NATIONAL COLLEGE OF IRELAND National College of Ireland PGD/MSC CYB_JAN20O – Cloud Security – Terminal Assignment Based Assessment Release Date: Thursday 12th of August 2021 – 10am Submission Date:...

1 answer below »
detailed instructions in the file


NATIONAL COLLEGE OF IRELAND National College of Ireland PGD/MSC CYB_JAN20O – Cloud Security – Terminal Assignment Based Assessment Release Date: Thursday 12th of August 2021 – 10am Submission Date: Tuesday 26h August 2021 – 11pm ______________________________________________________________________ Cloud Security Dr Nhien An Le Khac / Sean Heeney Answer All Questions Academic Honesty Declaration I declare the following to be true for this submission: · I have completed the task during the designated time window and declare it to be exclusively my own work. · I have not received, or attempted to receive assistance in preparing this response from any other person during the assessment window. · I have not provided, or offered to provide, assistance to any other student by any means during the assessment window. · All Assessments are submitted through Turnitin to establish potential Similarities · Removal of the above Academic Honesty Declaration from any submission will result in Zero Grade. Question One Intrusion Detection Systems remain a fundamental requirement especially within a multi-cloud or federated cloud environment. Explain the purpose of such systems, their composition and approaches of implementation. Conclude your detailed explanation of IDS with 2 examples of enterprise level SIEMs which may support Intrusion Detection. [7 Marks] A Multi-Tenancy environment is an inherent characteristic within a public cloud environment and has the potential to become a major security risk should the correct precautions and countermeasures not be addressed and implemented. Highlight and discuss these key risks and concerns within a multi-tenancy public cloud environment, in conclusion highlight specific counter-measures which should be implemented. E.g Isolation Mechanisms [8 Marks] Business Decision to Migrate to Cloud Environment You have been tasked during the exploratory stages of a cloud Migration project to justify the move of major businesses processes and current on-prem technological resources to a public cloud environment. As part of this task, you are to educate and vocalize the potential beneficial capabilities of the migration project to key stakeholders within the enterprise. The scope of the enterprise and its technological requirements are summarized below: · Development Department · HR Processes Both Internal/External · Customer Support / Engineering Department · Marketing / Sales / Analytics Departments · Remote Engineering and Sales Teams · Storage Infrastructure You are to address the requirement areas above regarding potential suitable cloud services. General Recommendation for length 400 words. [10 Marks] Question Two Provided on your moodle page you will find a copy of “Security Guidance, for Critical Areas of Focus in Cloud Computing V4.0” provided by CSA, The Cloud Security Alliance. You Are free to select 4 Domains of your own choosing and provide an executive summary of key recommendations and guidance from each domain selected. General Recommendation for length of response 200 words per domain. [25 Marks] Question Three Expand upon and discuss the Below Cloud and Security Topics. Your discussion should encompass both an explanation of the topics and a comprehensive example of how such measures can be addressed and/or implemented within an Industry environment. •Principle Least Privilege •CIA Security Triad •Defense in Depth •Segregation of Duties [7 Marks] Threat Modeling plays a major role in establishing a secure cloud environment. Analyze and discuss the STRIDE threat model providing details and brief discussion on each stage of the model. Additionally, also provide remarks on an alternative threat model as part of your analysis. [7 Marks] On Your moodle Page you will find a copy of “ENISA Report – Cloud Security for Healthcare Services”. Under Section 3 “Cybersecurity considerations in cloud for healthcare” details which are outlined specifically from Page 16 to Page 20 only. You are to review this section of the publication, and provide an accurate and summarized review of the major points made inclusive of challenges and threats. [11 Marks] Question Four “Many working dynamics have changed over the past 24 months, leading to an ever-increasing reliance on Cloud Resources and Cloud Hosted Environments. This has further compounded the need for a resilient Cloud and Cyber security infrastructure. As cloud environments become more robust and complex so too in parallel does the means by which these cloud environments can be attacked. “ Highlight and detail 4 recent security attacks which have occurred in the last 24 months. A Recommended Structure for your assessment and discussion is provided below. · Target of attack · Scope · Medium of Attack / Methods used · Suspected / Identified Source of Attack · Executive Summary of the Incident · Identified Weakness or Failing of Security Posture · Key Insights and Learnings from the Scenario Your Assessment should be comprehensive and as detailed as possible based on any given information of the event. The use of online resources is highly advised to support your analysis and investigation. Citations and correct referencing should be used throughout. IEEE or Harvard [25 Marks] Page 1 of 2
Answered 1 days AfterAug 23, 2021

Answer To: NATIONAL COLLEGE OF IRELAND National College of Ireland PGD/MSC CYB_JAN20O – Cloud Security –...

Deepti answered on Aug 25 2021
132 Votes
NATIONAL COLLEGE OF IRELAND
National College of Ireland
PGD/MSC CYB_JAN20O – Cloud Security – Terminal Assignment Based Assessment
Release Date: Thursday 12th of August 2021 – 10am
Submission Date: Tuesday 26h August 2021 – 11pm
______________________________________________________________________
Cloud Security
Dr Nhien An Le Khac / Sean Heeney
Answer All Questions
Academic Honesty Declaration
I declare the following to be true for this submission:
· I have completed the task during the designated time window and declare it to be exclusively my own work.
· I have not received, or attempted to receive assistance in preparing this response from any other person during the assessment window.
· I have not provided, or offered to provide, assistance to any
other student by any means during the assessment window.
· All Assessments are submitted through Turnitin to establish potential Similarities
· Removal of the above Academic Honesty Declaration from any submission will result in Zero Grade.
Question One
Intrusion Detection Systems remain a fundamental requirement especially within a multi-cloud or federated cloud environment. Explain the purpose of such systems, their composition and approaches of implementation. Conclude your detailed explanation of IDS with 2 examples of enterprise level SIEMs which may support Intrusion Detection.
                                        [7 Marks]
The purpose of IDS in cloud environment is to monitor servers, network, workstations and all IT assets against any malicious or suspicious activities. A cloud IDS is crucial to identify minor incidents and curb their transformation into major breach. It captures the data from network under examination and notify the network manager by mail or logging the event. Cloud based IDS is composed of
· Network based IDS- This IDS captures the network traffic and analyzes it to identify intrusions such as DoS, port scanning, etc. It depicts the relationship of captured packets or the user’s behavior with signatures of known attacks.
· Host-based IDS- It detects unauthorized events by analyzing the captured information of system logs of operating system. Any change in the program or system is reported to network manager, notifying the danger and thus protecting the integrity of the software.
· Distributed IDS- This system contains number of IDS like HIDS, NIDS that are deployed to analyze network traffic for intrusion detection. Each IDS has a detection component and a correlation manager.
· Hypervisor-based IDS- This IDS allows VMs to interact among themselves. It is located at the hypervisor layer and it analyzes the information for detection of suspicious or anomalous activities.
A Multi-Tenancy environment is an inherent characteristic within a public cloud environment and has the potential to become a major security risk should the correct precautions and countermeasures not be addressed and implemented.
Highlight and discuss these key risks and concerns within a multi-tenancy public cloud environment, in conclusion highlight specific counter-measures which should be implemented. E.g Isolation Mechanisms
1. Lack of efficient bandwidth and traffic isolation- Attackers can attack co-resident tenants that reside in the same data center. Access control on clouds lack scaling according to multitenancy requirements. Competitive tenants who are collocated on the cloud may access data or interfere with applications of others in case the barriers are broken.
2. Side-Channel Attacks- These attacks are based on information received from techniques like bandwidth monitoring. These attacks happen due to lack of authorization mechanisms when resources are shared among several consumers. Covert channels having flawed access control policies allow unauthorized access and cause interference among tenants.
3. Risk of assigning resources to consumers whose identities and intentions are unknown. If the virtualization layer of virtual platforms is compromised, it causes the virtual machines on the physical host to be compromised. Thus, the activity on virtual machine cannot be monitored and attackers can alter the state of the VM.
Countermeasures:
· To counter the data access or interference from collocated tenants, the measures include platform attestation, vigilance from cloud service provider to maintain, patch and upgrade hypervisor software and use of workload planning approach
· Initial performance evaluation
· Tenant Replacement
· Batch job planning
· Data collection and analysis for re-planning
· Auditing administrative access to systems.
· Applying appropriate governance, control and auditing
· Role based access control
· Use of predicate ad homomorphic encryption
                                [8 Marks]
Business Decision to Migrate to Cloud Environment
You have been tasked during the exploratory stages of a cloud Migration project to justify the move of major businesses processes and current on-prem technological resources to a public cloud environment. As part of this task, you are to educate and vocalize the potential beneficial capabilities of the migration project to key stakeholders within the enterprise.
The scope of the enterprise and its technological requirements are summarized below:
· Development Department
· HR Processes Both Internal/External
· Customer Support / Engineering Department
· Marketing / Sales / Analytics Departments
· Remote Engineering and Sales Teams
· Storage Infrastructure
You are to address the requirement areas above regarding potential suitable cloud services.
General Recommendation for length 400 words.
· HR processes should plan resource training with estimated time required, probable impact on operations and training required to adapt to the new cloud environment. HR Management Software (HRMS) is recommended to save cost and time and it is customizable and comprehensive.                 
· Storage infrastructure should be chosen such that the object, file or block storage services should be scalable and available on-demand. Unlimited data should be stored at low cost, with resiliency, durability and data security. IBM cloud storage is recommended to accomplish storage infrastructure requirements.
· Remote engineering and sales team should be able to log in to shared cloud securely and view data. They can connect through VPN along with additional access, security and control. Cloud based storage systems should make the most updated information available to remote sales team exactly when needed. The team should employ a robust suite of advanced data and AI tools.
· Customer support/engineering department should constantly update software, exploit it on-demand and customize according to needs. The design should have an omnichannel perspective so that information can be shared in real time from multiple devices. Integration of hybrid cloud and cognitive computing is recommended to create value to the business by offering customers an all-digital end-to-end experience.
· Analytics department should employ cloud-based business intelligence and analytics software to enhance business growth. It will transform self-service analytics and BI through data preparation, discovery and analysis using natural language processing. Analytics cloud shall offer modern, AI powered, self service analytics capabilities for data preparation, visualization and predictive analytics.
· Cloud application services should provide end-to-end services to cover cloud application implementation with development department. This shall include cloud app development and testing, clous app consulting, security services, app integration with other clouds or with other on-premises apps and cloud infrastructure management. Development team should be able to migrate legacy...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here