HW 8th Cases

Download as pdf or txt
Download as pdf or txt
You are on page 1of 14

Answer:

Cloud computing poses a variety of security problems including


security breaches due to misconfiguration, unauthorized
access, hijacking of accounts, and external sharing of data.
These problems are very serious as they will lead to the
company losing precious information and sensitive data. They
can also create a gateway for intruders to change important
information and create chaos for the company’s future.
Answer:
The cloud services customer is typically responsible for its
operating system, applications, and corporate data placed into
the cloud computing environment. This means that most of the
responsibility for securing the applications and the corporate
data falls on the customers. Many organizations have been
breached because they neglected to apply software patches to
newly identified security vulnerabilities when they became
available or waited too long to do so. Companies have also
experienced security breaches because they did not configure
aspects of cloud security that were their responsibility. Through
this, it can be understood that most cloud security problems
occur due to the irresponsibleness of customers rather than
cloud computing itself. Hence the security management is only
really an issue if customers do not follow up on the next steps
of securing the cloud.
Answer:
Organizations can ensure that they have done everything that
was their responsibility and follow up by keeping their cloud
software configured and up to date. Cloud service customers
should carefully review their cloud services agreement with
their cloud services provider to make sure their applications
and data hosted in cloud services are secured in accordance
with their security and compliance policy. It is also essential to
update security requirements developed for enterprise data
centers to produce requirements suitable for the use of cloud
service.
Answer:
Using public cloud disrupts traditional cybersecurity models
that many companies have built up over years. As a result, as
companies make use of the public cloud, they need to revise
their cybersecurity practices in order to consume public cloud
services in a way that enables them both to protect critical data
and to fully exploit the speed and agility that these services
provide. For this reason, I think that companies should not
use the public cloud to run their mission-critical system s as
there are too many security threats imposed by using the public
cloud.

Answer:
Meltdown and Spectre are information leakage vulnerabilities as
opposed to code execution vulnerabilities.

Meltdown and Spectre are the two type of flaws which leads the
attackers to access the most secure data. Meltdown was named
because it softens the security boundaries normally enforced by
hardware. By exploiting the attacker can use a program running on a
computer to gain access to the data from all over the machine that the
program shouldn't be normally able to see, including the that belongs
to other program and data to which only the administrator has the
access.

Spectre requires more intimate knowledge of the victim program's


inner working. The name spectre comes from speculative execution, in
which a chip is able to start work on predicted future operations in
order to work faster. In this, the system is tricked into incorrect
anticipation of the application behavior. This type of fault is even
difficult to neutralize.

Answer:
Spectre and meltdown pose threats to all three. With cloud computing
services, they are able to gain access to tons of files, wreaking endless
havoc on potentially multiple firms, and gaining tons of sensitive
information and god knows what else. With corporate data centers,
they are able to gain all of a firm’s sensitive information such as
employee pay, social security numbers, band numbers, etc. Really
anything is possibly with these hacking systems. And finally with
individual computer and smartphone users, they can again gain your
personal information without even being detected at all. These hackers,
no matter where you are or who you are, are able to gain any
information they want just because of a flaw in the hardware of many
systems.

Answer:
First, I would start by doing any updates my operating system may need
to help prevent spectre and meltdown from accessing any information
or even start their operations. I would always keep an up to date
browser, as well as make sure that my browser is closed out when I am
done using any devices to help prevent these systems from gaining
access. And I would also look to see if there were any antivirus
applications available to help as well. These steps would go for any
situation. There is lots of sensitive information on any system, and It is
crazy to me to know that for the past 24 years, millions of devices could
have been compromised due to a flaw in computer chip hardware.
Hopefully these new processors come out sooner than the expected
510 years so people with any sort of computer down have to worry
about these types of systems or hackers in general.
Answers:
• Digital data are vulnerable to destruction, misuse, error, fraud,
and hardware or software failures. Because everything is online
today it relies on the internet to work the way it should. If it is not
working in the correct way, then information cannot be stored.
Also, people using this software need to be trustworthy because
the can often misuse the information and continue with fraud and
benefit from their misuse of the data.
• Malware is a malicious software programs such as computer
viruses, worms, and Trojan horses. A virus attaches itself to other
software programs, usually without knowledge or permission.
Worms copy themselves from one computer to another over a
network. A Trojan horse appears to be benign but then does
something other than expected.

• A hacker is an individual who intends to gain unauthorized access


to a computer system. Hackers often steal goods and information
as well as system damage.

• Computer crime is the violation of criminal laws that involves a


knowledge or technology for perpetration, investigation, or
prosecution.
Example: where computers are targets:
- Breaching the confidentiality of protected computerized data.
- Accessing a computer system without authority.
Example: where computers are used as instruments of crime:
- Theft of trade secrets
- Schemes to defraud

• Identity theft is a crime in which an imposter obtains key pieces


of personal information, such as social security information,
driver's license numbers, or credit card numbers. They then use
this information to impersonate someone else. Phishing is setting
up fake websites or sending email messages that look like those of
legitimate businesses to ask users for confidential information.
Since everything in todays' society is online it makes retrieving this
information much easier. Thus, people should be careful with
anytime they order anything online.

• The security and systems reliability problems created by


employees:
Although security and control does not contribute directly to sales
revenue it is still very important. Putting money into these helps
protect not only business information from people outside the
business, but it also makes sure that customer information does
not get exposed to outside users. If this information was not
secure there may be a large lawsuit waiting to happen.

• how software defects affect system reliability and security:


- A business systems that fails means customers are under or over
billed.
- Business may order more inventory than it needs.
- Major problems are the bugs or defects caused by incorrect
design.
- Bugs can be impossible to find in testing, making those hidden
bombs.
- Commercial software contains flaws that create security
vulnerabilities.
- Flaws can open networks to intruders.
- Security breach may cut into firm's market value almost
immediately.
- Inadequate security and controls also bring issues of liability.
Answer:
Lack of sound security and control can cause firms relying on
computer systems for their core business functions to lose sales
and productivity. Information assets, such as confidential
employee records, trade secrets, or business plans, lose much of
their value if they are revealed to outsiders or if they expose the
firm to legal liability. New laws, such as HIPAA, the Sarbanes-
Oxley Act, and the Gramm-Leach-Bliley Act, require companies
to practice stringent electronic records management and adhere
to strict standards for security, privacy, and control. Legal actions
requiring electronic evidence and computer forensics also
require firms to pay more attention to security and electronic
records management.
Answer:
Firms need to establish a good set of both general and application
controls for their information systems. A risk assessment evaluates
information assets, identifies control points and control weaknesses,
and determines the most cost-effective set of controls. Firms must also
develop a coherent corporate security policy and plans for continuing
business operations in the event of disaster or disruption. The security
policy includes policies for acceptable use and authorization.
Comprehensive and systematic MIS auditing helps organizations
determine the effectiveness of security and controls for their
information systems.
Answer:
Firewalls prevent unauthorized users from accessing a private network
when it is linked to the Internet. Intrusion detection systems monitor
private networks from suspicious network traffic and attempt to access
corporate systems. Passwords, tokens, smart cards, and biometric
authentication are used to authenticate system users. Antivirus
software checks computer systems for infections by viruses and worms
and often eliminates the malicious software, while antispyware
software combats intrusive and harmful spyware programs. Encryption,
the coding and scrambling of messages, is a widely used technology for
securing electronic transmissions over unprotected networks. Digital
certificates combined with public-key encryption provide further
protection of electronic transactions by authenticating a user’s identity.
Companies canuse fault-tolerant computer systems or create high-
availability computing environments to make sure that their information
systems are always available. The use of software metrics and rigorous
software testing help improve software quality and reliability.

You might also like