Cyber Security

profileluckyqloo
W8D2..responseMR.docx
Home>Information Systems homework help>Cyber Security

Please respond to student 150-250 words.. DO you agree or disagree

Throughout the course of this class we have covered a lot of information and throughout the readings, I have gained more knowledge. I am interested in governance, standards like the case studies covered in week 4. Understanding, developing, and implementing such standards in an organization can provide security to the infrastructure, but only when all the parts are playing their roles. Starting from physical security and training for employees to the tools and devices that are used in the environment, and even the architectural design of the network. This is interesting because many enterprises are moving to cloud environments either public, private or even some hybrid environments. I am currently in a team to migrate mostly everything to cloud environments using AWS and AZURE, my role is to provide security and monitoring for these environments during and after the creation.

An article by Help Net Security spoke about vulnerabilities due to cloud misconfigurations. This article brings information about a research by Fugue, where it points out that 54% of IT Lack team awareness of security and policies, 49% lack adequate control and oversight, 47% too many cloud APIs and interfaces to govern properly. (Help Net Security, 2018). This I believe is because of the lack of training and the pressure to migrate to cloud services.  Some of the most common types of misconfigurations are security group rules, access policies, encryption in transit. Encryption in transit is a big issue and I have personally seen this, although some cloud services “protect” your data the person responsible is the data owner. Also, the owner needs to encrypt sensitive data to and from the cloud as this data is not encrypted by the cloud services.

Governance plays a big role and implementing and enforcing standards and frameworks can prevent against threats. With new technology e.g. cloud environments, and bounty hunters (hackers paid to find exploits), new frameworks need to be created or a cocktail should be deployed like in the UAE Case studies to fight against such threats.

Help Net Security (2018). Most enterprises highly vulnerable to security events caused by cloud misconfiguration. Retrieved from https://www.helpnetsecurity.com/2018/10/05/cloud-misconfiguration/?utm_source=hs_email&utm_medium=email&utm_content=66466165&_hsenc=p2ANqtz--wC-VRDyKh65IgM5YPB7eLumuYoDVcm-9Txfu6NM7CnoOq08zYhaudFDgIOcevH74MZr_4ODhMeQZlgMGc6UBTXvR4Cg&_hsmi=66466165