Add to collection(s) Add to saved
  1. No category
Uploaded by rameeshishak

Assignment 01

advertisement 
University of Kelaniya
Management & Information Technology – Department of Industrial Management
Information Assurance & Security (2021)
Assignment 01
1.) Your answers should be supported by practical examples in providing weight to your
justification.
2.) If necessary, you can make reasonable assumptions BUT need to state them clearly with your
answers.
Z Cloud Solutions (ZCS) Ltd offers cost effective cloud computing solution and caters to banking,
insurance, healthcare, manufacturing, supply chain and technology industry. It is one of the top cloud
companies in the region providing flexible payment, security, round-the-clock technical support and option
of use by pay basis pricing. It offers complete computing solution provider including SaaS, PaaS and IaaS
services on the public, private and hybrid computing model. ZCS has 100+ racks in its regional data centres.
These servers are also networked with 500+ servers which hold the worldwide business data of customer
of ZCS. These servers are also connected to the global offices of ZCS and their customers through highspeed networks and telecommunication systems. The company is state of art Technology infrastructure and
has well trained staff organised as per specific job responsibility and comprehensive access policy designed
to not only protect but also ensure availability of data. To protect its data, ZCS has put in place a
comprehensive Information Security System as mandated by ISO 27001& PCI DSS Type standards. The
company has used best of breed security and control practices for implementing security for IT
infrastructure. This security system is subject to rigorous audit by independent IS auditors before
certification and is also subject to regular IS Audit using global best practices.
a) Data generated by companies through their business transactions are vulnerable to security threats. The
threat remains, whether such data is stored within a company’s offices, or elsewhere in remotely located
data centres managed by a third-party service provider like ZCS. Briefly explained what is meant by
“Threat” and identify 03 sample threats types applicable in the above cloud context. [05 Marks]
b) Enterprise management feel more secure about data stored within their own premises seemingly under
their control and watchfulness. Hence, in case of cloud computing, enterprises are apprehensive about
data storage. Explain what is Two-factor authentication and how that it helps to mitigate the risk of
data leakage? [05 Marks]
c) The management of ZCS has approached you to perform an independent assessment of the security and
control practices to provide assurance to the management, regulators and customers. Provide a list of
key security and control practice areas are required to review the adequacy of existing control practices
and provide additional detailed procedures as relevant to regulations and other compliances applicable.
[10 Marks]
Public
d) The ZCS backend system access is secured using a multi-layer security stack securing the infrastructure
at multiple levels of communication. Discuss following key security technologies and highlight how
these solutions could be used to mitigate cyber security attacks and potential enterprise security
vulnerabilities. [30 Marks]
o SSL VPN connectivity
o File Integrity Monitoring (FIM)
o PUM (Privilege User Management)
o Perimeter Firewalls
o Security Information and Event Management (SIEM)
Public
Related documents
Assignment 1
Assignment 1
9PMTH INTEGRATION TEST
9PMTH INTEGRATION TEST
ELEMENTS OF WEATHER SUMMARY
ELEMENTS OF WEATHER SUMMARY
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
Download
advertisement