information security group presentation ppt
TRANSCRIPT
![Page 1: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/1.jpg)
1
INFORMATION SECURITY WELCOME TO THE GROUP
PRESENTATION
![Page 2: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/2.jpg)
2
Topic Name and details
Mitigations to ensure the confidentiality, integrity and availability of the data stored on these providers? Discuss mitigations for both the cloud providers and also the end users.
Vaishal Shah(30129756)Kawalpreet Kaur(30116373)Vidit Darji(30309034)Gagandeep Kaur(30129485)
![Page 3: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/3.jpg)
3
Introduction of Cloud ProvidersIt is a firm which delivers cloud computing that relies
on services and solution to individuals and business. It is also known as utility computing provider.
Based on the business model. There are many solutions Infrastructure as a Service(IAAS)Software as service(SAAS)Platform as service(PAAS)
![Page 4: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/4.jpg)
4
What is Confidentiality, integrity, availability is also known as CIA triad
structure made to guide policies for information security within an organization.
Are considered to be crucial elements components of society.
![Page 5: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/5.jpg)
5
Confidentiality, integrity, availabilityConfidentiality is a set of rules or procedures
that restricts the boundary to use or access to information.
Integrity is the assurance that the information gathered is trustworthy and reliable.
Availability is a guarantee of accurate access to the information by authorized people.
![Page 6: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/6.jpg)
6
Dropbox, Google docsDropbox is a cloud storage service, sometimes referred to
as an online backup service, that is frequently used for file
sharing and collaboration. It is increasingly being used in
enterprises.
This service is as a warehouse used by government
organizations, banks, post offices, video stores and
libraries to allow people to drop items.
![Page 7: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/7.jpg)
7
Diagrammatical representation of Dropbox, Google Drive
![Page 8: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/8.jpg)
8
Figures about Dropbox, Google Drive
![Page 9: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/9.jpg)
9
Problems or Issues related to ensure Confidentiality, Availability, Integrity by cloud providersMalicious behaviour of insiders.
Incomplete or insecure data completion.
Management interface vulnerability.
![Page 10: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/10.jpg)
10
Issues contd.Loss of Governance.
Isolation of failure.
Compliance and legal risks.
![Page 11: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/11.jpg)
11
Mitigations to ensure confidentiality, integrity and availability of cloud providersThe cloud is still new so the
push for effective controls over the protection of information in the cloud is also nascent. But every problem comes with a solution so there are fewer security solutions for the cloud providers than there are for securing physical devices in a traditional infrastructure.
CIA Triad
![Page 12: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/12.jpg)
12
Confidentiality Data encryption User IDs and passwordsBiometric verification and security tokens, key fobs
and soft tokens.Data confidentiality may involve special training for
those privy to such documentsStoring Information only on air gapped computers,
disconnected storage devices or, for highly sensitive information, in hard copy form only
![Page 13: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/13.jpg)
13
IntegrityMaintaining consistency, accuracy and
trustworthinessEnsuring data from unauthorized access EMP(electromagnetic pulse) or server crash.Some data might include checksums,
even cryptographic checksums for verification of integrity.
Back ups or redundancies must be available to restore the affected data to its correct state.
![Page 14: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/14.jpg)
14
Availability Maintaining all hardware, performing hardware
repairs Providing adequate communication bandwidthPreventing occurrence of bottlenecksBack up copy must be stored in a geographically
isolated locationUse of firewalls and proxy servers Fast and adaptive disaster recovery
![Page 15: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/15.jpg)
15
Mitigations Cont..Cloud Access Security Brokers(CASBs) : Niche market has been trying to reduce the severity of information shared on cloud providers so this market came up with Cloud Access Security Brokers(CASBs) defined as a strategy to mitigate this problem.
Context Awareness also allows the CASB providers to employ heuristic analysis on Cloud bound traffic, to do some form of anomaly detection to identify malicious or erroneous traffic. This is an area that they are all investing heavily in today.
![Page 16: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/16.jpg)
16
Problems for cloud providers
Data integrityData theftPrivacy issueData loss Data location
![Page 17: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/17.jpg)
17
Data integrityUser can access the data from any whereLack of data integrity in cloud
Data TheftCost affective and flexible for operationHigh possibility of data stolen from other user
![Page 18: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/18.jpg)
18
Privacy issueMake sure that customer’s private information secureKeep watching who is access the data
Data LossDue to financial problem when vendor closes, customer will loss dataCustomer can not be able to access the data because vendor shut down
![Page 19: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/19.jpg)
19
Data location Anyone don’t know the location of dataVendor not reveal the location of data
![Page 20: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/20.jpg)
20
Mitigation of cloud providersIdentify the assetsAnalyze the riskApple security countermeasure Conduct post-run
![Page 21: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/21.jpg)
21
Problems faced by users of cloud services
PrivacySecurityData breachesData protection
![Page 22: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/22.jpg)
22
Mitigations for users of cloud services
• Privileged user Access• Regulatory Compliance• Data Location• Demonstrable customer care
![Page 23: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/23.jpg)
23
Mitigations Cont..
• Data Segregation• Recovery• Investigative support/Search ability• Long-term viability
![Page 24: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/24.jpg)
24
Referenceshttps://www.techopedia.com/definition/133/cloud-providerhttp://www.cloud-council.org/Security_for_Cloud_Computing-Final_080912.pdf
https://www.google.com.au/search?q=image+of+dropbox,+google+docs
http://www.slideshare.net/pcalcada/apresentao-cm-1524115
http://www.cloudcouncil.org/Security_for_Cloud_Computing-Final_080912.pdf
http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA
![Page 25: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/25.jpg)
25
ANY QUESTIONS
??????
![Page 26: Information security group presentation ppt](https://reader036.vdocuments.site/reader036/viewer/2022081604/58a2bf751a28ab217a8b489d/html5/thumbnails/26.jpg)
26
THANK YOU