlen, & Gilbert et al., 2021).
The provider should understand the content and know the exact place to access them
(Mogull, Arlen, & Gilbert et al., 2021). To achieve a good response system data
standards and communication requirements should not be compromised. Testing and
evaluation of the data transmission processes must be done early enough to avoid
incidences of communication barriers. Appropriate data forensics is commendable for a
reliable system.
2. Cloud servants must use the correct methods of managing and controlling information
systems to have better results. It is appropriate that the managers and users have step by
step verification of data communication to eliminate future breakdowns (Mogull, Arlen,
& Gilbert et al., 2021). Data recovery plan should also be planed incase a user forgets his
or her verification code or password. This improves the efficiency of information back
up. There should be a good plan on techniques to retrieve data and store in the cloud
computing servers. Back up plans on data storage should be implemented to help with
risk such as management, governance and legal issues when there is data bleach or
exposing customers’ credential details to potential attackers.
 10

Domain 10: Security application.

 A user must be aware of security strengths of their cloud managers (Mogull, Arlen, &
Gilbert et al., 2021). Organizations should understand whether the public security
provider has complied with security guidelines and regulations as per the general data
protection regulation from the European Union
 Organizations should install fundamental data security programs in data systems to curb
all risks and threats (Rothman, 2021). Security programs will reduce risks assocciated
with malware infection and other botnet attackers. This will help in ensuring that the
customers data are protected from cyber criminals to conduct any fraudulent activity.
 Automation of data system helps in attainment of a good data environment since
malwares are easily detected (Rothman. 2021). It is import to have automated data
system to be notified in case of any attack. The administrator should take immediate
actions to ensure that they create strong password and encrypt all the routers in case of
shared password.
 Be conversant with artificial data architectures that have updated information security
features (Mogull, Arlen, & Gilbert et al., 2021). It is important to train all the team
members to be aware of techniques and expertise needed when handling architecture
infrastructure during data storage and retrieval. This will reduce negligence that may
result in exposure of crucial data that attackers may take advantage off.
 11

QUESTION THREE (PART 1)

i. Principle Least Privilege: this principle of information security restricts access of

information and ensures that all nonhuman tools are phased out. Human users also

have to have the right access code or password. This qualifies this principle to be an

advanced information security system because it requires permissions and therefore,

cases of illegal and malicious access are totally eliminated. According to Cyberark

(2021) the principle of least privilege is a reliable information management tool since

it is not prone to cybercrimes such as theft or malice.

Implementation process: system administrators regularly inspect though the system

to ensure that there are no threatening activities taking place (Cyberark,2021). The

administrator accounts have been set to report any anomalous activity that may take

place. Time of access is also specified thus accounts run privileged commands on a

short term basis (Cyberark,2021). Organizations can prefer to use this model

because most of them have official working hours.

ii. Security Triad: The CIA triad  is a highly preferred information security practice

in many government and non-government organizations in the U.S

(Walkwoski,2019). data security, confidentiality and integrity is enhanced in this

method. Information is available and reachable when required.

Example of how such measures can be implemented in an

environmental industry: Authentication of users which demands that a user has

to key in the right password or passcode to access to the system. Some advanced

systems require the users to have their biometrics such as the finger prints

(Walkowski, D. (2019)
 12

iii. Defense in depth: Defense-in-depth is an information security method that ensure

that strict protective measures are taken to secure data. It is adopted from the military

security strategy (Imperva.com,2021). Data security is fully enhanced since this is a

multi-dimensional practice that ensures minimum risks.

Example of how such measures can be implemented in an environmental

industry: Physical controls – these are necessary measures that ensures the physical

IT are secured from physical damage. This can be achieved by fitting the rooms with

locked doors and employing security guards to man the entrance. These controls

include security measures that prevent physical access to IT systems, such as security

guards or locked doors(Imperva.com,2021). Technical controls – Technical controls

measures in the information systems protects data from malware, it is attained by

installation of necessary software applications like the anti-virus and firewall

application. Administrative controls Administrative control method refers to

authorization of rules and terms that users should obey(Imperva.com.2021). Workers

are instructed to what extent they are allowed to get especially when handling

confidential information.

Iv. Segregation of duties: Segregation of Duties (SOD) is a fundamental of

sustainable risk management in business organizations (AICPA, 2021). Major

responsibilities and processes distribute essential functions to particular person or to

particular departments (AICPA, 2021).

 13

Implementation: Define policies and processes clearly.  Segregation of duties is

achieved by effective management. Of personal informational The system imputed

with specific keywords that is distinguished for every user. Precise access policies

should be implemented for an effective and efficient system. Duties in the system

management should also be distributed to which adds on organizational efficiency

and implementation of (SOD).

Question three (PART TWO)

STRIDE

Spoofing: Spoofing refers presenting of oneself as someone else. It entails faking someone’s

identity to appear like him or her. Most people who pose like people they are not never have

good intentions(Imperva.com.2021). Examples of spoofing includes host phishing which is a

deception, that hacks user information and personal credentials.

Tampering: Tampering is a crime of changing data information on someone’s account without

necessary permissions(Imperva.com.2021). If data on transit is tampered with the end user does

not receive the correct information.

Repudiation: This is tampering with information in a system secretly. It may be due to reasons

such as hiding of crime evidence or to hide evidence of corruption in business.

 14

Information Disclosure: This is malicious sharing of confidential business information to its

competitors. Leaked confidential credentials can be used in criminal

transactions(Imperva.com.2021). An example of informational leakage is data trafficking and

data sniffing. There are also users who do eavesdrop on information.

Denial of Service: Denial of service hinders rightful users from accessing information from the

information system by making such information unavailable. This mostly happens when an

information system is not protected from virus(Imperva.com.2021). The virus multiply tasks and

data files hence occupying all the storage. There is no working space left in the disc to do the

services.

Elevation of Privileges: Elevation of Privileges happen when a user access into a system

cunningly beyond what they are permitted. For example, a student changing their grades in a

school’s system.

Alternative threat model: P.A.S.T.A

This is the Process for Attack Simulation and Threat Analysis which is a modern information

security model. It eliminates threats to the data systems using a seven step risk control which is

sensitive to all database system. The aim of PASTA model is to advance business information

recording ensuring a secure and reliable data keeping. The final output of PASTA ensures that a

business maintain technical requirements that is secure and dependable (Modeler.com. (2019).

All potential treats and risks are addressed by an attacker centric methodology in combination

with the PASTA model. This model enhances scoring of data, data can also be saved in numerals

and it management meets the requirements of and complies with analysis requirements. PASTA
 15

methodology has a high profile and is used in many well doing firms. This is because it has no

risks or threats and data is safely kept in the IT systems.

Question three (PART 3)

Challenges

1. Cybersecurity investment is not a priority: there is no financial allocation to enhance

information security health organizations invest in acquiring a good health care services

neglecting technical information system, the cost of repairing a broken system is high a

result(Imperva.com.2021).

2. Integration of Cloud with legacy systems difficulties: The integration of Cloud

solutions installation is difficult to old health care organizations because some of their IT

equipment has already been phased out yet they still want to retain them. Some

organizations have refused to upgrade to escape the cost of cloud services ENISA,2021

ENISA,2021. Proper management and maintenance of services required training or

employment of technicians ENISA,2021. This is highly avoided by such organizations

and they keep on using old and insecure data system. Cloud system solutions keep on

advancing and tightening security measures but which demands for more cash. system

developers do not supply updates to their client organizations thus they are exposed to

threats and risks.

Threats

1. Lack of tracing back functionality; in case of malicious repudiation Logs the system

administrator may not be able to track the details of the person

 16

involved(Imperva.com.2021). The login details are tampered with hence making it hard

to trace the individual responsible for the cybercrime. System transparency may also

expose confidential personal information for example patient’s health details in the case

of electronic health records.

2. Unauthorized data access (information leakage): a cloud client can access maliciously

into unpermitted data in case of unrestricted or unsecure data system(Imperva.com.2021).

This may also happen due to insufficient threat management leaving patients data

exposed to terrorism.

3. Malware injection attacks (i.e. virus, ransomware, worms): cloud technology is

prone to many security threats such as virus which destroys data in the system. They are

also prone to threat such as denial of service (Imperva.com.2021). The malware programs

are so many and easily attack in case of a gap of access is available. A system can also be

hacked into which is a risk to the data stored in it.

 17

QUESTION FOUR

Security attack I: Pupils’ data destroyed after attack on Redborne upper school and

community college (unknown)

1. Target attack: pupils’ data

2. Scope: Attack accessed the students’ data and tampered the server causing data loss

3. Method used: cyber attack

4. Source of attack: not known

5. Summary of the case: Red borne Upper School have been hit by attacks causing loss of

resourceful data in the academic award program. The school reported that the school’s

data wasn’t taken away, malfunctioning of the school’s server occurred as is was

tampered with. To ensure that no student is underprivileged for the cause occurred,

parents were informed that the process of rebuilding the servers had commenced since no

data had left the server as well as no unlicensed individuals had accessed. Report passed

was that students’ educational registers were preserved in a different server which was

safe, this proved guarantee of the actual grades award. Nevertheless, since some of the

data lost was vital in the process, coursework would instead be used in-place. The school

also proved to have access to ample of the information that can be used in the grades

award process (Knighton, 2016).

6. Weaknesses

i. Weak password causing assessing risk

ii. system vulnerabilities

 18

iii. Lack of security assistance

7. Key insights or lesson from scenarios

I. The school learnt not to condense all the resourceful data in a single server

II. The grades award process can also be done using data stored within the school’s

record apart from the reserved academic records.

2. Security attack II: Social network platform Gab hacked after rookie coding era

(unknown)

a. Target attack: election details in the social network platform

b. Scope: the attack hit the users database and distorted the data contained causing riot at

Capitol Hill.

c. Method used: through database backend data retrieval and SQL injection, used a simple

security flaw in the bustling social media site parler.  

d. Source of attack: "JaXpArO and My Little Anonymous Revival Project" 

e. Summary of the case: The attack was influenced by a slew between Republican and

democrats who were immigrants. The access credentials were mishandled and user’s

data concerning the election-stealing was exposed whereby in association to the former

president promoters causing riots at capitol hill, report said that Gab's public posts and

profiles among other private information was also hacked. This included user passwords

and group passwords. Its’ revealed that retaining the details of the data leaked was the

best due to its sensitivity and the enormous amounts of private information contained.

Watchwords for private groups were unencrypted, since the raised area reveals to

operators when they generate. The entire saga was to gather the presidency win for the
 19

position bid that was due. The entire process backfired before the end as amazon noted

the misconduct and booted parler from its hosting services creating a barrier to the

hacker to access the information contained (Colley, Moore, & Society, 2020).

f. Weaknesses: passwords were stolen. SQL injection vulnerability

g. Key insights or lesson from scenarios:

1. Updating the security of the program to retain the users’ password without

disclosing

3.Security attack III: Dutch car company rdc.in hit by cyber criminals (7.3 million)

a. Target attack: Dutch car company details

b. Scope: the attack caused the change in the ownership of cars and personal attack of a

leader in parliament

c. Method used: cyber-attack accessed data from the RDS

d. Source of attack: not known

e. Summary of the case: RDC a firm that offers car garages and IT services contained data

that was stolen by hackers, the hackers were able to access the private information of all

the users who had transacted with the company over the period. The company was

fearing that the hackers might change the information of those who own the cars involved

since data containing online sale of cars was also hacked. Issues pertaining online

scammers is also evident using personal data of other persons causing personal attacks. It

was noted that a certain a parliament leader was affected out of the attack since they had

all the information pertaining them (Gagova, 2008).

f. Weaknesses
 20

1. Vulnerability of the portal used and accessibility of the data since the security is

weak

g. Key insights or lesson from scenarios:

a. Updating the security of the program to retain the users password without disclosing

b. Limit access of the users’ information to reduce fraud

c. Moderate the data contained in the system.

4.Security attack IV: Online food delivery chain yemeksepeti hit by cyber-attack

a. Target attack: personal details of the yemeksepeti clients

b. Scope: personal data leaked to the hackers but did not access the credit cards

information

c. Method used: Informatics attack

d. Source of attack: not known

e. Summary of the case: Yemeksepeti, a significant online Turkish platform of food

distribution, was affected by an informatic attack in which data of about 21 million

users’ were shared. This was against the law regarding the data protection.

Investigation was conducted to identify the cause of the leakage which is yet to be

revealed. The users were informed of the damage caused to aid in protecting their

own data leaked. Luckily enough, irrespective of the personal data that leaked data

pertaining the credit card of clients were not taken by hackers, as the payment scheme

which habits MasterCard functions with a sovereign stand as an outward supplier.

Much regrets were passed to the service provider and promised to work on attaining

the goal of the platform which is providing security and the satisfaction to clients and

users (Gencer, 2017).

 21

f. Weaknesses: Vulnerability of the portal used and accessibility of the data since the

security is weak

g. Key insights or lesson from scenarios: discuss what the school learnt

1. Updating the security of the program to retain the users’ password without disclosing

2. Limit access of the users’ information to reduce fraud

3. Moderate the data contained in the system.

List of References
1. Nate Drake , Brian Turner. (2021). Best cloud computing services of 2021: Virtual IT infrastructure
for Digital Transformation. Retrieved from https://www.techradar.com/best/best-cloud-computing-
services
2. AICPA. (2021). Segregation of duties. Retrieved from
https://www.aicpa.org/interestareas/informationtechnology/resources/value-strategy-through-
segregation-of-duties.htmSes
3. Comparitech. (2021). 10 Best SIEM Tools for 2021: Vendors & Solutions Ranked . Retrieved from
https://www.comparitech.com/net-admin/siem-tools/
4. Cyberarc. (2021). The Principle of Least Privilege (PoLP) . Retrieved from
https://www.cyberark.com/what-is/least-privilege/
5. Colley, T., Moore, M. J. N. M., & Society. (2020). The challenges of studying 4chan and
the Alt-Right:‘Come on in the water’s fine’. 1461444820948803.
6. Gagova, I. J. r. n. M. T. (2008). THE ENLARGEMENT OF THE EUROPEAN UNION:
NEW POSSIBILITIES FOR REGIONAL DISTRIBUTION. The case of Brightpoint Inc.
in Bulgaria.
7. ENISA. (2021). Cloud Security for Healthcare Services: European Union for Cybersecurity .
8. Imperva.com. (2021). Defence in Depth. Retrieved from
https://www.imperva.com/learn/application-security/defense-in-depth/
9. Gencer, Y. G. J. C. B. R. (2017). Structural Design of an E-Commerce Business:
Yemeksepeti. com Example From Turkey. 16(7), 327-336.
10. Knighton, C. (2016). Westminster Abbey Restored. In The Church of Mary Tudor (pp.
109-155): Routledge
11. Modeler.com. (2019). Stride, VAST, Trike, & More: Which Threat Modeling Methodology is Right
For Your Organization? Retrieved from https://threatmodeler.com/threat-modeling-methodologies-
overview-for-your-business/
12. Patrizio, A. (2021). What is Multi-Tenant Architecture? Retrieved from
https://www.datamation.com/cloud/what-is-multi-tenant-architecture/
13. P. P. Purpura, "Internal Threats and Countermeasures," 2013. [Online]. Available: Page 111-243.
14. Rich Mogull,James Arlen,Francoise Gilbert,Adrian Lane,David Mortman,Gunnar Peterson, & Mike
Rothman. (2021). Security Guidance: For Critical Areas of Focus in Cloud Computing v4.0 .
15. Springpeople. (2017). What is Microsoft Azure – Features Benefits & Best Practices . Retrieved
from https://www.springpeople.com/blog/what-is-microsoft-azure-features-benefits-best-practices/
 22

16. Walkowski, D. (2019). What Is the CIA Triad?:Understanding the significance of the three
foundational information security principles: confidentiality, integrity, and availability . Retrieved from
https://www.f5.com/labs/articles/education/what-is-the-cia-triad