cloud computing security and integrity
sbadugula
SafeAssignOriginalityReport.pdf
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&att… 1/70
11876.202110 - FALL 2020 - CLOUD COMPUTING (ITS-532-M52) - FULL TERM
Residency Assignment 3 Saikiran Bandari,Santoshkumarreddy Badugula,Bhanu Prakash Reddy Mogusala,David Verret_PreviewUser on Sun, Oct 11 2020, 11:42 AM
83% highest match Submission ID: 93550c20-4241-467f-89de-f231f98920b0
Attachments (1)
Cloud_computing_Team1_residency_paper.docx
Running Head: Cloud Computing in Financial services Industry 1
Cloud Computing in Financial services Industry 20
Cloud Computing in Financial services Industry
Team 1
SantoshKumarReddy Badugula
SaiKIran Bandari Bhanu Prakash Reddy Mogusala
Cloud Computing (ITS -532-M52) University of The Cumberlands
Dr. David L. Verret 10/11/2020
Introduction
A security breach has been an area of concern for many organizations, a lot of effort has been
put in place to curb this situation, but there is still a lot to do. 1 THIS PAPER IS
(http://safeassign.blackboard.com/)
Cloud_computing_Team1_residency_paper.docx Word Count: 5,844 Attachment ID: 3532119401
83%
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&att… 2/70
INTENDED TO ANALYZE CAPITAL ONE'S BREACH OF 2019. THE BREACH
RESULTED IN THE THEFT OF 100 MILLION CUSTOMERS' information and credit
card applications. 1 THIS DOCUMENT IS INTENDED TO EXAMINE ITS
UNDERLYING CAUSE THAT LED TO THE BREACH WHILE PRESENTING
TECHNICAL SOLUTIONS/ PREVENTIONS TO PREVENT THIS INCIDENT FROM
RE-OCCURRING. THIS UNDERLINING ISSUE WAS AN EXAMPLE OF AN
INSIDER THREAT AND MISCONFIGURED WEB APPLICATION IN THE
FIREWALLS. SUCH MISCONFIGURATIONS LED TO AN ATTACKED CALLED A
SERVER-SIDE REQUEST FORGERY (SSRF). TO CONCLUDE THE INTEGRITY
OF THE SYSTEMS, A PENETRATION TEST COULD CATCH SEVERAL
MISCONFIGURATION FLAWS. I will also be looking at security and integrity in cloud
computing and the recovery plan for capital one bank.
2 SECURITY BREACH AT CAPITAL ONE BANK
1 HAVING VIRTUAL SERVICES IS BECOMING MORE COMMON AMONG
COMPANIES. SERVICES LIKE THE CLOUD HELP COMPANIES RUN VARIOUS
WORKLOADS THROUGH THE INTERNET INSTEAD OF A HOST'S PHYSICAL
COMPUTER SOFTWARE. LARGE COMPANIES RENT CLOUD SERVICES FOR
THEIR VIRTUAL INFRASTRUCTURE AND (OR) DATA CENTERS. Companies
eliminate physical Information Technology (IT) systems maintenance. 1 IT IS COST-
EFFECTIVE SINCE ITS RENTED STORAGE SYSTEMS CAN EASILY BE
UPGRADED, MOBILE, AND ALWAYS UP AND RUNNING. THESE SERVICES
CAN BE RUNNING AN APPLICATION, ACCESSING DATA, OR RUNNING A
VIRTUAL INFRASTRUCTURE. THERE ARE THREE TYPES OF CLOUD
SERVICES, SOFTWARE AS A SERVICE (SAAS), PLATFORMS AS A SERVICE
(PAAS), AND INFRASTRUCTURE AS A SERVICE (IAAS). THESE SERVICES ARE
GENERALLY WELL PROTECTED IN TERMS OF THEIR SECURITY POSTURE.
ITS SECURITY CONSISTS OF SETTING POLICIES, CONTROLS, PROCEDURES,
AND HANDLING INFORMATION FROM THE OWNER. ALTHOUGH SECURITY
CAN BE EASILY ACHIEVABLE AND PROMISED BY CLOUD PROVIDERS,
SEVERAL FLAWS CAN OCCUR IF IT IS NOT WELL SECURED. THE CAPITAL
ONE BREACH OF 2019 IS AN EXAMPLE WHERE CLOUD SERVICES LACKED
SECURITY. THE CAPITAL ONE BREACH OF 2019 WAS A SIGNIFICANT CASE;
IT OUTLINES SEVERAL WEAKNESSES IN CLOUD SECURITY. 3 A HACKER
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&att… 3/70
GAINED ACCESS TO MORE THAN 100 MILLION CUSTOMER ACCOUNTS AND
CREDIT CARD APPLICATIONS. 1 AMAZON WEB SERVICES (AWS) HOSTS
CLOUD SERVICES FOR CAPITAL ONE'S FINANCIAL INSTITUTION. CAPITAL
ONE UTILIZES AWS AS A WAY OF REDUCING THE DATA CENTER AND
INFRASTRUCTURE FOOTPRINT. AWS RUNS CAPITA ONES ARTIFICIAL
INTELLIGENT (AI) MACHINES. These machines learn solutions to help discover fraud;
AWS also detects and creates analytics; this data is used to gain new insights into customer
wants/needs. 1 AWS CLOUD SERVICES ARE MAGNIFICENT IN THE UP
KEEPING OF CAPITAL ONE RESOURCES. SINCE AMAZON HOSTS CAPITAL
ONE'S SERVICES, ITS UNDERLINING SEQUENCE OF THE BREACH REVOLVES
AROUND AMAZON'S SECURITY TEAM. THIS INCIDENT WAS ACCOMPLISHED
BY AN INDIVIDUAL NAME PAIGE A THOMPSON, AND THE HACKER WAS AN
EX-WORKER/ENGINEER FOR AWS. DURING PAIGE'S EMPLOYMENT AT AWS,
HE HAD DISCOVERED ONE OF CAPITALS ONE'S VULNERABILITY. BEFORE
THE HACK, PAIGE BUILT A TOOL THAT WOULD BE ABLE TO SCAN SERVER
MISCONFIGURATIONS. PAIGE WAS ABLE TO UTILIZE THE MALICIOUS
SOFTWARE FOR SCANNING SERVER MISCONFIGURATIONS, AND AS A
RESULT, SEVERAL BACKDOOR FIREWALLS WERE OPENED. AFTER
DISCOVERING SEVERAL MISCONFIGURATIONS IN THE SERVER, HE WAS
ABLE TO GAIN ACCESS (NEWMAN, L, 2019). THIS DOCUMENT IS INTENDED
TO EXAMINE THE 2019 CAPITAL ONE CASE AND ITS UNDERLYING CAUSE
THAT LED TO THE BREACH WHILE PRESENTING TECHNICAL PREVENTIONS
THAT CAN PREVENT THIS INCIDENT FROM RE-OCCURRING. THE TWO
UNDERLINING ISSUES OF THE BREACH WERE 1) INSIDER THREAT AND 2)
MISCONFIGURED WEB APPLICATION FIREWALLS. SEVERAL SOLUTIONS
CAN OFFER THE PREVENTION OF THESE VULNERABILITIES. The first solution
is to minimize the risk of an insider threat. 1 THIS CAN BE DONE BY PLACING AND
ENFORCING SEVERAL IT POLICIES THAT COULD HELP PREVENT INSIDER
THREATS FROM GAINING ACCESS TO UNAUTHORIZED SYSTEMS. ANOTHER
COURSE OF ACTION IS TO IMPLEMENTING AND CORRECT WEB
APPLICATION FIREWALL CONFIGURATIONS. THESE CONFIGURATIONS CAN
PREVENT SERVER-SIDE REQUEST FORGERY (SSRF), THE SAME ATTACK
PERFORMED TOWARDS CAPITAL ONES. To conclude the systems' 1 INTEGRITY,
A PENETRATION TEST COULD CATCH SEVERAL MISCONFIGURATION FLAWS
WHILE ALLOWING THE SECURITY TEAM TO PATCH AND SECURE ALL OPEN
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&att… 4/70
DOORS. SUCH METHODS CAN PROTECT CAPITAL ONES' valuable systems,
(Mishra, et al, 2018).
1 THE 2019 CAPITAL ONE BREACH WAS CONSISTENT WITH AN INSIDER
THREAT AND MISCONFIGURATIONS ON THE SERVER. THE SEQUENCE OF
EVENTS STARTED WITH THE INSIDER THREAT. PAIGE (HACKER) IS A
SOFTWARE ENGINEER AND WORKED FOR AWS BACK IN 2016; PAIGE
WORKED FOR AMAZON SIMPLE STORAGE SERVICE (S3). THE S3 SERVICE IS
A STORAGE CENTER WHERE COMPANIES STORE DATA, APPLICATIONS, AND
SERVICES THAT CAN EASILY BE ACCESSIBLE BY THE OBJECT'S OWNER AND
THOSE WHO ARE USING IT. S3 SERVICES HOST MILLIONS OF
APPLICATIONS THAT ARE UTILIZED BY SEVERAL COMPANIES.
CAPITAL ONE STORED INFORMATION IN AMAZON S3 BUCKETS. THESE
BUCKETS ARE CONFIGURED BY A WEB APPLICATION FIREWALL (WAF).
THE WAF IS AN APPLICATION FIREWALL FOR HTTP/S APPLICATIONS, AND
ITS FIREWALL RULES ARE COMMONLY SET TO PREVENT ATTACKS SUCH AS
SERVER-SIDE REQUEST FORGERY. SERVER-SIDE REQUEST FORGERY IS A
TYPE OF ATTACK WHERE MALICIOUS SCRIPTS ARE INJECTED AND
EXECUTED BY MANIPULATING THE URL. BY BROWSING AN APPLICATION'S
URL PATH, THE HACKER CAN EASILY UNDERSTAND THE SERVER'S LOGIC
AND FUNCTIONALITY. AS A RESULT OF SERVER-SIDE REQUEST FORGERY,
HACKERS CAN GAIN ACCESS TO INTERNAL SERVER FUNCTIONALITY. THE
SEQUENCE OF THIS ATTACK STARTS BY SIMPLY UNDERESTIMATING A
LINK. TO CONDUCT A SERVER-SIDE REQUEST FORGERY, THE HACKER MAY
ALREADY HAVE ACCESS TO A WEB APPLICATION OR MIGHT HAVE GOTTEN
ACCESS BY PERFORMING ANOTHER ATTACK. Cross-site scripting attacks allow the
hacker to steal individuals' sessions to log on to a system as them. 1 A SERVER-SIDE
REQUEST FORGERY STARS BY SCANNING AND BROWSING THROUGH
SEVERAL OPTIONS WITHIN APPLICATIONS, WHILE DOING SO, THE HACKER
CAN VIEW ITS DIRECT PATH WITHIN A LINK WHILE UNDERSTAND ITS
DETAIL PATH TO THE SERVER. INSIDE AN APPLICATION, THERE ARE
SEVERAL URL PATHS THAT LEADS TO OPTIONS THAT IS ONLY AVAILABLE
TO THE USER, SUCH PATH/OPTIONS CAN BE PERCEIVED AS ROADS OF
VALUABLE INFORMATION ON WHERE INFORMATION IS STORED. ONCE
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&att… 5/70
THE URL IS CAPTURED THE HACKER CAN CHANGE ITS PARAMETER TO
VIEW LOCAL RESOURCES. IF THE HACKER CAN MANEUVER THROUGH THE
DESTINATION OF THE SERVER, THE HACKER CAN THEN BYPASS
AUTHENTICATION SERVICES THAT IS ONLY AVAILABLE TO A HIGHER
HIERARCHY. THIS ENABLES THE HACKER TO CAPTURE THE LOCAL IP
ADDRESS AND SERVICES CONNECTED TO THAT SERVER. TO SIMPLY
UNDERSTAND CAPITAL ONE ATTACK, WE CAN SPECULATE THAT PAIGE HAD
TO HAVE AN ACCOUNT OR STOLEN A SESSION TO GET IN CAPITALS ONE
WEB APPLICATION. SINCE PAIGE WORKED FOR AWS S3, SHE UNDERSTOOD
THE SEQUENCE OF THE PARAMETERS WHICH ALLOWED PAIGE TO UTILIZE
A MALICIOUS SOFTWARE AND IDENTIFY FIREWALLS THAT WERE
VULNERABLE TO OUTSIDE CONFIRMING THE THAT ABILITY IN CAPITAL
ONES FIREWALL, PAIGE WAS THEN ABLE TO STEAL 100 MILLION
CUSTOMERS INFORMATION AND CREDIT CARD APPLICATIONS. These
applications had applications' socials, phone shoulders, and asses. As a result of customers'
1 ACTIONS, CAPITAL ONE HAD TO REACH AND PROVIDE ALL THEIR
COSTUMES WHOSE IDENTIFICATION WAS HACKED AND STOLEN WITH
FREE CREDIT MONITORING. ADDITIONALLY, CAPITALS ONE'S SHARES
WENT DOWN BY 5.9%. SINCE AWS HOLDS CAPITALS ONES WEB
APPLICATION IN THEIR CLOUD SERVICE, IT ALSO AFFECTED THEIR
REPUTATION AND TRUST QUESTIONED. IS LOGIC FOR AWS TO BLAME
SINCE CAPITAL ONE DEPENDED ON THE AMAZON CLOUD SECURITY TEAM
TO PROTECT AGAINST SERVER-SIDE REQUEST FORGERY? HOWEVER,
CAPITAL ONE AND AMAZON STRESS THAT THIS VULNERABILITY WAS DUE
TO AN OPEN DOOR IN THEIR FIREWALL. ALTHOUGH THERE IS NOT
ENOUGH EVIDENCE THAT IT IS AN INSIDER ATTACK, THE BACKGROUND OF
THE INDIVIDUAL'S EMPLOYMENT POINTS TO THE MATTER. AN INSIDER
THREAT IS DEFINED AS A CURRENT OR FORMER EMPLOYEE OF AN
ORGANIZATION, ESPECIALLY SOMEONE WHO HAD ACCESS TO IT SYSTEMS.
ALTHOUGH THIS CASE WAS FROM AN EXTERNAL THREAT, THE THREAT
WAS A FORMER EMPLOYEE OF ASW, MAKING IT AN INSIDER THREAT.
SUCH KNOWLEDGE OF THE INFORMATION ENABLES THE KNOWLEDGE OF
WHERE TO TARGET THE ATTACK. AWS SHOULD HAVE PERFORMED AN
ENTERPRISE VULNERABILITY RISK ASSESSMENT OF ALL CRITICAL DATA.
THE VULNERABILITY RISK ASSESSMENT WOULD LEAD TO KNOWING
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&att… 6/70
WHAT INFORMATION IS BEING HELD AND ITS PRIORITY. ANOTHER
PREVENTION OF INSIDER THREATS IS TO HAVE A STRONG ACCOUNT
MANAGEMENT POLICY, SUCH AS DELETING PREVIOUS ADMINISTRATORS
OR USERS' accounts. It's evident that Paige had good knowledge of the misconfiguration
server; 1 THEREFORE, PAIGE WAS ABLE TO MANIPULATE THE WEB
APPLICATIONS URL AND GAIN ACCESS TO THE S3 BUCKET. CROSS-SITE
FORGERY HAPPENED BECAUSE AWS'S WEB APPLICATION FIREWALL (WAF)
WAS NOT PROPERLY CONFIGURED; hence, Paige discovered and bypassed the firewall
to get into the S3 bucket. 1 WAF ENABLES THE PROTECTION OF WEB
APPLICATIONS BY MONITORING AND FILTERING HTTP TRAFFIC BETWEEN
THE INTERNET AND WEB APPLICATIONS; this is also known as a reverse proxy. 1
WAF IS CRUCIAL IN CLOUD SERVICES. THIS RESERVE PROXY SITS IN
FRONT OF THE APPLICATION AND IS A BRIDGE BETWEEN THE ACTUAL
SERVER AND THE USER; WAF MAKES IT HARDER FOR HACKERS TO
PINPOINT THE SERVER AND RUN A COMMAND. In cloud services,
users/applications request services from a location to other locations. WAF is designed to
analyze its HTTP/S request; 1 SUCH MODE WOULD TYPICALLY ACKNOWLEDGE
IF REMOTE SERVICES ARE BEING FETCHED OR IMPORT DATA FROM A URL.
WAF WAS ESSENTIAL IN PROTECTING CAPITALS ONE ASSET, AND IF
CONFIGURED CORRECTLY, THIS WOULD HAVE PREVENTED PAIGE FROM
EXECUTING A SOFTWARE TOOL AND DISALLOWING DATA DOWNLOADING.
PLACING SECURITY MEASUREMENTS THROUGH POLICIES AND
FIREWALLS ARE EVIDENCE OF THE STRONG DEFENSE. However, it is also
important to test its security posture. 1 ONE WAY IS TO CONDUCT A PENETRATION
TEST. A PENETRATION TEST WOULD ANALYZE SEVERAL SYSTEMS OF THE
ORGANIZATION'S IT INFRASTRUCTURE AND ITS TRUE DEFENSE
MECHANISM. THIS TEST CAN IMMEDIATELY ASSESS THE SECURITY AND
VULNERABILITY OF A BUSINESS IT INFRASTRUCTURE. DURING A PEN
TEST, KNOWLEDGE OF THE ORGANIZATION'S SYSTEM IS GATHERED, AND A
SECURITY TEAM WOULD USE SEVERAL TOOLS/SOFTWARE TO TARGET THE
DEFENSE OF THE SYSTEMS. THESE TOOLS ALLOW THE SECURITY TEAM TO
FIND FLAWS IN THE WAF'S SECURITY POLICIES, PATCH, AND DETECT
VULNERABILITIES. A PEN TEST COULD BENEFIT FROM ANALYZING AWS
WAF DEFENSE AND COULD HAVE DISCOVERED FLAWS IN THE
APPLICATION; a pen test could have prevented this attack, (Paxton, 2016) Security and
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&att… 7/70
Integrity in Cloud Computing Capital one bank has benefitted from the clouding computing
process; this is through efficiency and effectiveness gaining. This is because the bank can store
and access all the necessary information for the company.
It can retrieve the data in the time of need. Data about financial services are critical, and they
must be stored critically and systematically to avoid such information landing in the wrong
hands. 4 THE EMPLOYEES AND THE USERS AT LARGE NEED TO GENERATE
AND CREATE PRIVATE KEYS AND PUBLIC ONES TO ASSIST THE COMPANY IN
DOING CLOUD COMPUTING ACTIVITIES. It is essential that the data is encrypted and
converted to a decrypted form when the data needs retrieval. 4 THESE TWO
PROCESSES ARE ESSENTIAL WHILE ENSURING DATA IS SECURED AND THE
INFORMATION DURING THE CLOUD COMPUTING. It is important because if any
unauthorized person or the system, it might hinder the process of ensuring data privacy.
When the data has been transformed into a ciphertext form, it is tough for one to convert it
back to a form that can be hacked or used by authorized personnel.
The maintenance of the benefits of security control and developing the security of data has
been a strain for a long time as there is no well down laid procedure on how to do the two
concurrently. There is a need to ensure the balance between the two. It is essential in all
sectors dealing with data within the organization as the two are very beneficial at once. The
common challenge that has been happening in all organizations is the issue of data risk,
especially companies such as the capital bank that uses cloud computing and, therefore, a
need to look for ways on how to address the issue as well as mitigation measures of the same.
Thus, there must be a call for data management so that the cloud computing process can be
successful. For such cases, the cloud service provider takes the role of organizing and
management of the organization.
The threats and risks that are associated with cloud computing expose the whole company to
data lifecycle threats. The issue of insecurity about cloud computing is a whole process that
starts right from the production of data to data dumping. Understanding the lifecycle of data
procedure is vital so that the threats associated with the process can be managed. Such a
process involves understanding the data segments as this is the most critical part, and all the
stakeholders of the company should be aware and keen about it. These are in terms of policy,
laws, and regulation of the generation of data used. The data collection process, on its own, it
contains some risks, and this is necessary for the provisioning of the owner with the
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&att… 8/70
information that is stored in the cloud models. The data must be migrated into the form of
models with information that is identifiable by a person only who has the capacity and the
authority to do so.
All the collected data must be categorized in an organization so that the allocation of resources
is based on the priority and tool used for security purposes. It is also essential to ensure that
all the sensory systems are in line with the standards required by the security standards. The
data quality varies as the data is collected from different sources, and the standards of these
sources are different. This is to avoid the vulnerability of data that may happen if the
standards are not followed to the latter. The data security process starts right at the phase of
collection. This is where the data collected needs to be accurate and trusted.
Cloud computing is defined as a modern technology that is very real, and it has been adopted
worldwide by so many financial and other sectors of the economy. It has been beneficial in the
enhancement of data privacy and security. It classifies the usage of a service provider
according to the organization's designs and implementation by the name justice interface. 4
CONSEQUENTLY, CLOUD COMPUTING SUGGESTS RELYING ON ANOTHER
ORGANIZATION, A THIRD-PARTY ORGANIZATION THAT OFFERS IT
SERVICES THAT INCLUDE BOTH SOFTWARE AND HARDWARE
CONFIGURATIONS. Henceforth, security risk means that data is stolen as well as the
sources of data information.
4 ONE OF THE RISKS WHICH ARE ASSOCIATED WITH CLOUD COMPUTING
IS INFORMATION RESOURCES LOSS. This is through a breaching activity. It involves
accessing both information, which is individual or for an organization by an unauthorized
person. It is mostly done by hackers who sometimes go the extra mile to delete the account
and destroy the stored information. This happens due to information leakage about the
account's password, amongst other critical information that may lead to hackers accessing the
information.
4 CLOUD COMPUTING HAS GOT ANOTHER RISK ASSOCIATED WITH IT, AND
IT IS THEFT OF ACCOUNTING AND TRAFFICKING. Through this, the hacker gets a
position to access the accounts information, which is very critical, and this information that is
got is used to destroy and damage the information. The company must have a robust system
so that it can avoid data breaches by hackers. Secondly, the user and the people involved
should, at no point, expose the critical information to strangers who might use the account
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&att… 9/70
without the users' consent and knowledge. Traffic theft has been one of the most challenging
issues that are trending nowadays. The use of free WIFI has been used by many hackers to
access information, which is critical as the user is supposed to log in using a password. It is
essential to restrain from using WIFI from all corners, especially those that are not protected,
to ensure that the data in the portable devices will be safe. It will be used for only the intended
purposes.
Another risk that happens due to the cloud computing process happens due to betrayal from
either the stakeholders or the company's bosses. Not all employees have an excellent intention
about the company, and they expose the information. In the process, the information may get
to a person who may have ill intentions for the company. The people entrusted with the
company's credentials and critical information like logins and passwords should be
trustworthy to ensure that they are safe and secure. With all this information, the person can
do anything and manipulate the company the way he feels.
The operating system of the cloud computing process should not be in contact with malicious
Software and viruses. When this happens, the intruder, in most cases, demands some cash so
that they can open the account for the owners of the company. This means that the company
will undergo some losses to give the hijacker some amount of money. This is evidenced when
the user either knowingly or unknowingly downloads or uploads the attachments through the
email with this malware. The data devices are supposed to have a malware detective software's
in the gadgets to avoid any loss that may arise from this process. When all this is done, the
risks associated with the information stored in the cloud servers will be very safe and secure.
On the other hand, the cloud servers should not serve multiple users, as this has shown very
much increased technological threats as a result of this. 4 THE CLOUD SERVER HOSTS
ALSO SHOULD NOT SERVE DIFFERENT CLOUD COMPUTING PURPOSES.
THIS IS BECAUSE THE RISK ASSOCIATED WITH THIS SHARING OF
TECHNOLOGY IS USEFUL IN ALL MODELS AND STAGES IN THE PROCESS OF
CLOUD COMPUTING. THE CLOUD SERVICE PROVIDER HAS THE MANDATE
TO ENSURE ALL THE PROCESSES OF DATA PROCESSING, PROGRAMMING OF
SECURITY, CONTROL ISSUES, AND ACTIVITIES TO ENHANCE THE
NETWORK. The risk that is associated with technology in terms of data uploading can be
classified. 4 THUS, THE RISK OF SHARED TECHNOLOGY REQUIRES THE
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 10/70
DATA UPLOADED TO BE CLASSIFIED AND SHREDDED DURING BEING
UPLOADED AND HASHED AS IT IS BEING UPLOADED.
Lack of control is another threat that happens during the cloud computing processes. This is
because the service's maintenance is not done locally; instead, a third party person can
maintain the system. 4 THE ORGANIZATION HAS NO CONTROL OVER THE
FEATURES THAT IT NEEDS TO USE BUT IS DETERMINED FROM
ELSEWHERE. The features are costly for them to be bought by the vendor and are subject
to change. Their functionality cannot be predicted that can be applied in the businesses due to
high prices, which at other times, it is usually double the regular price. When the payment is
not made, it becomes tough to either access or uses the stored data in these servers. Another
problem with this is that the feature is not used and allocated to only one user. This brings the
issue about the person who has the legal rights to own the data, this in most of the time,
brings challenges and misunderstandings.
Most of the time, the business vendor entrusts a person who is a stranger to do the payment
and the mailing who in most of the time, does not comply with the terms and conditions of
doing that. This poses threats to the business, as this might lead to the data being tampered
with.
The business entity might run into the loss if the vendor who is entrusted with critical
information gives it to someone else. One needs to look at the person's characters and learn
them well before entrusting them with critical information. The data also should be limited in
terms of what the vendor has in exposure to interact with.
5 INCIDENCE RESPONSE PLAN FOR CAPITAL ONE
3 THE INCIDENCE RESPONSE PLAN WILL ADDRESS THE AREAS THAT THE
COMPANY SHOULD FOCUS ON. IT INVOLVES PHASES. IN EVERY PHASE,
THERE ARE SPECIFIC AREAS THAT THE COMPANY SHOULD FOCUS ON. 6
THE PHASES INCLUDE PREPARATION, IDENTIFICATION CONTAINMENT,
ERADICATION RECOVERY, AND FINALLY, THE LESSON THAT HAS BEEN
LEARNED.
Preparation
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 11/70
3 THE PREPARATION PHASE IS THE WORKHORSE OF THE IRP. TO
ENHANCE PREPARATION, THE COMPANY SHOULD MAKE SURE THAT ALL
THE EMPLOYEES ARE WELL TRAINED. THIS IS IN REGARDS TO THE ROLES
AND RESPONSIBILITIES IN CASE THERE IS A DATA BREACH. 5 IN THE
PREPARATION STAGE, THE COMPANY SHOULD DEVELOP DRILL SCENARIOS
FOR THE INCIDENCE RESPONSE AND CONDUCT MOCK BREACHES ON DATA
REGULARLY, EVALUATING THE IRP.
3 IT IS ALSO CRUCIAL TO MAKE SURE THAT ALL THE IRP ASPECTS HAVE
BEEN APPROVED AND HAVE BEEN FUNDED IN ADVANCE. THAT IS
TRAINING, THE EXECUTION, THE HARDWARE AS WELL AS THE
RESOURCES. ALL THE ROLES AND RESPONSIBILITIES SHOULD BE WELL
DOCUMENTED. TESTING IS ALSO ESSENTIAL SINCE IT ACTS AS INSURANCE
THAT THE EMPLOYEES WILL CARRY OUT THEIR TASKS AS THEY HAVE
BEEN TRAINED.
THIS SECTION WILL ALSO ENTAIL SOME QUESTIONS THAT THE COMPANY
NEEDS TO ADDRESS. THEY INCLUDE, HAS EVERY EMPLOYEE RECEIVED
TRAINING ON THE SECURITY POLICIES? HAVE ALL THE MEMBERS OF THE
INCIDENT RESPONSE TEAM PARTICIPATED IN THE MOCK DRILL?
ARE THE SECURITY POLICIES IN PLACE APPROVED?
IDENTIFICATION IN THIS SECTION, THE COMPANY CAN DETERMINE
WHETHER IT HAS BEEN BREACHED. IT SHOULD ALSO CONSIDER THAT THE
INCIDENT DOES ORIGINATE FROM VARIOUS AREAS. IN THIS SECTION,
SOME QUESTIONS NEED TO BE ADDRESSED. THIS INCLUDES, WHEN DID
THE HACKING TAKE PLACE? HOW WAS THE EVENT DISCOVERED? WHO
DISCOVERED THE HACKING? ARE THERE OTHER AREAS THAT HAVE BEEN
IMPACTED? ARE THERE AFFECTED OPERATIONS? 5 HA, THE POINT OF
ENTRY BE DISCOVERED? 3 WHAT THE SCOPE OF COMPROMISE?
CONTAINMENT WHEN THE BREACH OCCURRED, THE COMPANY MIGHT
HAVE DECIDED TO DELETE EVERYTHING. HOWEVER, THIS MIGHT HAVE
REPERCUSSIONS SHORTLY SINCE VALUABLE EVIDENCE WILL GET LOST,
WHICH MAY BE CRUCIAL IN DETERMINING WHEN THE BREACH
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 12/70
OCCURRED AND THE SIGNS THAT MAY LEAD TO UNDERSTANDING WHO
THE PERPETRATORS OF THE INCIDENT MIGHT BE AND WHAT MIGHT BE
LOST.
THE BEST THING TO DO IS MAKE SURE THAT ALL THE AFFECTED DEVICES
ARE DISCONNECTED FROM THE INTERNET. THE COMPANY NEEDS TO HAVE
LONG AND SHORT TERM STRATEGIES OF CONTAINMENT READY. THIS
CALLS FOR THE NEED TO HAVE A BACKUP SYSTEM THAT WILL HELP
RESTORE BUSINESS OPERATIONS. THIS IS AN EXCELLENT TIME TO MAKE
SURE THAT ALL; THE SYSTEMS HAVE BEEN UPDATED AND REVIEWED THE
PROTOCOLS OF REMOTE ACCESS. THIS ENTAILS THE USE OF MULTI-
FACTOR AUTHENTICATION AND HARDENING THE PASSWORDS, (JOUINI &
RABAI, 2019).
ERADICATION AFTER THE ISSUE AT HAND HAS BEEN CONTAINED, IT IS
NOW TIME TO FOCUS ON ERADICATING THE ROOT CAUSE OF THE
PROBLEM. THAT IS THE HACKING BREACH. IT MERELY MEANS THAT ANY
MALWARE IS SUPPOSED REMOVED, ALL THE SYSTEMS ARE HARDENED
AND PATCHED, AND ALL UPDATES ARE APPLIED. THIS PROCESS SHOULD
BE THOROUGH. THIS IS TO MAKE SURE THAT THERE ARE NO MALWARE
TRACES LEFT IN THE SYSTEM SINCE THEY MAY LEAD TO THE LOSS OF
MORE DATA, WHICH MAY LEAD TO AN INCREASE IN LIABILITY.
IN THIS SECTION, SOME QUESTIONS NEED TO BE ANSWERED. THEY
INCLUDE, CAN THE ENTIRE SYSTEM BE RE-IMAGED, IS THE ENTIRE
SYSTEM HARDENED AND PATCHED? ARE THERE UPDATES? HAVE ALL THE
MALWARE BEEN REMOVED? THESE QUESTIONS ARE ESSENTIAL IN THAT
THEY HELP IN ANALYZING THE EFFECTIVENESS OF THE INCIDENCE
RESPONSE TEAM.
RECOVERY IN THIS STAGE, CAPITAL ONE WILL BE EXPECTED TO RESTORE
ALL THE AFFECTED DEVICES AND SYSTEMS INTO THE BUSINESS
ENVIRONMENT. AT SUCH A TIME, IT IS CRUCIAL TO HAVE ALL THE
OPERATIONS OF THE SYSTEM AND THE BUSINESS UP AND RUNNING
WITHOUT ANY FEAR THAT THE BREACH MIGHT HAPPEN AGAIN.
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 13/70
REGARDLESS OF WHAT MIGHT HAPPEN, THE BUSINESS WILL ALWAYS GO
BACK TO ITS NORMAL OPERATIONS.
THERE ARE SEVERAL QUESTIONS THAT THE COMPANY SHOULD STRIVE TO
ANSWER. WHEN IS THE SYSTEM SUPPOSED TO RETURN TO REGULAR
PRODUCTION, ARE ALL SYSTEMS PATCHED, TESTED, AND HARDENED? IS
THERE A POSSIBILITY OF THE SYSTEMS BEING RESTORED FROM A
BACKUP? HOW LONG WILL THE PROCESS OF MONITORING TAKE? WHAT
TOOLS WILL BE USED IN CASE A SIMILAR ATTACK OCCURS AGAIN?
LESSONS LEARNED AFTER ALL THE INVESTIGATIONS ARE COMPLETE, IT
WILL BE CRUCIAL TO HAVE AN AFTER-ACTION MEETING WITH ALL THE
TEAM MEMBERS AND DISCUSS WHAT EACH OF THE TEAM MEMBERS HAS
LEARNED FROM THE BREACH. DURING THIS PERIOD, THAT ANALYSIS
TAKES PLACE, AND EVERYTHING RELATED TO THE BREACH IS
DOCUMENTED. IN THIS STAGE, THE FOCUS IS ON WHAT WENT ON WELL
AND THE LOOPHOLES THAT NEED TO BE ADDRESSED. THE LESSONS THAT
THE TEAM WILL HAVE LEARNED FROM THE REAL AND MOCK ACTIVITIES
WILL BE IMPORTANT IN PREVENTING ANY OTHER ATTACK THAT MAY
OCCUR SHORTLY.
DURING THE PERIOD OR REVIEWING THE LESSONS LEARNED, THE
INCIDENCE RESPONSE TEAM SHOULD ADDRESS SOME QUESTIONS. DO
THEY INCLUDE WHAT THE CHANGES THAT SHOULD BE MADE ON CAPITAL
ONE'S SECURITY ARE? How should the company train its employee differently? 3
WHAT ARE THE WEAKNESSES EXPLOITED BY JOHN'S SON'S ACTIVITIES?
5 DISASTER RECOVERY PLAN FOR CAPITAL ONE
3 DUE TO THE ADVANCEMENTS IN TECHNOLOGY, THE COMPANY COULD
NOT HAVE EVADED SUCH AN INCIDENT. HOWEVER, IF THE COMPANY HAD
A DISASTER RECOVERY PLAN, IT COULD HAVE MITIGATED THE INCIDENCE.
THE DRP FOR APPLE WILL INCLUDE THE CRITICAL IDENTIFICATION
PROCESSES OF THE BUSINESS, THE OBJECTIVES OF THE COMPANIES DRP,
ASSESSING THE RISKS, THE TECHNIQUES AND THE TOOLS TO BE USED,
DATA BACKUP, STRATEGIES FOR DATA RECOVERY, TRANSLATION OF THE
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 14/70
DRP STRATEGIES TO DRP, OFFSITE STORAGE LOCATION, TESTING, THE
PROCEDURE FOR EMERGENCY RESPONSE, COMMUNICATION PLAN, AND
THE EVALUATION OF THE PLAN.
ASSESSMENT OF CRITICAL APPLICATION AND ASSIGNING ROLES THE
FIRST THING TO DO IS TO MAKE SURE THAT ALL THE COMPANY'S CRITICAL
APPLICATIONS HAVE BEEN IDENTIFIED. IN THIS CASE, IT IS THE
COMPUTERS THAT DO HAVE THE INVENTORIES OF CAPITAL ONE. THE
COMPANY MOSTLY DEALS WITH FINANCIAL SERVICES. AFTER
IDENTIFYING THE CRITICAL APPLICATIONS, A TEAM THAT WILL DRIVE
THE ENTIRE PROCESS OF DISASTER RECOVERY WILL BE FORMED. THE
WHOLE TEAM WILL INCLUDE THE CHAIRPERSON, THE TREASURER, THE
SECRETARY, AND THE FOUR MORE MEMBERS FROM THE COMPANY'S FOUR
DEPARTMENTS.
OBJECTIVES THE COMPANY'S ABILITY TO SUCCEED SOLELY DEPENDS ON
ITS ABILITY TO RISE AFTER THE 2019 CYBER-ATTACK THAT SAW THE LOSS
OF MORE THAN 100 MILLION. THE OVERALL OBJECTIVE OF THE DRP WILL
BE THE PREVENTION OF ANY OTHER ATTACK SHORTLY. THE MAIN FOCUS
WILL BE ON TIME BETWEEN AN INCIDENT AND THE TIME FOR RECOVERY.
THIS MEANS THAT THE MAIN FOCUS WILL BE ON CONSIDERING GETTING
BACK TO ITS OPERATIONS AS QUICKLY AS POSSIBLE.
ASSESSMENT OF THE RISKS THERE WAS A VERY HIGH PROBABILITY THAT
THE HACKING WOULD HAVE OCCURRED. THIS IS BECAUSE THOMPSON
WORKED IN A COMPANY THAT HAD SOME CONNECTION WITH CAPITAL
ONE. THE COMPANY ALSO LACKED SOME ESSENTIAL SECURITY
STRATEGIES THAT COULD HAVE ALLOWED THE EARLIER DETECTION OF
THE INCIDENT. THEY REALIZED AFTER SOME INFORMATION HAD BEEN
LEAKED ONLINE. ANOTHER FUNNY THING IS THAT THE ATTACK TOOK
TWO DAYS UNDETECTED. THIS ALSO MEANS THAT THE EMPLOYEES DID
NOT RECEIVE THE REQUIRED TRAINING, AND THE PASSWORD POLICY WAS
RELATIVELY WEAK, BUSINESS IMPACT ANALYSIS PERFORMING A BIA WILL
HELP THE COMPANY MEASURE THE IMPACT CAUSED BY THE DOWNTIME
ON THE AREAS AFFECTED. THE 2019 ATTACK WAS ONE OF THE MOST
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 15/70
SIGNIFICANT ATTACKS THAT LED TO MORE THAN 100 MILLION
PENETRATION. THIS WAS MAINLY AIDED BY USING A BIA QUESTIONNAIRE
TO ALL THE EMPLOYEES AND THE MANAGERS OF THE COMPANY.
THROUGH THE BIA QUESTIONNAIRE, IT WAS EVIDENT THAT THE
INFORMATION LEAKED TO THE PUBLIC WAS NOT USED TO CARRY OUT THE
ATTACK. IT WAS ALSO EVIDENT THAT MANY PERSONNEL DID NOT HAVE
THE REQUIRED TRAINING REGARDING DETECTING THE OCCURRENCE OF
ANY THREAT.
CAPITAL ONE'S RPO AND THE MAXIMUM TOLERABLE TIME THE RPO WILL
BE IMPORTANT IN THAT IT HELPED THE TEAM DEVELOP A TIME FRAME
THAT WOULD BE USED IN SOLVING ISSUES. THE AVERAGE RPO OF CAPITAL
ONE IS 3 HOURS. THE TIME IS DETERMINED AFTER CONSIDERING THE
TIME BETWEEN THE HACKING AND THE BACKING UP OF DATA THAT
MIGHT HAVE BEEN LOST.
MAXIMUM TOLERANCE REFERS TO THE MAXIMUM AMOUNT OF TIME
THAT CAPITAL ONE IS NOT OPERATING NORMALLY. TO COME UP WITH A
DEFINITE TIME OF MAXIMUM TOLERANCE, IT WILL HAVE TO SUM UP THE
RTO AND THE WRT. THE MAXIMUM TOLERABLE TIME FOR THE 2019
ATTACK IS 5 HOURS.
ASSESSMENT OF CURRENT DATA RECOVERY STRATEGIES THE PRIMARY
STRATEGY FOR DATA RECOVERY IS THROUGH THE CLOUD. THIS MEANS
THAT THE COMPANY'S STRATEGY IS NOT RIGHT SINCE IT LED TO THEFT
PROMOTION. THOMPSON WORKED IN THAT COMPANY. THE COMPANY
SHOULD CONSIDER HIRING ANOTHER COMPANY THAT CAN BE RELIED
UPON. IN COMING UP WITH A GOOD STRATEGY, THE COMPANY SHOULD
FOCUS ON HUMAN RESOURCES, PHYSICAL ACTIVITIES, TECHNOLOGY, AND
DATA.
TESTING OF THE THEORY THE COMPANIES MTD IS 5 HOURS, THE RTO OF
THE COMPANY IS 4 HOURS, AND THE RPO IS ONLY 3 HOURS. THIS IS
ENOUGH EVIDENCE THAT IF THERE IS AN ATTACK, THE COMPANY WILL
NOT HAVE TO SHUT FOR THE WHOLE DAY. THIS IS AN IMPORTANT ASPECT
WHICH SHOWS THAT THE BANK IS WELL PREPARED.
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 16/70
DATA BACK UP THIS IS THE MOST CRUCIAL ASPECT OF THE COMPANY.
DESPITE THE COMPANY BACKING UP THEIR DATA INTO THE CLOUD, IT
SHOULD ALSO CONSIDER GOING MANUAL. THE TWO SHOULD BE
PARALLEL TO EACH OTHER. THE COMPANY SHOULD ALSO CONSIDER
HAVING SEVERAL BACKS UP SITES. THIS WILL HELP IN MAKING SURE
THAT THE OPERATIONS OF THE COMPANY ARE NOT AFFECTED IN ANY
WAY.
OFFSITE STORAGE LOCATION THIS SIMPLY MEANS THAT ANY SERVERS
USED FOR BACKING UP, THE HARDWARE AND OTHER MATERIAL ARE
ESSENTIAL IN ALL THE COMPANY'S OPERATIONS. SUCH COMPONENTS
SHOULD BE STORED IN AN AREA THAT IS AWAY FROM THE PRINCIPAL
OFFICE OF THE COMPANY. THAT IS FAR ENOUGH IN SUCH A WAY THAT IT
CANNOT BE AFFECTED BY ANY EVENTUALITY. THE OFFSITE LOCATIONS
SHOULD BE WELL LOCATED SINCE THEY DO SERVE AS AN ALTERNATIVE TO
THE CENTRAL BANK, (ESPOSITO, ET AL, 017).
Communication plan and documentation The whole DRP will include all the employees and
the service providers. 5 THEY ARE CRUCIAL IN EXPEDITING THE RECOVERY
PROCESS AND ESTABLISHING THE ROLES THAT EACH INDIVIDUAL
SHOULD UNDERTAKE IN CASE A DISASTER OCCURS. 3 THE COMPANY
SHOULD BE ABLE TO COMMUNICATE THE OBJECTIVES OF THE DRP
EFFECTIVELY. THE DRP SHOULD BE WELL DOCUMENTED IN SUCH A WAY
THAT IT CANNOT BE TAMPERED WITH. 5 THE PROCESS OF
COMMUNICATION SHOULD BE SPEEDY SO THAT THE DAMAGE THAT HAS
BEEN CAUSED BY THE DISASTER CAN BE REDUCED WITH THE SHORTEST
TIME POSSIBLE.
3 PROCEDURE FOR EMERGENCY RESPONSE CAPITAL ONE'S PROCEDURE
WHEN RESPONDING TO AN EMERGENCY WILL BE OBVIOUS. THE FIRST
THING IS TO MAKE SURE THAT THE SYSTEM HAS BEEN REBOOTED IF THE
SYSTEM DOES NOT OPERATE IN THE RIGHT WAY. IN CASE THAT FAILS,
THEN THE FOLLOWING PROCEDURE WILL APPLY.
1. 3 NOTIFY THE MANAGER IN CHARGE OF INFORMATION TECHNOLOGY.
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 17/70
2. 3 THE MANAGER WILL THEN DELEGATE THE RESPONSIBILITIES OF
CHECKING THE SYSTEM TO THE IT EXPERTS WORKING UNDER HIM.
3. 3 THE IT EXPERTS WILL THEN LOOK AT THE NECESSARY COMPONENTS
SUCH AS INTERNET CONNECTION AND CHECK IF THE ETHANATE CABLES
ARE WELL CONNECTED.
4. 3 IF THE ISSUE IS INVOLVED, THEY MIGHT OPT TO USE TECHNOLOGY,
FOR INSTANCE, HACKING.
TESTING THE WHOLE PLAN TESTING THE TEAM WILL ENTAIL CONVENING
A MEETING OF ALL THE STAKEHOLDERS. THE TEAM WILL ENGAGE IN A
REVIEW OF ALL THE STEPS THAT HAVE BEEN CARRIED OUT. THAT IS FROM
THE PLANNING STAGE TO THE EVALUATION STAGE. 5 TESTING THE PLAN
IS CRUCIAL SINCE IT HELPS IDENTIFY THE AREAS THAT MAY NEED
IMPROVEMENTS TO HELP CURB THE OCCURRENCE OF SUCH AN EVENT
AGAIN.
3 EVALUATION AND DRP UPDATE THE TENETS OF EVALUATION WILL
INCLUDE HAVING A LOOK AT THE SUCCESSES AND FAILURES OF THE DRP.
5 THESE RECOMMENDATIONS SHOULD BE CONSIDERED, AS WELL AS THE
ENTIRE COST OF THE DISASTER RECOVERY PLAN. 3 EVALUATION MEANS
FOCUSING ON THE TECHNIQUES THAT UTILIZE THE LEAST AMOUNT OF
MONEY. THE EVALUATION WILL ALSO ENTAIL THE ROOTING OUT OF ANY
DEFECTIVE MEASURES. THE EVALUATION WILL ALSO ENTAIL MAKING
SURE THAT ALL THE COMPONENTS OF THE DRP ARE IN LINE WITH THE
OBJECTIVES AND THE STIPULATED TECHNOLOGY THAT THE COMPANY
USES, (BARONA & ANITA, 2017) THE DRP SHOULD BE UPDATED
REGULARLY. THIS IS BECAUSE TECHNOLOGY CHANGES AND THUS DOES
THE NEEDS OF THE COMPANY. ANOTHER REASON FOR MAKING SURE THAT
THE DRP IS UP TO DATE IS BECAUSE HACKERS WILL ALWAYS ADVANCE
THEIR STRATEGIES. THIS ALSO COMES IN AS A RECOMMENDATION TO
PREVENT FURTHER ATTACKS.
Conclusion In conclusion, cloud services are excellent; 1 HOWEVER, ITS DEFENSE
NEEDS TO BE GRATER AGAINST DAILY HACKERS. THE 2019 CAPITAL ONE
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 18/70
DATA BREACH TAUGHT US AND AN ESSENTIAL LESSON IN HAVING A
HEALTHY SECURITY POSTURE. IT WAS EVIDENT THAT THE HACKER KNEW
ITS VULNERABILITY AND TOOK ADVANTAGE OF ITS WEAKNESS TO HACK
INTO THE AWS CLOUD AND STEAL CLOSE TO 100 MILLION WORTH OF
CAPITAL ONES' client's information. 1 SUCH EFFORTS LED TO ANALYZE THE
CASE AND CAME TO ITS CONCLUSION THAT PAIGE THE HACKER WAS AN
INSIDER THREAT AND INDUCE SERVER-SIDE REQUEST FORGERY.
AMAZONS CLOUD SERVICES TEAM SHOULD HAVE IMPLEMENTED POLICIES
AND SOLUTIONS WITHIN THEIR IT DEPARTMENT. A SCRUB IN DELETING
USERS AND ADMINISTRATOR ACCOUNTS WHILE IMPLEMENTING A RISK TO
ANALYZE CAPITAL ONES SYSTEMS' priority. 1 DUE TO ITS MISCONFIGURED
WAF SYSTEMS, PAIGE UTILIZED MALICIOUS SOFTWARE TO SCAN
FIREWALLS. Such efforts lead Paige to conduct a Server-Side Request Forgery. 1 THIS
BREACH ENABLED PAIGE TO DOWNLOAD DATA FOR THE AWS S3 SERVER.
TO PREVENT A SERVER-SIDE REQUEST FORGERY, A SECURITY TEAM
NEEDS TO CONFIGURE THE WAF CORRECTLY; THUS, CONFIGURATION
PREVENTS HACKERS FROM EXECUTING MALICIOUS SOFTWARE AND
DOWNLOADING MASSIVE AMOUNTS OF DATA. LASTLY, A PENETRATION
TEST NEEDED TO BE ADMINISTERED TO FIND FLAWS IN AWS'S SECURITY
POSTURE. EVENTUALLY, THE HACKER COULD HAVE BEEN STOPPED IF THE
AWS SECURITY TEAM IMPLEMENTED SECURITY MEASUREMENTS.
References
7 BARONA, R., & ANITA, E. M. (2017, April). 7 A SURVEY ON DATA BREACH
CHALLENGES IN CLOUD COMPUTING SECURITY: 8 ISSUES AND THREATS.
7 IN 2017 INTERNATIONAL CONFERENCE ON CIRCUIT, POWER AND
COMPUTING TECHNOLOGIES (ICCPCT) (PP. 1-8). IEEE.
Esposito, C., Castiglione, A., Pop, F., & Choo, K. K. R. (2017). 4 CHALLENGES OF
CONNECTING EDGE AND CLOUD COMPUTING: A security and forensic perspective.
IEEE Cloud Computing, 4(2), 13-17.
Jouini, M., & Rabai, L. B. A. (2019). A security framework for secure cloud computing
environments. 9 IN CLOUD SECURITY: 4 CONCEPTS, METHODOLOGIES,
TOOLS, AND APPLICATIONS (PP. 249-263). IGI Global.
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 19/70
Mishra, N., Sharma, T. K., Sharma, V., & Vimal, V. (2018). 4 SECURE FRAMEWORK
FOR DATA SECURITY IN CLOUD COMPUTING. In Soft Computing: Theories and
Applications (pp. 61-71). Springer, Singapore.
Paxton, N. C. (2016, November). Cloud security: a review of current issues and proposed
solutions. 10 IN 2016 IEEE 2ND INTERNATIONAL CONFERENCE ON
COLLABORATION AND INTERNET COMPUTING (CIC) (PP. 452-455). IEEE.
Sharma, P. K., Kaushik, P. S., Agarwal, P., Jain, P., Agarwal, S., & Dixit, K. (2017, October). 4
ISSUES AND CHALLENGES OF DATA SECURITY IN A CLOUD COMPUTING
ENVIRONMENT. 11 IN 2017 IEEE 8TH ANNUAL UBIQUITOUS COMPUTING,
ELECTRONICS AND MOBILE COMMUNICATION CONFERENCE (UEMCON)
(PP. 560-566). IEEE.
Citations (11/11)
Matched Text
1 Another student's paper
2 https://f1tym1.com/2019/08/08/capital-one-breach-crime-board%E2%80%8A-%E2%80%8Acase-of- speculative-sleuthing/
3 Another student's paper
4 Another student's paper
5 Another student's paper
6 Another student's paper
7 Another student's paper
8 Another student's paper
9 https://www.imperva.com/learn/availability/disaster-recovery/
10 Another student's paper
11 Another student's paper
Suspected Entry: 99% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 20/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS PAPER IS INTENDED TO ANALYZE CAPITAL ONE'S BREACH OF 2019
Source - Another student's paper This paper is intended to analyze Capital One’s breach of 2019
Suspected Entry: 72% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE BREACH RESULTED IN THE THEFT OF 100 MILLION CUSTOMERS&APOS
Source - Another student's paper The breach resulted in the theft of 100 million customers information and credit card applications
Suspected Entry: 97% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS DOCUMENT IS INTENDED TO EXAMINE ITS UNDERLYING CAUSE THAT LED TO THE BREACH WHILE PRESENTING TECHNICAL SOLUTIONS/ PREVENTIONS TO PREVENT THIS INCIDENT FROM RE-OCCURRING
Source - Another student's paper This document is intended to examine its underlying cause that led to the breach, while presenting technical solutions/ preventions in order to prevent this incident from re-occurring
Suspected Entry: 87% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS UNDERLINING ISSUE WAS AN EXAMPLE OF AN INSIDER THREAT AND MISCONFIGURED WEB APPLICATION IN THE FIREWALLS
Source - Another student's paper These underlining issues was an example of an Insider threat and misconfigured web application in the firewalls
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SUCH MISCONFIGURATIONS LED TO AN ATTACKED CALLED A SERVER-SIDE REQUEST FORGERY (SSRF)
Source - Another student's paper Such misconfigurations led to an attacked called a Server-Side Request Forgery (SSRF)
Suspected Entry: 100% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 21/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
TO CONCLUDE THE INTEGRITY OF THE SYSTEMS, A PENETRATION TEST COULD CATCH SEVERAL MISCONFIGURATION FLAWS
Source - Another student's paper To conclude the integrity of the systems, a penetration test could catch several misconfiguration flaws
Suspected Entry: 85% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
HAVING VIRTUAL SERVICES IS BECOMING MORE COMMON AMONG COMPANIES
Source - Another student's paper Having virtual services is becoming more common amongst companies
Suspected Entry: 92% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SERVICES LIKE THE CLOUD HELP COMPANIES RUN VARIOUS WORKLOADS THROUGH THE INTERNET INSTEAD OF A HOST'S PHYSICAL COMPUTER SOFTWARE
Source - Another student's paper Services like the cloud help companies run various workloads through the internet instead of a physical computer software host
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
LARGE COMPANIES RENT CLOUD SERVICES FOR THEIR VIRTUAL INFRASTRUCTURE AND (OR) DATA CENTERS
Source - Another student's paper Large companies rent cloud services for their virtual infrastructure and (or) data centers
Suspected Entry: 72% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IT IS COST-EFFECTIVE SINCE ITS RENTED STORAGE SYSTEMS CAN EASILY BE UPGRADED, MOBILE, AND ALWAYS UP AND RUNNING
Source - Another student's paper By doing so, companies eliminate physical Information Technology (IT) systems maintenance, it is cost effective since its rented storage, systems can easily be upgraded, its mobile and is always up and running (Inroviz, 2018)
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 22/70
Suspected Entry: 93% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THESE SERVICES CAN BE RUNNING AN APPLICATION, ACCESSING DATA, OR RUNNING A VIRTUAL INFRASTRUCTURE
Source - Another student's paper These services can be in forms of running an application, accessing data, or running a virtual infrastructure
Suspected Entry: 94% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THERE ARE THREE TYPES OF CLOUD SERVICES, SOFTWARE AS A SERVICE (SAAS), PLATFORMS AS A SERVICE (PAAS), AND INFRASTRUCTURE AS A SERVICE (IAAS)
Source - Another student's paper There are three types of cloud services, Software as a Service (SaaS), Platforms as a Service (PaaS) and Infrastructure as a Service (IaaS) (Hardwood, M
Suspected Entry: 92% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THESE SERVICES ARE GENERALLY WELL PROTECTED IN TERMS OF THEIR SECURITY POSTURE
Source - Another student's paper These services are generally well protected in terms of its security posture
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ITS SECURITY CONSISTS OF SETTING POLICIES, CONTROLS, PROCEDURES, AND HANDLING INFORMATION FROM THE OWNER
Source - Another student's paper Its security consists of setting policies, controls, procedures, and the handling of information from the owner
Suspected Entry: 94% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ALTHOUGH SECURITY CAN BE EASILY ACHIEVABLE AND PROMISED BY CLOUD PROVIDERS, SEVERAL FLAWS CAN OCCUR IF IT IS NOT WELL SECURED
Source - Another student's paper Although security can be easily achievable and promised by cloud providers, there are several flaws that can occur if is not well secured
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 23/70
Suspected Entry: 98% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE CAPITAL ONE BREACH OF 2019 IS AN EXAMPLE WHERE CLOUD SERVICES LACKED SECURITY
Source - Another student's paper The Capital One breach of 2019 is an example where cloud services lacked in security
Suspected Entry: 68% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE CAPITAL ONE BREACH OF 2019 WAS A SIGNIFICANT CASE
Source - Another student's paper The Capital One breach of 2019 was a significant case, it outlines several weaknesses in cloud security
Suspected Entry: 64% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IT OUTLINES SEVERAL WEAKNESSES IN CLOUD SECURITY
Source - Another student's paper The Capital One breach of 2019 was a significant case, it outlines several weaknesses in cloud security
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
AMAZON WEB SERVICES (AWS) HOSTS CLOUD SERVICES FOR CAPITAL ONE'S FINANCIAL INSTITUTION
Source - Another student's paper Amazon Web Services (AWS) hosts cloud services for Capital One’s financial institution
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
CAPITAL ONE UTILIZES AWS AS A WAY OF REDUCING THE DATA CENTER AND INFRASTRUCTURE FOOTPRINT
Source - Another student's paper Capital One utilizes AWS as a way of reducing data center and infrastructure footprint
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 24/70
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
AWS RUNS CAPITA ONES ARTIFICIAL INTELLIGENT (AI) MACHINES
Source - Another student's paper AWS runs Capita Ones Artificial Intelligent (AI) machines
Suspected Entry: 84% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
AWS CLOUD SERVICES ARE MAGNIFICENT IN THE UP KEEPING OF CAPITAL ONE RESOURCES
Source - Another student's paper AWS cloud services are magnificent in the upkeeping of Capital One resources
Suspected Entry: 88% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SINCE AMAZON HOSTS CAPITAL ONE'S SERVICES, ITS UNDERLINING SEQUENCE OF THE BREACH REVOLVES AROUND AMAZON'S SECURITY TEAM
Source - Another student's paper Since Amazon hosts Capital Ones services, their underlining sequence of the breach revolves around amazon’s security team
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS INCIDENT WAS ACCOMPLISHED BY AN INDIVIDUAL NAME PAIGE A THOMPSON, AND THE HACKER WAS AN EX-WORKER/ENGINEER FOR AWS
Source - Another student's paper This incident was accomplished by an individual name Paige A Thompson, the hacker was an ex- worker/engineer for AWS
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
DURING PAIGE'S EMPLOYMENT AT AWS, HE HAD DISCOVERED ONE OF CAPITALS ONE'S VULNERABILITY
Source - Another student's paper During Paige’s employment at AWS, he had discovered one Capitals One’s vulnerability
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 25/70
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
BEFORE THE HACK, PAIGE BUILT A TOOL THAT WOULD BE ABLE TO SCAN SERVER MISCONFIGURATIONS
Source - Another student's paper Before the hack, Paige built a tool that would be able to scan server misconfigurations
Suspected Entry: 90% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
PAIGE WAS ABLE TO UTILIZE THE MALICIOUS SOFTWARE FOR SCANNING SERVER MISCONFIGURATIONS, AND AS A RESULT, SEVERAL BACKDOOR FIREWALLS WERE OPENED
Source - Another student's paper Paige was able to utilize the malicious software to scan server misconfigurations and as a result, several backdoor firewalls were opened
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
AFTER DISCOVERING SEVERAL MISCONFIGURATIONS IN THE SERVER, HE WAS ABLE TO GAIN ACCESS (NEWMAN, L, 2019)
Source - Another student's paper After discovering several misconfigurations in the server, he was able to gain access (Newman, L, 2019)
Suspected Entry: 93% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS DOCUMENT IS INTENDED TO EXAMINE THE 2019 CAPITAL ONE CASE AND ITS UNDERLYING CAUSE THAT LED TO THE BREACH WHILE PRESENTING TECHNICAL PREVENTIONS THAT CAN PREVENT THIS INCIDENT FROM RE- OCCURRING
Source - Another student's paper This document is intended to examine the 2019 Capital One case, and its underlying cause that led to the breach, while presenting technical preventions that can aid in preventing this incident from re- occurring
Suspected Entry: 95% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
Source - Another student's paper
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 26/70
THE TWO UNDERLINING ISSUES OF THE BREACH WERE 1) INSIDER THREAT AND 2) MISCONFIGURED WEB APPLICATION FIREWALLS
The two underlining issues of the breach was 1) Insider threat and 2) misconfigured web application firewalls
Suspected Entry: 78% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SEVERAL SOLUTIONS CAN OFFER THE PREVENTION OF THESE VULNERABILITIES
Source - Another student's paper Prevention of these vulnerabilities can be offered by several solutions
Suspected Entry: 83% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS CAN BE DONE BY PLACING AND ENFORCING SEVERAL IT POLICIES THAT COULD HELP PREVENT INSIDER THREATS FROM GAINING ACCESS TO UNAUTHORIZED SYSTEMS
Source - Another student's paper The first solution is to minimize the risk of an insider threat, and this can be done by placing and enforcing several IT policies that could help prevent insider threats from gaining access to unauthorized systems
Suspected Entry: 78% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ANOTHER COURSE OF ACTION IS TO IMPLEMENTING AND CORRECT WEB APPLICATION FIREWALL CONFIGURATIONS
Source - Another student's paper Another course of actions is to Implementing and correct web application firewalls configurations
Suspected Entry: 83% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THESE CONFIGURATIONS CAN PREVENT SERVER-SIDE REQUEST FORGERY (SSRF), THE SAME ATTACK PERFORMED TOWARDS CAPITAL ONES
Source - Another student's paper These configurations can prevent Server-Side Request Forgery (SSRF), the same attack that was preformed towards Capital One’s
Suspected Entry: 93% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 27/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
INTEGRITY, A PENETRATION TEST COULD CATCH SEVERAL MISCONFIGURATION FLAWS WHILE ALLOWING THE SECURITY TEAM TO PATCH AND SECURE ALL OPEN DOORS
Source - Another student's paper To conclude the integrity of the systems, a penetration test could catch several misconfiguration flaws while allowing the security team to patch and secure all open doors
Suspected Entry: 75% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SUCH METHODS CAN PROTECT CAPITAL ONES&APOS
Source - Another student's paper Such methods can protect Capital Ones valuable systems
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE 2019 CAPITAL ONE BREACH WAS CONSISTENT WITH AN INSIDER THREAT AND MISCONFIGURATIONS ON THE SERVER
Source - Another student's paper The 2019 Capital One breach was consistent with an insider threat and misconfigurations on the server
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE SEQUENCE OF EVENTS STARTED WITH THE INSIDER THREAT
Source - Another student's paper The sequence of events started with the insider threat
Suspected Entry: 72% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
PAIGE (HACKER) IS A SOFTWARE ENGINEER AND WORKED FOR AWS BACK IN 2016
Source - Another student's paper Paige (hacker) is a software engineer and worked for AWS in back in 2016, Paige worked for Amazon Simple Storage Service (S3)
Suspected Entry: 62% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 28/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
PAIGE WORKED FOR AMAZON SIMPLE STORAGE SERVICE (S3)
Source - Another student's paper Paige (hacker) is a software engineer and worked for AWS in back in 2016, Paige worked for Amazon Simple Storage Service (S3)
Suspected Entry: 94% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE S3 SERVICE IS A STORAGE CENTER WHERE COMPANIES STORE DATA, APPLICATIONS, AND SERVICES THAT CAN EASILY BE ACCESSIBLE BY THE OBJECT'S OWNER AND THOSE WHO ARE USING IT
Source - Another student's paper The S3 service is a storage center where companies store data, applications and services that can easily be accessible by the owner of the object and those who are using it
Suspected Entry: 77% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
S3 SERVICES HOST MILLIONS OF APPLICATIONS THAT ARE UTILIZED BY SEVERAL COMPANIES
Source - Another student's paper S3 services hosts millions of applications that are utilized by several companies (Amazon, n,d)
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
CAPITAL ONE STORED INFORMATION IN AMAZON S3 BUCKETS
Source - Another student's paper Capital One stored information in Amazon S3 buckets
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THESE BUCKETS ARE CONFIGURED BY A WEB APPLICATION FIREWALL (WAF)
Source - Another student's paper These buckets are configured by a Web Application Firewall (WAF)
Suspected Entry: 100% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 29/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE WAF IS AN APPLICATION FIREWALL FOR HTTP/S APPLICATIONS, AND ITS FIREWALL RULES ARE COMMONLY SET TO PREVENT ATTACKS SUCH AS SERVER-SIDE REQUEST FORGERY
Source - Another student's paper The WAF is an application firewall for HTTP/S applications and its firewall rules are commonly set to prevent attacks such as Server-Side Request Forgery
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SERVER-SIDE REQUEST FORGERY IS A TYPE OF ATTACK WHERE MALICIOUS SCRIPTS ARE INJECTED AND EXECUTED BY MANIPULATING THE URL
Source - Another student's paper Server-Side Request Forgery is a type of attack where malicious scripts are injected and executed by manipulating the URL
Suspected Entry: 90% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
BY BROWSING AN APPLICATION'S URL PATH, THE HACKER CAN EASILY UNDERSTAND THE SERVER'S LOGIC AND FUNCTIONALITY
Source - Another student's paper By browsing an application’s URL path, the hacker can easily understand the logic and functionality of the server
Suspected Entry: 85% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
AS A RESULT OF SERVER-SIDE REQUEST FORGERY, HACKERS CAN GAIN ACCESS TO INTERNAL SERVER FUNCTIONALITY
Source - Another student's paper As a result of Server-Side Request Forgery, hackers can gain access to an internal server functionality (Netsparker Security Team, 2019)
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE SEQUENCE OF THIS ATTACK STARTS BY SIMPLY UNDERESTIMATING A LINK
Source - Another student's paper The sequence of this attack starts by simply underestimating a link
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 30/70
Suspected Entry: 91% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
TO CONDUCT A SERVER-SIDE REQUEST FORGERY, THE HACKER MAY ALREADY HAVE ACCESS TO A WEB APPLICATION OR MIGHT HAVE GOTTEN ACCESS BY PERFORMING ANOTHER ATTACK
Source - Another student's paper In order to conduct a Server-Side Request Forgery, the hacker may already have access to a web application or might have gotten access by preforming another attack
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
A SERVER-SIDE REQUEST FORGERY STARS BY SCANNING AND BROWSING THROUGH SEVERAL OPTIONS WITHIN APPLICATIONS, WHILE DOING SO, THE HACKER CAN VIEW ITS DIRECT PATH WITHIN A LINK WHILE UNDERSTAND ITS DETAIL PATH TO THE SERVER
Source - Another student's paper A Server-Side Request Forgery stars by scanning and browsing through several options within applications, while doing so, the hacker can view its direct path within a link while understand its detail path to the server
Suspected Entry: 94% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
INSIDE AN APPLICATION, THERE ARE SEVERAL URL PATHS THAT LEADS TO OPTIONS THAT IS ONLY AVAILABLE TO THE USER, SUCH PATH/OPTIONS CAN BE PERCEIVED AS ROADS OF VALUABLE INFORMATION ON WHERE INFORMATION IS STORED
Source - Another student's paper Inside an application, there are several URL paths that leads to options that is onlyavailable to the user, such path/options can be perceived as roads of valuable information on where information is stored
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ONCE THE URL IS CAPTURED THE HACKER CAN CHANGE ITS PARAMETER TO VIEW LOCAL RESOURCES
Source - Another student's paper Once the URL is captured the hacker can change its parameter to view local resources
Suspected Entry: 100% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 31/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
IF THE HACKER CAN MANEUVER THROUGH THE DESTINATION OF THE SERVER, THE HACKER CAN THEN BYPASS AUTHENTICATION SERVICES THAT IS ONLY AVAILABLE TO A HIGHER HIERARCHY
Source - Another student's paper If the hacker can maneuver through the destination of the server, the hacker can then bypass authentication services that is only available to a higher hierarchy
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS ENABLES THE HACKER TO CAPTURE THE LOCAL IP ADDRESS AND SERVICES CONNECTED TO THAT SERVER
Source - Another student's paper This enables the hacker to capture the local IP address and services connected to that server
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
TO SIMPLY UNDERSTAND CAPITAL ONE ATTACK, WE CAN SPECULATE THAT PAIGE HAD TO HAVE AN ACCOUNT OR STOLEN A SESSION TO GET IN CAPITALS ONE WEB APPLICATION
Source - Another student's paper To simply understand Capital One Attack, we can speculate that Paige had to have an account or stolen a session to get in Capitals One web application
Suspected Entry: 71% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SINCE PAIGE WORKED FOR AWS S3, SHE UNDERSTOOD THE SEQUENCE OF THE PARAMETERS WHICH ALLOWED PAIGE TO UTILIZE A MALICIOUS SOFTWARE AND IDENTIFY FIREWALLS THAT WERE VULNERABLE TO OUTSIDE CONFIRMING THE THAT ABILITY IN CAPITAL ONES FIREWALL, PAIGE WAS THEN ABLE TO STEAL 100 MILLION CUSTOMERS INFORMATION AND CREDIT CARD APPLICATIONS
Source - Another student's paper Since Paige worked for AWS S3, she understood the sequence of the parameters which allowed Paige to utilize a malicious software and identify firewalls that were vulnerable to outside commands (Thorne, J 2019)
Suspected Entry: 88% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 32/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
ACTIONS, CAPITAL ONE HAD TO REACH AND PROVIDE ALL THEIR COSTUMES WHOSE IDENTIFICATION WAS HACKED AND STOLEN WITH FREE CREDIT MONITORING
Source - Another student's paper As a result of Paige’s actions, Capital One had to reach and provide all their costumes whose identification were hacked and stolen with free credit monitoring
Suspected Entry: 89% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ADDITIONALLY, CAPITALS ONE'S SHARES WENT DOWN BY 5.9%
Source - Another student's paper Additionally, Capitals One’s shares went down by 5.9% (Imbert, F
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SINCE AWS HOLDS CAPITALS ONES WEB APPLICATION IN THEIR CLOUD SERVICE, IT ALSO AFFECTED THEIR REPUTATION AND TRUST QUESTIONED
Source - Another student's paper Since AWS holds Capitals Ones web application in their cloud service, it also affected their reputation and trust questioned
Suspected Entry: 94% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IS LOGIC FOR AWS TO BLAME SINCE CAPITAL ONE DEPENDED ON THE AMAZON CLOUD SECURITY TEAM TO PROTECT AGAINST SERVER-SIDE REQUEST FORGERY
Source - Another student's paper Is logic for AWS to carry a part blame since Capital One depended on Amazon cloud security team to protect against server-side request forgery
Suspected Entry: 88% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
HOWEVER, CAPITAL ONE AND AMAZON STRESS THAT THIS VULNERABILITY WAS DUE TO AN OPEN DOOR IN THEIR FIREWALL
Source - Another student's paper However, Capital One and Amazon stress that this vulnerability was due to an open door in their firewall (Hackett, R, 2019)
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 33/70
Suspected Entry: 97% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ALTHOUGH THERE IS NOT ENOUGH EVIDENCE THAT IT IS AN INSIDER ATTACK, THE BACKGROUND OF THE INDIVIDUAL'S EMPLOYMENT POINTS TO THE MATTER
Source - Another student's paper Although there is not enough evidence that it is an insider attack, however, the background of the individual’s employment points to the matter
Suspected Entry: 82% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
AN INSIDER THREAT IS DEFINED AS A CURRENT OR FORMER EMPLOYEE OF AN ORGANIZATION, ESPECIALLY SOMEONE WHO HAD ACCESS TO IT SYSTEMS
Source - Another student's paper An insider thereat is defined as someone who is a current or former employee of an organization, specially someone who had access to IT systems
Suspected Entry: 90% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ALTHOUGH THIS CASE WAS FROM AN EXTERNAL THREAT, THE THREAT WAS A FORMER EMPLOYEE OF ASW, MAKING IT AN INSIDER THREAT
Source - Another student's paper Although this case was from an external threat, the threat was a former employed of ASW, thus making it an insider threat
Suspected Entry: 87% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SUCH KNOWLEDGE OF THE INFORMATION ENABLES THE KNOWLEDGE OF WHERE TO TARGET THE ATTACK
Source - Another student's paper Such knowledge of the information enables the knowing of where to target the attack
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
AWS SHOULD HAVE PERFORMED AN ENTERPRISE VULNERABILITY RISK
Source - Another student's paper AWS should of have performed an enterprise vulnerability risk assessment of all critical data
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 34/70
ASSESSMENT OF ALL CRITICAL DATA
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE VULNERABILITY RISK ASSESSMENT WOULD LEAD TO KNOWING WHAT INFORMATION IS BEING HELD AND ITS PRIORITY
Source - Another student's paper The vulnerability risk assessment would lead to knowing what information is being held and its priority
Suspected Entry: 83% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ANOTHER PREVENTION OF INSIDER THREATS IS TO HAVE A STRONG ACCOUNT MANAGEMENT POLICY, SUCH AS DELETING PREVIOUS ADMINISTRATORS OR USERS&APOS
Source - Another student's paper Another prevention towards insider threats, is to have a strong account management policy, such as deleting previous administrators or users accounts (Netwrix Corporation, 2020)
Suspected Entry: 76% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THEREFORE, PAIGE WAS ABLE TO MANIPULATE THE WEB APPLICATIONS URL AND GAIN ACCESS TO THE S3 BUCKET
Source - Another student's paper Its evident that Paige had good knowledge of the misconfiguration server, therefore, Paige was able to manipulate the web applications URL and gain access to the S3 bucket
Suspected Entry: 71% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
CROSS-SITE FORGERY HAPPENED BECAUSE AWS'S WEB APPLICATION FIREWALL (WAF) WAS NOT PROPERLY CONFIGURED
Source - Another student's paper Cross-site forgery happened because AWS’s Web Application Firewall (WAF) was not properly configured, hence Paige was able to discover and bypass the firewall to get into the S3 bucket
Suspected Entry: 84% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
Source - Another student's paper
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 35/70
WAF ENABLES THE PROTECTION OF WEB APPLICATIONS BY MONITORING AND FILTERING HTTP TRAFFIC BETWEEN THE INTERNET AND WEB APPLICATIONS
WAF enables the protection of web applications by monitoring and filtering HTTP traffic between the internet and web applications, this is also known as a reverse proxy
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
WAF IS CRUCIAL IN CLOUD SERVICES
Source - Another student's paper WAF is crucial in cloud services
Suspected Entry: 70% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS RESERVE PROXY SITS IN FRONT OF THE APPLICATION AND IS A BRIDGE BETWEEN THE ACTUAL SERVER AND THE USER
Source - Another student's paper This reserve proxy sits in front of the application and is a bridge between the actual server and the user, WAF makes it harder for hackers to pinpoint the server and be able to run a command
Suspected Entry: 62% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
WAF MAKES IT HARDER FOR HACKERS TO PINPOINT THE SERVER AND RUN A COMMAND
Source - Another student's paper This reserve proxy sits in front of the application and is a bridge between the actual server and the user, WAF makes it harder for hackers to pinpoint the server and be able to run a command
Suspected Entry: 64% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SUCH MODE WOULD TYPICALLY ACKNOWLEDGE IF REMOTE SERVICES ARE BEING FETCHED OR IMPORT DATA FROM A URL
Source - Another student's paper In cloud services, users/applications requests services from a location to other locations, WAF is designed to analyze its HTTP/S request, such mode would typically acknowledge if remote services are being fetched, or import data from a URL (Morgenroth, S 2018)
Suspected Entry: 94% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 36/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
WAF WAS ESSENTIAL IN PROTECTING CAPITALS ONE ASSET, AND IF CONFIGURED CORRECTLY, THIS WOULD HAVE PREVENTED PAIGE FROM EXECUTING A SOFTWARE TOOL AND DISALLOWING DATA DOWNLOADING
Source - Another student's paper WAF was essential in protecting Capitals One assets, if configured correctly, this would have prevented Paige from executing a software tool, and disallowing data downloading
Suspected Entry: 74% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
PLACING SECURITY MEASUREMENTS THROUGH POLICIES AND FIREWALLS ARE EVIDENCE OF THE STRONG DEFENSE
Source - Another student's paper Placing security measurements through policies, and firewalls are evidence of strong defense, however, it is also important to test its security posture
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ONE WAY IS TO CONDUCT A PENETRATION TEST
Source - Another student's paper One way is to conduct a penetration test
Suspected Entry: 91% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
A PENETRATION TEST WOULD ANALYZE SEVERAL SYSTEMS OF THE ORGANIZATION'S IT INFRASTRUCTURE AND ITS TRUE DEFENSE MECHANISM
Source - Another student's paper A Penetration test would analyze several systems of the organizations IT infrastructure and its true defense mechanism
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS TEST CAN IMMEDIATELY ASSESS THE SECURITY AND VULNERABILITY OF A BUSINESS IT INFRASTRUCTURE
Source - Another student's paper This test can immediately assess the security and vulnerability of a business IT infrastructure
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 37/70
Suspected Entry: 93% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
DURING A PEN TEST, KNOWLEDGE OF THE ORGANIZATION'S SYSTEM IS GATHERED, AND A SECURITY TEAM WOULD USE SEVERAL TOOLS/SOFTWARE TO TARGET THE DEFENSE OF THE SYSTEMS
Source - Another student's paper During a pen test, knowledge of the organizations system is gathered, and a security team would use several tools/software to target the defense of the systems
Suspected Entry: 92% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THESE TOOLS ALLOW THE SECURITY TEAM TO FIND FLAWS IN THE WAF'S SECURITY POLICIES, PATCH, AND DETECT VULNERABILITIES
Source - Another student's paper These tools allow the security team to find flaws in the WAF’s security policies, patch and detect vulnerabilities (Imperva, 2020)
Suspected Entry: 78% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
A PEN TEST COULD BENEFIT FROM ANALYZING AWS WAF DEFENSE AND COULD HAVE DISCOVERED FLAWS IN THE APPLICATION
Source - Another student's paper A pen test could of benefit in analyzing AWS WAF defense and could have discovered flaws in the application, a pen test could of have prevented this attack
Suspected Entry: 77% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
HOWEVER, ITS DEFENSE NEEDS TO BE GRATER AGAINST DAILY HACKERS
Source - Another student's paper In conclusion, cloud services are great, however, its defense needs to be grater against daily hackers
Suspected Entry: 84% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE 2019 CAPITAL ONE DATA BREACH TAUGHT US AND AN ESSENTIAL LESSON IN HAVING A HEALTHY SECURITY POSTURE
Source - Another student's paper The 2019 Capital One data breach taught us and important lesson in having a strong security posture
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 38/70
Suspected Entry: 86% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IT WAS EVIDENT THAT THE HACKER KNEW ITS VULNERABILITY AND TOOK ADVANTAGE OF ITS WEAKNESS TO HACK INTO THE AWS CLOUD AND STEAL CLOSE TO 100 MILLION WORTH OF CAPITAL ONES&APOS
Source - Another student's paper Its was evident that the hacker had a knowledge of its vulnerability and took advantage of its weakness to hack into AWS cloud and steal close to 100 Million worth of Capital Ones client’s information
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SUCH EFFORTS LED TO ANALYZE THE CASE AND CAME TO ITS CONCLUSION THAT PAIGE THE HACKER WAS AN INSIDER THREAT AND INDUCE SERVER-SIDE REQUEST FORGERY
Source - Another student's paper Such efforts led to analyze the case and came to its conclusion that Paige the hacker was an insider threat and induce Server-Side Request Forgery
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
AMAZONS CLOUD SERVICES TEAM SHOULD HAVE IMPLEMENTED POLICIES AND SOLUTIONS WITHIN THEIR IT DEPARTMENT
Source - Another student's paper Amazons cloud services team should have implemented policies and solutions within their IT department
Suspected Entry: 91% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
A SCRUB IN DELETING USERS AND ADMINISTRATOR ACCOUNTS WHILE IMPLEMENTING A RISK TO ANALYZE CAPITAL ONES SYSTEMS&APOS
Source - Another student's paper A scrub in deleting users and administrator accounts, while implementing a risk to analyze the priority of Capital Ones systems
Suspected Entry: 64% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
Source - Another student's paper
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 39/70
DUE TO ITS MISCONFIGURED WAF SYSTEMS, PAIGE UTILIZED MALICIOUS SOFTWARE TO SCAN FIREWALLS
Due to its misconfigured WAF systems, Paige was able to utilize malicious software to scan firewalls, such efforts lead Paige to conduct a Server-Side Request Forgery
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS BREACH ENABLED PAIGE TO DOWNLOAD DATA FOR THE AWS S3 SERVER
Source - Another student's paper This breach enabled Paige to download data for AWS S3 server
Suspected Entry: 67% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
TO PREVENT A SERVER-SIDE REQUEST FORGERY, A SECURITY TEAM NEEDS TO CONFIGURE THE WAF CORRECTLY
Source - Another student's paper In order to prevent a Server-Side Request Forgery, a security team needs to configure the WAF correctly, thus configuration prevent hackers from executing malicious software and downloading massive amounts of data
Suspected Entry: 63% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THUS, CONFIGURATION PREVENTS HACKERS FROM EXECUTING MALICIOUS SOFTWARE AND DOWNLOADING MASSIVE AMOUNTS OF DATA
Source - Another student's paper In order to prevent a Server-Side Request Forgery, a security team needs to configure the WAF correctly, thus configuration prevent hackers from executing malicious software and downloading massive amounts of data
Suspected Entry: 95% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
LASTLY, A PENETRATION TEST NEEDED TO BE ADMINISTERED TO FIND FLAWS IN AWS'S SECURITY POSTURE
Source - Another student's paper Lastly, a penetration test needed to be administered in order to find flaws in AWS’s security posture
Suspected Entry: 95% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 40/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
EVENTUALLY, THE HACKER COULD HAVE BEEN STOPPED IF THE AWS SECURITY TEAM IMPLEMENTED SECURITY MEASUREMENTS
Source - Another student's paper Eventually, the hacker could have been stopped if security measurements was implemented by AWS security team
Suspected Entry: 65% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SECURITY BREACH AT CAPITAL ONE BANK
Source - https://f1tym1.com/2019/08/08/capital-one- breach-crime-board%E2%80%8A- %E2%80%8Acase-of-speculative-sleuthing/
Capital One Breach
Suspected Entry: 83% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
A HACKER GAINED ACCESS TO MORE THAN 100 MILLION CUSTOMER ACCOUNTS AND CREDIT CARD APPLICATIONS
Source - Another student's paper A hacker gained access to 100 million Capital One credit card applications and accounts
Suspected Entry: 78% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE INCIDENCE RESPONSE PLAN WILL ADDRESS THE AREAS THAT THE COMPANY SHOULD FOCUS ON
Source - Another student's paper INCIDENCE RESPONSE PLAN FOR CAPITAL ONE The incidence response plan will address the areas that the company should focus on
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IT INVOLVES PHASES
Source - Another student's paper It involves phases
Suspected Entry: 87% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
Source - Another student's paper
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 41/70
IN EVERY PHASE, THERE ARE SPECIFIC AREAS THAT THE COMPANY SHOULD FOCUS ON
In every aspect, there are specific areas that the company should focus on
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE PREPARATION PHASE IS THE WORKHORSE OF THE IRP
Source - Another student's paper The preparation phase is the workhorse of the IRP
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
TO ENHANCE PREPARATION, THE COMPANY SHOULD MAKE SURE THAT ALL THE EMPLOYEES ARE WELL TRAINED
Source - Another student's paper To enhance preparation, the company should make sure that all the employees are well trained
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS IS IN REGARDS TO THE ROLES AND RESPONSIBILITIES IN CASE THERE IS A DATA BREACH
Source - Another student's paper This is in regards to the roles and responsibilities in case there is a data breach
Suspected Entry: 97% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IT IS ALSO CRUCIAL TO MAKE SURE THAT ALL THE IRP ASPECTS HAVE BEEN APPROVED AND HAVE BEEN FUNDED IN ADVANCE
Source - Another student's paper It is also crucial to make sure that all the aspects of IRP have been approved, and they have been funded in advance
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
Source - Another student's paper That is training, the execution, the hardware as well as the resources
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 42/70
THAT IS TRAINING, THE EXECUTION, THE HARDWARE AS WELL AS THE RESOURCES
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ALL THE ROLES AND RESPONSIBILITIES SHOULD BE WELL DOCUMENTED
Source - Another student's paper All the roles and responsibilities should be well documented
Suspected Entry: 95% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
TESTING IS ALSO ESSENTIAL SINCE IT ACTS AS INSURANCE THAT THE EMPLOYEES WILL CARRY OUT THEIR TASKS AS THEY HAVE BEEN TRAINED
Source - Another student's paper Testing is also essential since it acts as insurance that the employees will carry out their tasks as they have been trained by the company
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS SECTION WILL ALSO ENTAIL SOME QUESTIONS THAT THE COMPANY NEEDS TO ADDRESS
Source - Another student's paper This section will also entail some questions that the company needs to address
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THEY INCLUDE, HAS EVERY EMPLOYEE RECEIVED TRAINING ON THE SECURITY POLICIES
Source - Another student's paper They include, has every employee received training on the security policies
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
Source - Another student's paper
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 43/70
HAVE ALL THE MEMBERS OF THE INCIDENT RESPONSE TEAM PARTICIPATED IN THE MOCK DRILL
Have all the members of the incident response team participated in the Mock Drill
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ARE THE SECURITY POLICIES IN PLACE APPROVED
Source - Another student's paper Are the security policies in place approved
Suspected Entry: 73% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IDENTIFICATION IN THIS SECTION, THE COMPANY CAN DETERMINE WHETHER IT HAS BEEN BREACHED
Source - Another student's paper Identification In this section, the company is able to make a determination of whether it has been breached
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IT SHOULD ALSO CONSIDER THAT THE INCIDENT DOES ORIGINATE FROM VARIOUS AREAS
Source - Another student's paper It should also consider that the incident does originate from various areas
Suspected Entry: 87% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IN THIS SECTION, SOME QUESTIONS NEED TO BE ADDRESSED
Source - Another student's paper In this section, there are some questions that need to be addressed
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
Source - Another student's paper This includes, when did the hacking take place
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 44/70
THIS INCLUDES, WHEN DID THE HACKING TAKE PLACE
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
HOW WAS THE EVENT DISCOVERED
Source - Another student's paper How was the event discovered
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
WHO DISCOVERED THE HACKING
Source - Another student's paper Who discovered the hacking
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ARE THERE OTHER AREAS THAT HAVE BEEN IMPACTED
Source - Another student's paper Are there other areas that have been impacted
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ARE THERE AFFECTED OPERATIONS
Source - Another student's paper Are there affected operations
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
WHAT THE SCOPE OF COMPROMISE
Source - Another student's paper What the scope of compromise
Suspected Entry: 100% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 45/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
CONTAINMENT WHEN THE BREACH OCCURRED, THE COMPANY MIGHT HAVE DECIDED TO DELETE EVERYTHING
Source - Another student's paper Containment When the breach occurred, the company might have decided to delete everything
Suspected Entry: 88% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
HOWEVER, THIS MIGHT HAVE REPERCUSSIONS SHORTLY SINCE VALUABLE EVIDENCE WILL GET LOST, WHICH MAY BE CRUCIAL IN DETERMINING WHEN THE BREACH OCCURRED AND THE SIGNS THAT MAY LEAD TO UNDERSTANDING WHO THE PERPETRATORS OF THE INCIDENT MIGHT BE AND WHAT MIGHT BE LOST
Source - Another student's paper However, this might have repercussions in the near future since valuable evidence will get lost, which may be crucial in the determination of when the breach occurred and the signs that may lead to having an understanding of who the perpetrators of the incident might be and what might be lost
Suspected Entry: 98% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE BEST THING TO DO IS MAKE SURE THAT ALL THE AFFECTED DEVICES ARE DISCONNECTED FROM THE INTERNET
Source - Another student's paper The best thing to do is to make sure that all the affected devices are disconnected from the internet
Suspected Entry: 82% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE COMPANY NEEDS TO HAVE LONG AND SHORT TERM STRATEGIES OF CONTAINMENT READY
Source - Another student's paper It is vital for the company to have long and short term strategies of containment ready
Suspected Entry: 78% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS CALLS FOR THE NEED TO HAVE A BACKUP SYSTEM THAT WILL HELP RESTORE BUSINESS
Source - Another student's paper This calls for the need to have a backup system that will aid in the restoration of business operations
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 46/70
OPERATIONS
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS IS AN EXCELLENT TIME TO MAKE SURE THAT ALL
Source - Another student's paper This is an excellent time to make sure that all
Suspected Entry: 75% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE SYSTEMS HAVE BEEN UPDATED AND REVIEWED THE PROTOCOLS OF REMOTE ACCESS
Source - Another student's paper the systems have been updated as well as reviewing the protocols of remote access
Suspected Entry: 82% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS ENTAILS THE USE OF MULTI-FACTOR AUTHENTICATION AND HARDENING THE PASSWORDS, (JOUINI & RABAI, 2019)
Source - Another student's paper This entails the use of multi-factor authentication and hardening the passwords
Suspected Entry: 91% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ERADICATION AFTER THE ISSUE AT HAND HAS BEEN CONTAINED, IT IS NOW TIME TO FOCUS ON ERADICATING THE ROOT CAUSE OF THE PROBLEM
Source - Another student's paper Eradication After the issue at hand has been contained, it is now time to focus on the extermination of the root cause of the problem
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THAT IS THE HACKING BREACH
Source - Another student's paper That is the hacking breach
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 47/70
Suspected Entry: 90% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IT MERELY MEANS THAT ANY MALWARE IS SUPPOSED REMOVED, ALL THE SYSTEMS ARE HARDENED AND PATCHED, AND ALL UPDATES ARE APPLIED
Source - Another student's paper It merely means that any malware is supposed removed, all the systems hardened as well as patched, and all updates applied
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS PROCESS SHOULD BE THOROUGH
Source - Another student's paper This process should be thorough
Suspected Entry: 93% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS IS TO MAKE SURE THAT THERE ARE NO MALWARE TRACES LEFT IN THE SYSTEM SINCE THEY MAY LEAD TO THE LOSS OF MORE DATA, WHICH MAY LEAD TO AN INCREASE IN LIABILITY
Source - Another student's paper This is to make sure that there are no malware traces that have been left in the system since they may lead to the loss of more data, and this may lead to an increase in liability
Suspected Entry: 87% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IN THIS SECTION, SOME QUESTIONS NEED TO BE ANSWERED
Source - Another student's paper In this section, there are some questions that need to be answered
Suspected Entry: 72% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THEY INCLUDE, CAN THE ENTIRE SYSTEM BE RE-IMAGED, IS THE ENTIRE SYSTEM HARDENED AND PATCHED
Source - Another student's paper They include, can the entire system be re-imaged
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 48/70
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ARE THERE UPDATES
Source - Another student's paper Are there updates
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
HAVE ALL THE MALWARE BEEN REMOVED
Source - Another student's paper Have all the malware been removed
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THESE QUESTIONS ARE ESSENTIAL IN THAT THEY HELP IN ANALYZING THE EFFECTIVENESS OF THE INCIDENCE RESPONSE TEAM
Source - Another student's paper These questions are essential in that they help in analyzing the effectiveness of the incidence response team
Suspected Entry: 96% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
RECOVERY IN THIS STAGE, CAPITAL ONE WILL BE EXPECTED TO RESTORE ALL THE AFFECTED DEVICES AND SYSTEMS INTO THE BUSINESS ENVIRONMENT
Source - Another student's paper Recovery In this stage, Capital One will be expected to restore and return all the affected devices and systems into the business environment
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
AT SUCH A TIME, IT IS CRUCIAL TO HAVE ALL THE OPERATIONS OF THE SYSTEM AND THE BUSINESS UP AND RUNNING WITHOUT ANY FEAR THAT THE BREACH MIGHT HAPPEN AGAIN
Source - Another student's paper At such a time, it is crucial to have all the operations of the system and the business up and running without any fear that the breach might happen again
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 49/70
Suspected Entry: 91% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
REGARDLESS OF WHAT MIGHT HAPPEN, THE BUSINESS WILL ALWAYS GO BACK TO ITS NORMAL OPERATIONS
Source - Another student's paper Regardless of what might happen, the company will always go back to its normal operations
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THERE ARE SEVERAL QUESTIONS THAT THE COMPANY SHOULD STRIVE TO ANSWER
Source - Another student's paper There are several questions that the company should strive to answer
Suspected Entry: 90% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
WHEN IS THE SYSTEM SUPPOSED TO RETURN TO REGULAR PRODUCTION, ARE ALL SYSTEMS PATCHED, TESTED, AND HARDENED
Source - Another student's paper They include, when is the system supposed to return back to regular production, are all systems patched, tested and hardened
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IS THERE A POSSIBILITY OF THE SYSTEMS BEING RESTORED FROM A BACKUP
Source - Another student's paper Is there a possibility of the systems being restored from a backup
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
HOW LONG WILL THE PROCESS OF MONITORING TAKE
Source - Another student's paper How long will the process of monitoring take
Suspected Entry: 99% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 50/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
WHAT TOOLS WILL BE USED IN CASE A SIMILAR ATTACK OCCURS AGAIN
Source - Another student's paper What tools will be used in case a similar attack occurs again
Suspected Entry: 90% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
LESSONS LEARNED AFTER ALL THE INVESTIGATIONS ARE COMPLETE, IT WILL BE CRUCIAL TO HAVE AN AFTER-ACTION MEETING WITH ALL THE TEAM MEMBERS AND DISCUSS WHAT EACH OF THE TEAM MEMBERS HAS LEARNED FROM THE BREACH
Source - Another student's paper Lessons learned After all the investigations are complete, it will be crucial to have an after-action meeting with all the members of the team and come up with a discussion of what each of the members of the team has learned from the breach
Suspected Entry: 90% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
DURING THIS PERIOD, THAT ANALYSIS TAKES PLACE, AND EVERYTHING RELATED TO THE BREACH IS DOCUMENTED
Source - Another student's paper It is in this period that analysis takes place, and everything related to the breach is documented
Suspected Entry: 90% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IN THIS STAGE, THE FOCUS IS ON WHAT WENT ON WELL AND THE LOOPHOLES THAT NEED TO BE ADDRESSED
Source - Another student's paper In this stage, the focus is on what went on well and the loopholes that need to be addressed (Setiawan, 2017)
Suspected Entry: 79% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE LESSONS THAT THE TEAM WILL HAVE LEARNED FROM THE REAL AND MOCK ACTIVITIES WILL BE IMPORTANT IN PREVENTING ANY OTHER ATTACK THAT MAY OCCUR SHORTLY
Source - Another student's paper The lessons that the team will have learned from the real and mock activities will be imported in the prevention of any other attack that may occur in the near future
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 51/70
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
DURING THE PERIOD OR REVIEWING THE LESSONS LEARNED, THE INCIDENCE RESPONSE TEAM SHOULD ADDRESS SOME QUESTIONS
Source - Another student's paper During the period or reviewing the lessons learned, the incidence response team should address some questions
Suspected Entry: 96% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
DO THEY INCLUDE WHAT THE CHANGES THAT SHOULD BE MADE ON CAPITAL ONE'S SECURITY ARE
Source - Another student's paper They include, what are the changes that should be made on Capital one's security
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
WHAT ARE THE WEAKNESSES EXPLOITED BY JOHN'S SON'S ACTIVITIES
Source - Another student's paper What are the weaknesses exploited by John's son's activities
Suspected Entry: 74% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
DUE TO THE ADVANCEMENTS IN TECHNOLOGY, THE COMPANY COULD NOT HAVE EVADED SUCH AN INCIDENT
Source - Another student's paper DISASTER RECOVERY PLAN FOR CAPITAL ONE Due to the advancements in technology, the company could not have evaded the occurrence of such an incident
Suspected Entry: 93% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
HOWEVER, IF THE COMPANY HAD A DISASTER RECOVERY PLAN, IT COULD HAVE MITIGATED THE INCIDENCE
Source - Another student's paper However, if the company had a Disaster recovery plan, it could have mitigated the occurrence of the incidence
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 52/70
Suspected Entry: 93% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE DRP FOR APPLE WILL INCLUDE THE CRITICAL IDENTIFICATION PROCESSES OF THE BUSINESS, THE OBJECTIVES OF THE COMPANIES DRP, ASSESSING THE RISKS, THE TECHNIQUES AND THE TOOLS TO BE USED, DATA BACKUP, STRATEGIES FOR DATA RECOVERY, TRANSLATION OF THE DRP STRATEGIES TO DRP, OFFSITE STORAGE LOCATION, TESTING, THE PROCEDURE FOR EMERGENCY RESPONSE, COMMUNICATION PLAN, AND THE EVALUATION OF THE PLAN
Source - Another student's paper The DRP for Apple will include the critical identification processes of the business, the objectives of the companies DRP, assessing the risks, the techniques and the tools to be used, data backup, strategies for data recovery, translation of the DRP strategies to DRP, Offsite storage location, testing, the procedure for emergency response, communication plan, and the evaluation of the plan to identify the strengths and pitfalls(Wallace, 2017)
Suspected Entry: 93% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ASSESSMENT OF CRITICAL APPLICATION AND ASSIGNING ROLES THE FIRST THING TO DO IS TO MAKE SURE THAT ALL THE COMPANY'S CRITICAL APPLICATIONS HAVE BEEN IDENTIFIED
Source - Another student's paper Assessment of critical application and assigning roles The first thing to do is to make sure that all the critical applications of the company have been identified
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IN THIS CASE, IT IS THE COMPUTERS THAT DO HAVE THE INVENTORIES OF CAPITAL ONE
Source - Another student's paper In this case, it is the computers that do have the inventories of capital one
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE COMPANY MOSTLY DEALS WITH FINANCIAL SERVICES
Source - Another student's paper The company mostly deals with financial services
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 53/70
Suspected Entry: 90% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
AFTER IDENTIFYING THE CRITICAL APPLICATIONS, A TEAM THAT WILL DRIVE THE ENTIRE PROCESS OF DISASTER RECOVERY WILL BE FORMED
Source - Another student's paper After the identification of the critical applications, a team that will drive the entire process of disaster recovery will be formed
Suspected Entry: 79% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE WHOLE TEAM WILL INCLUDE THE CHAIRPERSON, THE TREASURER, THE SECRETARY, AND THE FOUR MORE MEMBERS FROM THE COMPANY'S FOUR DEPARTMENTS
Source - Another student's paper The whole team will include the chairperson, the treasurer, the secretary as well as the four more members each from the four departments owned by the company
Suspected Entry: 94% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
OBJECTIVES THE COMPANY'S ABILITY TO SUCCEED SOLELY DEPENDS ON ITS ABILITY TO RISE AFTER THE 2019 CYBER-ATTACK THAT SAW THE LOSS OF MORE THAN 100 MILLION
Source - Another student's paper Objectives The ability of the company to succeed solely depends on its ability to rise after the 2019 cyber-attack that saw the loss of more than 100 million
Suspected Entry: 74% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE OVERALL OBJECTIVE OF THE DRP WILL BE THE PREVENTION OF ANY OTHER ATTACK SHORTLY
Source - Another student's paper The overall objective of the DRP will be the prevention of any other attack in the near future (Srinivasan, 2017)
Suspected Entry: 92% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE MAIN FOCUS WILL BE ON TIME BETWEEN AN INCIDENT AND THE TIME FOR RECOVERY
Source - Another student's paper The main focus will be on time between the occurrence of an incident and the time for recovery
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 54/70
Suspected Entry: 74% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS MEANS THAT THE MAIN FOCUS WILL BE ON CONSIDERING GETTING BACK TO ITS OPERATIONS AS QUICKLY AS POSSIBLE
Source - Another student's paper This simply means that the main focus will be on the factors to consider so that it may get back to its operations as quickly as possible
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ASSESSMENT OF THE RISKS THERE WAS A VERY HIGH PROBABILITY THAT THE HACKING WOULD HAVE OCCURRED
Source - Another student's paper Assessment of the risks There was a very high probability that the hacking would have occurred
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS IS BECAUSE THOMPSON WORKED IN A COMPANY THAT HAD SOME CONNECTION WITH CAPITAL ONE
Source - Another student's paper This is because Thompson worked in a company that had some connection with Capital one
Suspected Entry: 92% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE COMPANY ALSO LACKED SOME ESSENTIAL SECURITY STRATEGIES THAT COULD HAVE ALLOWED THE EARLIER DETECTION OF THE INCIDENT
Source - Another student's paper The company also lacked some important security strategies that could have allowed the earlier detection of the incident
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THEY REALIZED AFTER SOME INFORMATION HAD BEEN LEAKED ONLINE
Source - Another student's paper They realized after some information had been leaked online
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 55/70
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ANOTHER FUNNY THING IS THAT THE ATTACK TOOK TWO DAYS UNDETECTED
Source - Another student's paper Another funny thing is that the attack took two days undetected
Suspected Entry: 71% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS ALSO MEANS THAT THE EMPLOYEES DID NOT RECEIVE THE REQUIRED TRAINING, AND THE PASSWORD POLICY WAS RELATIVELY WEAK, BUSINESS IMPACT ANALYSIS PERFORMING A BIA WILL HELP THE COMPANY MEASURE THE IMPACT CAUSED BY THE DOWNTIME ON THE AREAS AFFECTED
Source - Another student's paper Business Impact Analysis Performing a BIA will help the company to measure the impact caused by the downtime on the areas that have been affected
Suspected Entry: 84% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE 2019 ATTACK WAS ONE OF THE MOST SIGNIFICANT ATTACKS THAT LED TO MORE THAN 100 MILLION PENETRATION
Source - Another student's paper The 2019 attack was one of the biggest attacks that led to the penetration to more than 100 million accounts
Suspected Entry: 91% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS WAS MAINLY AIDED BY USING A BIA QUESTIONNAIRE TO ALL THE EMPLOYEES AND THE MANAGERS OF THE COMPANY
Source - Another student's paper This was mainly aided by the use of a BIA questionnaire to all the employees and the managers of the company
Suspected Entry: 93% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
Source - Another student's paper
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 56/70
THROUGH THE BIA QUESTIONNAIRE, IT WAS EVIDENT THAT THE INFORMATION LEAKED TO THE PUBLIC WAS NOT USED TO CARRY OUT THE ATTACK
Through the BIA questionnaire, it was evident that the information that had been leaked to the public was not used to carry out the attack
Suspected Entry: 90% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IT WAS ALSO EVIDENT THAT MANY PERSONNEL DID NOT HAVE THE REQUIRED TRAINING REGARDING DETECTING THE OCCURRENCE OF ANY THREAT
Source - Another student's paper It was also evident that many personnel did not have the required training in regards to detecting the occurrence of any threat
Suspected Entry: 92% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
CAPITAL ONE'S RPO AND THE MAXIMUM TOLERABLE TIME THE RPO WILL BE IMPORTANT IN THAT IT HELPED THE TEAM DEVELOP A TIME FRAME THAT WOULD BE USED IN SOLVING ISSUES
Source - Another student's paper Capital one’s RPO and the Maximum tolerable time The RPO will be important in that it helped the team to come up with a time frame that would be used in solving issues
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE AVERAGE RPO OF CAPITAL ONE IS 3 HOURS
Source - Another student's paper The Average RPO of capital one is 3 hours
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE TIME IS DETERMINED AFTER CONSIDERING THE TIME BETWEEN THE HACKING AND THE BACKING UP OF DATA THAT MIGHT HAVE BEEN LOST
Source - Another student's paper The time is determined after considering the time between the hacking and the backing up of data that might have been lost
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 57/70
Suspected Entry: 75% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
MAXIMUM TOLERANCE REFERS TO THE MAXIMUM AMOUNT OF TIME THAT CAPITAL ONE IS NOT OPERATING NORMALLY
Source - Another student's paper Maximum Tolerable time refers to the maximum amount of time that Capital one is not operating in a normal way
Suspected Entry: 84% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
TO COME UP WITH A DEFINITE TIME OF MAXIMUM TOLERANCE, IT WILL HAVE TO SUM UP THE RTO AND THE WRT
Source - Another student's paper For the company to come up with a definite time of the Maximum Tolerable time, it will have to sum up the RTO and the WRT
Suspected Entry: 87% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE MAXIMUM TOLERABLE TIME FOR THE 2019 ATTACK IS 5 HOURS
Source - Another student's paper The maximum tolerable time in reference to the 2019 attack is 5 hours
Suspected Entry: 92% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ASSESSMENT OF CURRENT DATA RECOVERY STRATEGIES THE PRIMARY STRATEGY FOR DATA RECOVERY IS THROUGH THE CLOUD
Source - Another student's paper Assessment of current data recovery strategies The main strategy for data recovery is through the cloud
Suspected Entry: 79% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS MEANS THAT THE COMPANY'S STRATEGY IS NOT RIGHT SINCE IT LED TO THEFT PROMOTION
Source - Another student's paper This simply means that the strategy applied by the company is not right since it led to the promotion of the theft
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 58/70
Suspected Entry: 73% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THOMPSON WORKED IN THAT COMPANY
Source - Another student's paper Thompson worked in that company (Jorrigala, 2017)
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE COMPANY SHOULD CONSIDER HIRING ANOTHER COMPANY THAT CAN BE RELIED UPON
Source - Another student's paper The company should consider hiring another company that can be relied upon
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IN COMING UP WITH A GOOD STRATEGY, THE COMPANY SHOULD FOCUS ON HUMAN RESOURCES, PHYSICAL ACTIVITIES, TECHNOLOGY, AND DATA
Source - Another student's paper In coming up with a good strategy, the company should focus on human resources, physical activities, technology, and data
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
TESTING OF THE THEORY THE COMPANIES MTD IS 5 HOURS, THE RTO OF THE COMPANY IS 4 HOURS, AND THE RPO IS ONLY 3 HOURS
Source - Another student's paper Testing of the theory The companies MTD is 5 hours, the RTO of the company is 4 hours, and the RPO is only 3 hours
Suspected Entry: 86% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS IS ENOUGH EVIDENCE THAT IF THERE IS AN ATTACK, THE COMPANY WILL NOT HAVE TO SHUT FOR THE WHOLE DAY
Source - Another student's paper This is enough evidence that in case there is an occurrence of an attack, the company will not have to shut for the whole day
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 59/70
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS IS AN IMPORTANT ASPECT WHICH SHOWS THAT THE BANK IS WELL PREPARED
Source - Another student's paper This is an important aspect which shows that the bank is well prepared
Suspected Entry: 84% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
DATA BACK UP THIS IS THE MOST CRUCIAL ASPECT OF THE COMPANY
Source - Another student's paper Data back up This is the most important aspect of the company
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
DESPITE THE COMPANY BACKING UP THEIR DATA INTO THE CLOUD, IT SHOULD ALSO CONSIDER GOING MANUAL
Source - Another student's paper Despite the company backing up their data into the cloud, it should also consider going manual
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE TWO SHOULD BE PARALLEL TO EACH OTHER
Source - Another student's paper The two should be parallel to each other
Suspected Entry: 72% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE COMPANY SHOULD ALSO CONSIDER HAVING SEVERAL BACKS UP SITES
Source - Another student's paper The company should also consider having a number of back up sites
Suspected Entry: 100% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 60/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS WILL HELP IN MAKING SURE THAT THE OPERATIONS OF THE COMPANY ARE NOT AFFECTED IN ANY WAY
Source - Another student's paper This will help in making sure that the operations of the company are not affected in any way
Suspected Entry: 85% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
OFFSITE STORAGE LOCATION THIS SIMPLY MEANS THAT ANY SERVERS USED FOR BACKING UP, THE HARDWARE AND OTHER MATERIAL ARE ESSENTIAL IN ALL THE COMPANY'S OPERATIONS
Source - Another student's paper Offsite storage location This simply means that any servers used for backing up, the hardware as well as other material are important in all the operations of the company
Suspected Entry: 90% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SUCH COMPONENTS SHOULD BE STORED IN AN AREA THAT IS AWAY FROM THE PRINCIPAL OFFICE OF THE COMPANY
Source - Another student's paper Such components should be stored in an area that is away from the main office of the company
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THAT IS FAR ENOUGH IN SUCH A WAY THAT IT CANNOT BE AFFECTED BY ANY EVENTUALITY
Source - Another student's paper That is far enough in such a way that it cannot be affected by any eventuality
Suspected Entry: 79% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE OFFSITE LOCATIONS SHOULD BE WELL LOCATED SINCE THEY DO SERVE AS AN ALTERNATIVE TO THE CENTRAL BANK, (ESPOSITO, ET AL, 017)
Source - Another student's paper The offsite locations should be well located since they do serve as an alternative to the main bank
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 61/70
Suspected Entry: 62% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE COMPANY SHOULD BE ABLE TO COMMUNICATE THE OBJECTIVES OF THE DRP EFFECTIVELY
Source - Another student's paper The company should be able to communicate the objectives of the DRP in an effective manner that will bring about success in the company
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE DRP SHOULD BE WELL DOCUMENTED IN SUCH A WAY THAT IT CANNOT BE TAMPERED WITH
Source - Another student's paper The DRP should be well documented in such a way that it cannot be tampered with
Suspected Entry: 89% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
PROCEDURE FOR EMERGENCY RESPONSE CAPITAL ONE'S PROCEDURE WHEN RESPONDING TO AN EMERGENCY WILL BE OBVIOUS
Source - Another student's paper Procedure for Emergency response Capital One's procedure when responding to an emergency will be very clear
Suspected Entry: 93% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE FIRST THING IS TO MAKE SURE THAT THE SYSTEM HAS BEEN REBOOTED IF THE SYSTEM DOES NOT OPERATE IN THE RIGHT WAY
Source - Another student's paper The first thing is to make sure that the system has been rebooted in case the system does not operate in the right way
Suspected Entry: 68% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IN CASE THAT FAILS, THEN THE FOLLOWING PROCEDURE WILL APPLY
Source - Another student's paper In case that fails, then the following procedure will apply in dealing with the adverse effects that have come up
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 62/70
Suspected Entry: 62% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
NOTIFY THE MANAGER IN CHARGE OF INFORMATION TECHNOLOGY
Source - Another student's paper Notify the manager in charge of information technology or any other manager you might come across
Suspected Entry: 94% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE MANAGER WILL THEN DELEGATE THE RESPONSIBILITIES OF CHECKING THE SYSTEM TO THE IT EXPERTS WORKING UNDER HIM
Source - Another student's paper The manager will then delegate the responsibilities of checking the system to the IT experts who are working under him
Suspected Entry: 91% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE IT EXPERTS WILL THEN LOOK AT THE NECESSARY COMPONENTS SUCH AS INTERNET CONNECTION AND CHECK IF THE ETHANATE CABLES ARE WELL CONNECTED
Source - Another student's paper The IT experts will then have a look at the basic components such as internet connection and check if the Ethanate cables are well connected
Suspected Entry: 83% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IF THE ISSUE IS INVOLVED, THEY MIGHT OPT TO USE TECHNOLOGY, FOR INSTANCE, HACKING
Source - Another student's paper If the issue is complex, then they might opt to make use of technology, for instance, hacking
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
TESTING THE WHOLE PLAN TESTING THE TEAM WILL ENTAIL CONVENING A MEETING OF ALL THE STAKEHOLDERS
Source - Another student's paper Testing the whole plan Testing the team will entail convening a meeting of all the stakeholders
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 63/70
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE TEAM WILL ENGAGE IN A REVIEW OF ALL THE STEPS THAT HAVE BEEN CARRIED OUT
Source - Another student's paper The team will engage in a review of all the steps that have been carried out
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THAT IS FROM THE PLANNING STAGE TO THE EVALUATION STAGE
Source - Another student's paper That is from the planning stage to the evaluation stage
Suspected Entry: 74% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
EVALUATION AND DRP UPDATE THE TENETS OF EVALUATION WILL INCLUDE HAVING A LOOK AT THE SUCCESSES AND FAILURES OF THE DRP
Source - Another student's paper Evaluation and DRP update The tenets of evaluation will include having a look at the successes and failures of the DRP, the recommendations that should be considered as well as the entire cost of the Disaster recovery plan
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
EVALUATION MEANS FOCUSING ON THE TECHNIQUES THAT UTILIZE THE LEAST AMOUNT OF MONEY
Source - Another student's paper Evaluation means focusing on the techniques that utilize the least amount of money
Suspected Entry: 94% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE EVALUATION WILL ALSO ENTAIL THE ROOTING OUT OF ANY DEFECTIVE MEASURES
Source - Another student's paper The evaluation will also entail the rooting out of any measures that are defective
Suspected Entry: 71% match
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 64/70
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE EVALUATION WILL ALSO ENTAIL MAKING SURE THAT ALL THE COMPONENTS OF THE DRP ARE IN LINE WITH THE OBJECTIVES AND THE STIPULATED TECHNOLOGY THAT THE COMPANY USES, (BARONA & ANITA, 2017) THE DRP SHOULD BE UPDATED REGULARLY
Source - Another student's paper The evaluation will also entail making sure that all the components of the DRP are in line with the objectives and the stipulated technology that the company uses to conduct its operations that does promote effectiveness and efficiency
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS IS BECAUSE TECHNOLOGY CHANGES AND THUS DOES THE NEEDS OF THE COMPANY
Source - Another student's paper This is because technology changes and thus does the needs of the company
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ANOTHER REASON FOR MAKING SURE THAT THE DRP IS UP TO DATE IS BECAUSE HACKERS WILL ALWAYS ADVANCE THEIR STRATEGIES
Source - Another student's paper Another reason for making sure that the DRP is up to date is because hackers will always advance their strategies
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS ALSO COMES IN AS A RECOMMENDATION TO PREVENT FURTHER ATTACKS
Source - Another student's paper This also comes in as a recommendation to prevent further attacks
Suspected Entry: 70% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE EMPLOYEES AND THE USERS AT LARGE NEED TO GENERATE AND CREATE PRIVATE KEYS AND PUBLIC ONES TO ASSIST THE COMPANY IN DOING CLOUD COMPUTING ACTIVITIES
Source - Another student's paper The users need to create and generate both private and public keys to assist them in accessing the information and data in cloud computing
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 65/70
Suspected Entry: 73% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THESE TWO PROCESSES ARE ESSENTIAL WHILE ENSURING DATA IS SECURED AND THE INFORMATION DURING THE CLOUD COMPUTING
Source - Another student's paper Thus, the two processes are essential in ensuring the security of the data and information in cloud computing
Suspected Entry: 68% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
CONSEQUENTLY, CLOUD COMPUTING SUGGESTS RELYING ON ANOTHER ORGANIZATION, A THIRD-PARTY ORGANIZATION THAT OFFERS IT SERVICES THAT INCLUDE BOTH SOFTWARE AND HARDWARE CONFIGURATIONS
Source - Another student's paper Therefore, cloud computing implies relying on the third-party organization offering IT services that both software and hardware structures
Suspected Entry: 63% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ONE OF THE RISKS WHICH ARE ASSOCIATED WITH CLOUD COMPUTING IS INFORMATION RESOURCES LOSS
Source - Another student's paper This is an example of the risks associated with cloud computing
Suspected Entry: 64% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
CLOUD COMPUTING HAS GOT ANOTHER RISK ASSOCIATED WITH IT, AND IT IS THEFT OF ACCOUNTING AND TRAFFICKING
Source - Another student's paper Account theft and traffic theft is another risk associated with cloud computing
Suspected Entry: 72% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
Source - Another student's paper Also, the cloud server hosts several applications that serve different purposes in cloud computing
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 66/70
THE CLOUD SERVER HOSTS ALSO SHOULD NOT SERVE DIFFERENT CLOUD COMPUTING PURPOSES
(Rittinghouse, & Ransome, 2016)
Suspected Entry: 64% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THIS IS BECAUSE THE RISK ASSOCIATED WITH THIS SHARING OF TECHNOLOGY IS USEFUL IN ALL MODELS AND STAGES IN THE PROCESS OF CLOUD COMPUTING
Source - Another student's paper The risk associated is that there is a risk of damage to the shared technology across all the models and stages in cloud computing
Suspected Entry: 70% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE CLOUD SERVICE PROVIDER HAS THE MANDATE TO ENSURE ALL THE PROCESSES OF DATA PROCESSING, PROGRAMMING OF SECURITY, CONTROL ISSUES, AND ACTIVITIES TO ENHANCE THE NETWORK
Source - Another student's paper This requires the cloud service provider to ensure the processing, program security, control activities, and enhance the network
Suspected Entry: 86% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THUS, THE RISK OF SHARED TECHNOLOGY REQUIRES THE DATA UPLOADED TO BE CLASSIFIED AND SHREDDED DURING BEING UPLOADED AND HASHED AS IT IS BEING UPLOADED
Source - Another student's paper Thus, the risk of shared technology requires the data uploaded to be classified and hashed as it is being uploaded
Suspected Entry: 64% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE ORGANIZATION HAS NO CONTROL OVER THE FEATURES THAT IT NEEDS TO USE BUT IS DETERMINED FROM ELSEWHERE
Source - Another student's paper Therefore, the organization has no control over the features to use
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 67/70
Suspected Entry: 64% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
CHALLENGES OF CONNECTING EDGE AND CLOUD COMPUTING
Source - Another student's paper Issues and Challenges in Cloud Computing
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
CONCEPTS, METHODOLOGIES, TOOLS, AND APPLICATIONS (PP
Source - Another student's paper Concepts, Methodologies, Tools, and Applications (pp
Suspected Entry: 67% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
SECURE FRAMEWORK FOR DATA SECURITY IN CLOUD COMPUTING
Source - Another student's paper Data Security Basics in Cloud computing
Suspected Entry: 74% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ISSUES AND CHALLENGES OF DATA SECURITY IN A CLOUD COMPUTING ENVIRONMENT
Source - Another student's paper Data Security Issues and Solutions in Cloud Computing
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
INCIDENCE RESPONSE PLAN FOR CAPITAL ONE
Source - Another student's paper INCIDENCE RESPONSE PLAN FOR CAPITAL ONE
Suspected Entry: 75% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
Source - Another student's paper
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 68/70
IN THE PREPARATION STAGE, THE COMPANY SHOULD DEVELOP DRILL SCENARIOS FOR THE INCIDENCE RESPONSE AND CONDUCT MOCK BREACHES ON DATA REGULARLY, EVALUATING THE IRP
In the preparation stage, the company should develop drill scenarios for the incidence response and conducting mock breaches on data on a regular basis, which helps in the evaluation of the IRP
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
HA, THE POINT OF ENTRY BE DISCOVERED
Source - Another student's paper Ha, the point of entry be discovered
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
DISASTER RECOVERY PLAN FOR CAPITAL ONE
Source - Another student's paper DISASTER RECOVERY PLAN FOR CAPITAL ONE
Suspected Entry: 72% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THEY ARE CRUCIAL IN EXPEDITING THE RECOVERY PROCESS AND ESTABLISHING THE ROLES THAT EACH INDIVIDUAL SHOULD UNDERTAKE IN CASE A DISASTER OCCURS
Source - Another student's paper All the employees as well as the service providers who are crucial in expediting the process of recovery and the establishment of the roles that each individual should undertake in case a disaster occurs will be included
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE PROCESS OF COMMUNICATION SHOULD BE SPEEDY SO THAT THE DAMAGE THAT HAS BEEN CAUSED BY THE DISASTER CAN BE REDUCED WITH THE SHORTEST TIME POSSIBLE
Source - Another student's paper The process of communication should be speedy so that the damage that has been caused by the disaster can be reduced with the shortest time possible
Suspected Entry: 85% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
Source - Another student's paper
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 69/70
TESTING THE PLAN IS CRUCIAL SINCE IT HELPS IDENTIFY THE AREAS THAT MAY NEED IMPROVEMENTS TO HELP CURB THE OCCURRENCE OF SUCH AN EVENT AGAIN
Testing the plan is crucial since it helps in the identification of the areas that may need improvements to help in curbing the occurrence of such an event again
Suspected Entry: 66% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THESE RECOMMENDATIONS SHOULD BE CONSIDERED, AS WELL AS THE ENTIRE COST OF THE DISASTER RECOVERY PLAN
Source - Another student's paper The tenets of evaluation will include having a look at the successes and failures of the DRP, the recommendations that should be considered as well as the entire cost of the Disaster recovery plan
Suspected Entry: 78% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
THE PHASES INCLUDE PREPARATION, IDENTIFICATION CONTAINMENT, ERADICATION RECOVERY, AND FINALLY, THE LESSON THAT HAS BEEN LEARNED
Source - Another student's paper The phases include preparation, identification, containment, eradication, recovery and learned lessons
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
BARONA, R., & ANITA, E
Source - Another student's paper Barona, R., & Anita, E
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
A SURVEY ON DATA BREACH CHALLENGES IN CLOUD COMPUTING SECURITY
Source - Another student's paper A survey on data breach challenges in cloud computing security
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
Source - Another student's paper
10/11/2020 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_132075_1&paperId=3532119401&&a… 70/70
IN 2017 INTERNATIONAL CONFERENCE ON CIRCUIT, POWER AND COMPUTING TECHNOLOGIES (ICCPCT) (PP
In 2017 International Conference on Circuit, Power and Computing Technologies (ICCPCT) (pp
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
ISSUES AND THREATS
Source - Another student's paper Issues and Threats”
Suspected Entry: 74% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IN CLOUD SECURITY
Source - https://www.imperva.com/learn/availability/disaster- recovery/
Cloud Data Security
Suspected Entry: 99% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IN 2016 IEEE 2ND INTERNATIONAL CONFERENCE ON COLLABORATION AND INTERNET COMPUTING (CIC) (PP
Source - Another student's paper In 2016 IEEE 2nd International Conference on Collaboration and internet Computing (CIC) (pp
Suspected Entry: 100% match
Uploaded - Cloud_computing_Team1_residency_paper.docx
IN 2017 IEEE 8TH ANNUAL UBIQUITOUS COMPUTING, ELECTRONICS AND MOBILE COMMUNICATION CONFERENCE (UEMCON) (PP
Source - Another student's paper In 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON) (pp
