Security in Cloud Computing
Security issues associated with the cloud
Cloud Security Controls
Deterrent Controls
Preventative Controls
Corrective Controls
Detective Controls
Dimensions of cloud security
Security and privacy
Compliance
Business continuity and data recovery
Logs and audit trails
Legal and contractual issues
Public records
The identified shortcomings in the cloud computing services and established opportunities for growth regarding security aspects are discussed in the current research. The security of services is regarded as the first obstacle. The opportunity for growth is provided as combination of multiple service providing resources and mechanism to mitigate the effect of vulnerability. The research further elaborates the dimensions of security in a shared resources and strategically locating computing resources at multiple locations similar to cloud computing. Furthermore the legal and regulatory issues are also addressed in detail. Improvement in security of the services is also a responsibility of the cloud services users and enterprises deciding to store data. The service providers can establish storage in multiple locations, using different…...
mla
References:
Ackermann, T. (2013). IT Security Risk Management: Perceived IT Security Risks in the Context of Cloud Computing. USA: Springer Gabler.
Aluru, S., Bandyopadhyay, S., Catalyurek, U.V., Dubhashi, D., Jones, P.H., Parashar, M., & Schmidt, B. (Eds.). (2011). Contemporary Computing: 4th International Conference, IC3 2011, Noida, India, August 8-10, 2011. Proceedings (Vol. 168).USA: Springer.
Buyya, R., Broberg, J., & Goscinski, A.M. (Eds.). (2010). Cloud computing: Principles and paradigms (Vol. 87). USA: John Wiley & Sons Inc.
Isaca. (2011). IT Control Objectives for Cloud Computing: Controls and Assurance in the Cloud. USA: ISACA.
Security for Networks With Internet Access
The continual process of enterprise risk management (EM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following EM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework for the development of a comprehensive EM standard, including procedures to guide internal auditing and the construction of a capable and contemporary cyber law policy. Within the organizational structure of any complex enterprise, such as a small software development business, the continual exchange of data necessary to facilitate operational efficiency allows for the presence of clearly identifiable risk factors, including hazard risks, financial risks, operational risks, and strategic risks. The purpose of any EM plan is to assess the various…...
mla
References
Alotaibi, S.J., & Wald, M. (2012, June). IAMS framework: A new framework for acceptable user experiences for integrating physical and virtual identity access management systems.
In Internet Security (WorldCIS), 2012 World Congress on (pp. 17-22). IEEE.
Bodin, L.D., Gordon, L.A., & Loeb, M.B. (2008). Information security and risk management. Communications of the Association for Computing Machinery, 51(4), 64-68. Retrieved from Security and Risk Management.pdfhttp://www.rhsmith.umd.edu/faculty/mloeb/Cybersecurity/Information
Security Monitoring Strategies
Creating a unified, enterprise-wide security monitoring strategy for any organization must be based on a series of strategic goals and objectives that encompass every functional area and system of a business. The intent of this analysis is to define the objectives that must anchor a security monitoring strategy to ensure its success, followed by specific recommendations for security monitoring of each major functional area.
Defining Security Monitoring Strategies
For an enterprise-wide security management strategy to be successful, the monitoring systems and processes must seek to accomplish three key strategic tasks. These tasks include improving situational awareness, proactive risk management and robust crisis and security incident management (Gellis, 2004). With these three objectives as the basis of the security monitoring strategies and recommended courses of action, an organization will be able to withstand security threats and interruptions while attaining its objectives.
Beginning with the internal systems including Accounts Payable, Accounts eceivable, Inventory,…...
mla
References
Desai, M.S., Richards, T.C., & Desai, K.J. (2003). E-commerce policies and customer privacy. Information Management & Computer Security, 11(1), 19-27.
Gellis, H.C. (2004). Protecting against threats to enterprise network security. The CPA Journal, 74(7), 76-77.
Ghosh, A.K., & Swaminatha, T.M. (2001). Software security and privacy risks in mobile e-commerce. Association for Computing Machinery.Communications of the ACM, 44(2), 51-57.
Gordon, L.A., Loeb, M.P., & Tseng, C. (2009). Enterprise risk management and firm performance: A contingency perspective. Journal of Accounting and Public Policy, 28(4), 301.
Security Policy Document: Global Distributions, Inc.
The purpose of this document is to establish key security parameters and guidelines for Global Distributions, Inc. (GDI) in order to protect the interests of the company and its clients.
Scope
These policies apply to all operations managed by GDI, including interactions and interfaces with client companies that are managed by GDI. All communication networks, database systems, and servers full under the purview of this policy.
Policies
Definition of Sensitive Information
All information that could identify a client of GDI, monetary values of client goods or contracts, physical addresses of client goods or business locations, physical addresses of GDI company locations, any details of client-specific services rendered by GDI to clients, and any personally identifying information for any client or GDI personnel shall be considered sensitive information and treated as such. This designation applies to this policy document and to other documents, guidelines, and directives issued by GDI as they…...
Organizational security strategies must be designed for agility and speed through the use of state-of-the-art systems that can quickly be reconfigured to match changing roles in an organization. Organizational security will be defined through role-based access, configurable through authenticated, clearly delineated processes that can be administered at the administrator level (Hone, Eloff, 2002).
The organizational security strategy will also be designed on the empirically validated Confidential, Integrity and Availability (CIA) triad model that successfully balances the need for data accuracy, security and access. Metrics and analytics will also be used for tracking the effectiveness of this strategy, as CIA-based implementations can be quantified from a reconciliation network performance standpoint (Gymnopoulos, Tsoumas, Soupionis, et. al., 2005).
Access Control and Cryptography Security
The it security policy will require the use of a proxy server-based approach to defining access control, authentication and cryptography. As there are a myriad of new technologies being released in this…...
mla
References
Amsel, E. (1988). Network security and access controls. Computers & Security, 7(1), 53.
Banks, S. (1990). Security policy. Computers & Security, 9(7), 605.
Burgess, M., Canright, G., & Kenth Engo-Monsen. (2004). A graph-theoretical model of computer security. International Journal of Information Security, 3(2), 70-85.
This is sensitive information that should be securely stored. The records contain confidential information that could be used in identity theft. The records should be securely stored either in soft copy or hard copy. Only authorized personnel should have access to these records. Audit trails should be installed to keep track of the personnel who access the records. The authorized personnel should be analyzed and background checks conducted. Strict measures and policy should be established to protect the information and security records. The center should have data storage systems that are less prone to intruders. The systems should also have intrusion detection systems that prevent and detect any intruders or hackers. Since the systems will be networked the facility should also install firewalls, which will prevent unauthorized network access. Having a username and password combination before a person accesses the system will also promote and improve security of data.
Physical…...
mla
References
Alexander, D.E. (2002). Principles of Emergency Planning and Management. Oxford: Oxford University Press.
Bender, J. (2003). How to Prepare a security Plan. Alexandria, VA: American Society for Training and Development.
Haddow, G., Bullock, J., & Coppola, D.P. (2010). Introduction to Emergency Management. Maryland Heights, MO: Elsevier Science.
Kramer, J.J., Laboratory, L.E.S., Standards, U.S.N.B. o., Division, C. f C.P.T.C.S., Intelligence, U.S.D.N.A., & Directorate, S. (1978). The role of behavioral science in physical security: proceedings of the second annual symposium, March 23-24, 1977. Washington, DC: Dept. Of Commerce, National Bureau of Standards: for sale by the Supt. Of Docs., U.S. Govt. Print. Off.
Also, it goes without saying that anyone hired in an important position like this one should have a wealth of experience and knowledge pertaining to information technology and information security (Slater, p. 2).
The broad spectrum of activities a CSO must engage in Author Tyler Justin Speed explains that while it security staff can be counted on for the most part to protect stored digital data, unless the chief of security is fully aware of the potential for "internal threats" he or she is missing the boat. In other words, employees with access to server rooms can access databases, computers, routers, monitors and other "physical parts of the network infrastructure" (Speed, 2012). Speed insists that it doesn't matter "…how good the firewall installed at a network's gateway to the Internet is; if a computer's disk drive is not physically protected," a person who is not authorized can upload "malicious software"…...
mla
Works Cited
Slater, Derek. (2011). What is a Chief Security Officer? Increasingly, Chief Security Officer
means what it sounds like: The CSO is the executive responsible for the organization's entire security posture, both physical and digital. CSO Online. Retrieved June 26, 2013, from http://www.csoonline.com .
Speed, T.J. (2012). Asset Protection Through Security Awareness. Boca Raton, FL: CRC
Despite these concerns however the world's largest companies still actively promote and routinely hype the value of cloud computing without mentioning the myriad of risk associated with this platform, despite its continual maturation from a security and stability standpoint [2].
An example of this is type of hype is when Microsoft's Steve Balmer described cloud computing as the next frontier and Dr. Ajei Gopal verified that the cloud is there to alter everything. Joe Tucci, the CEO of EMCCorp described the impact of cloud computing as "We're now going through what I believe is pretty much going to be the biggest wave in the history of information technology." These claims of corporate executives must be balanced against reality and the fact that these platforms require a continual focus on quantifying and validating trust on the one hand [1] and designing the systems to ensure a higher level of content agility…...
SECURITY and PRIVACY - the following security and privacy requirements apply: The Office does not accept responsibility for the privacy, confidentiality or security of data or information not generated by this office or transmitted from external sources into the system. The Office does not accept responsibility for loss, corruption, misdirection or delays in transmission of personal data through the system. Users are responsible for the integrity of all data and all incidents that affect security must be reported to System administrator as quickly as possible. Users must protect the system data from all unauthorised access and they are responsible to ensure the system's data is properly backed up against the threat of loss, security threats, environmental hazards, corruption or destruction. No system equipment is allowed to be taken out of the office without proper authorization.
ELECTRONIC MAIL - messages will be kept as short and specific as practicable. Materials that can…...
They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and objectives to the organization as a whole. A good security policy shows each employee how he or she is responsible for helping to maintain a secure environment (as cited in David, 2002)."
Therefore it is clear that companies have got to create security policies and educate their employees so that they are fully aware of not only the dangers that surround them but also respond to those dangers in an appropriate manner should any crisis unfold. This study aims at assessing…...
It's not necessary, for the purposes of this paper, to look in detail at these steps for a basic understanding of how a security assessment is conducted. To understand the nuances, there are about a million books one can read, but we will discuss a few general "rules."
The first thing to keep in mind with an assessment is that the methodology is flexible. It has to be to adapt to scheduling problems with clients, or availability of resources. As an example, a client could desire a certain timetable for the assessment steps to be accomplished. It may not match your schedule, so...flexibility is paramount.
Second, steps within the methodology can be combined. If it makes things more efficient, then do it.
The third step is crucial -- understanding the business. If there is not a solid comprehension of the business then there is no way to understand the risks.
Gont, F. (2008, July). Security assessment of the internet protocol. Retrieved May 13, 2009, from Center for the Protection of National Infrastructure: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf
Kairab, S. (2004). A practical guide to security assessments. New York: CRC Press.
McNabb, C. (2004). Network security assessment. Sebastopol, CA: O'Reilly.
Security
Information is the Power. The importance of collecting, storing, processing and communicating the relevant information presently is viewed as crucial in order to achieve success in almost all the fields be it business firms, individuals or organizations. An integrated set of components assisting collection, store, process and communication of information is termed as information system. Increasing dependence on information systems is noticed in order to excel in the respective fields of operation such as competing in the marketplace, supply services, augmentation of the personal lives etc. New capabilities have been introduced in the field of information systems with the advent of new technology for collection recording and processing of information. Recording and dissemination of information system is considered to have revolutionized with the invention of movable type in 15th century and creation of portable typewriter at the end of 19th century.
The census tabulator of Herman Hollerith, invented to process the…...
Information systems security: a comprehensive model" (20 June 1994) Annex to National Training Standard for information systems security (INFOSE) Professionals" Retrieved at Accessed on19 June, 2004http://www.sou.edu/cs/ackler/Sec_I/Sources/4011.pdf .
Security -- Hip Trends Clothing Store
Security Plan Part a -- Overall Description -Business Divided into three areas: Parking Lot, Main Store, Storage and eceiving:
Parking Lot
Approximately 50 car limit
Security Lighting, automatically timed for Dusk -- guarantees that the lot is never dark for clients or employees.
Main Entrance -- two security cameras continually sweeping parking lot; allows for monitoring of potential criminal activity.
Bullet-proof glass infused with titanium threads for window security; inability for rioters to break in or loot.
Main Store
Double closed front gate (metal); security tested.
Security Detection Devices at Door; coded to merchandise.
Continuously moving cameras within store (ceiling mounted)' continuously monitored during open hours, taped during closed hours.
Motion sensor alarm set during off hours.
Security office monitored cameras and two way mirrored glass
Posted signs: "Shoplifters Will Be Prosecuted -- You are being taped"
eceiving Area
Double sided metal door, key coded on delivery door
Security cameras in back room; prevent employee theft or potential danger to…...
mla
REFERENCES and WORKS CONSULTED
Cupchick, W. (2002). Why Honest People Shoplift. Booklocker.com.
Landoll, D. (2006). The Security Risk Assessment Handbook. McCraw Hill.
Nadel, B. (2004). Building Security Handbook.Graw Hill.
Perkins, K. (2009). "Workplace Threats." Diversified Risk Management. Cited in:
Microsoft proposes six steps to enable proper reactive management of security risks which include: protecting safety and life, containing and assessing the damage, determining the cause of and repairing damage, reviewing risk response and updating procedures in the hopes of preventing risk in the future (Microsoft, 2004).
A proactive approach is much more advantageous however as it enables corporations to prevent threats or minimize risks before negative occurrences happen within an organization. A proactive approach requires that organizations first identify what assets they have that need protecting, then determine what damage an attack could have on assets in question, next identify any vulnerabilities that could occur within current securities and finally decide on procedures to minimize the risk of threats and attacks by implementing proper risk management controls and procedures (Microsoft, 2004). In this sense risk management is much like risk "assessment' which allows organization to place value on assets and…...
mla
References
Acar, W. & Georgantzas, N.C. (1996). Scenario-driven planning: Learning to manage strategic uncertainty. Westport; Quorum Books.
Barrese, J. & Scordis, N. (2003). "Corporate Risk Management." Review of Business,
Jones, K. (2004). "Mission drift in qualitative research, or moving toward a systematic review of qualitative studies, moving back to a more systematic narrative review." The Qualitative Report, 9(1): 95-112. http://www.nova.edu/ssss/QR/QR9-1/jones.pdf
Kimball, R.C. (2000). "Failure in risk management." New England Economic Review,
This has been the basic rationale for every totalitarian state during the Twentieth Century. It is the idea that if the people relinquish their rights -- especially their rights to keep anything hidden from the government -- then the government will be better able to ensure that no potential threats to the security of the citizenry ever manifest themselves. This premise, however, is based on the faulty idea that the government will never abuse this power. History has demonstrated otherwise. In fact, the unchecked expansion of government authority into the private lives of individuals will only result in greater abuses against the Constitutional rights of the individual -- all in the name of security for the nation. But security of this kind is impossible to ensure -- the marginal increase in safety will be more than counteracted by the wanton acts of governmental abuse that will be directed toward…...
mla
References
Bennett, S.C. (2006, August 7). Data security: it's a nonpartisan issue. New Jersey Law Journal.
Donohue, L.K. (2006, Spring). Anglo-American privacy and surveillance. Journal of Criminal Law and Criminology, 96(3), pp. 1059-1208.
Heymann, P.B. (2002, Spring). Civil liberties and human rights in the aftermath of September 11. Harvard Journal of Law and Public Policy, 25(2), pp. 441-455.
McMasters, P.K. (2006, June 1). Casting a digital drift net. New Jersey Law Journal.
Leasing to someone can be risky. Make sure you charge enough rent, and that you get a good security deposit. Check local laws in your area to find out how much of a deposit you can collect. In some places it's no more than 1.5 times the rent. Other places allow for a larger amount. Check the person's credit, background, and references. Look for problems paying bills, broken lease agreements, and any past criminal history.
Also talk to your insurance company. If you're renting/leasing your home, you can't just keep your standard homeowner's policy. You won't be covered if you have....
Due diligence refers to the process of doing a proper investigation into something before taking an action. Due diligence can have applications in a number of different contexts, but is most often discussed in the context of some type of business deal, when a person or organization has to make a decision about whether or not to enter into some type of business relationship (usually an investment relationship) with another type of person or organization. Due diligence can be as simple as studying publicly available information to determine whether or not to purchase a stock....
Cloud computing is the wave of the future because of the advantages it offers over having storage at each specific location. However, that does not mean that cloud computing is without some significant challenges. Any essay focusing on cloud computing needs to make sure and examine both strengths and weaknesses of the model. In fact, the example outline that we have included takes a strengths and weaknesses approach.
Essay Topics on Cloud Computing
How does cloud computing increase your storage power?
What are the security risks of cloud computing?
Considering security risks and cloud computing in light of terrorist....
Management accounting combines traditional accounting responsibilities with management responsibilities, which allows a company to align budgetary considerations with the people handling the money. There are a variety of different topics in management accounting that could serve as a good springboard for research, because how it is applied can vary tremendously depending on the size, purpose, and structure of an organization. Regardless of the approach, it is clear that management accounting has become an important component of the decision-making process in business of all sizes and that the continued evolution of this practice should results in....
Sign Up for Unlimited Study Help
Our semester plans gives you unlimited, unrestricted access to our entire library
of resources —writing tools, guides, example essays, tutorials, class notes, and more.
