3.6 Incident Response Incident response is the method for dealing with the security of a computer system when there is an attack. Incident response activities include incident verification, analyzing and containing the attack, collecting and preserving data, fixing the problem, and restoring services. Hence it is very essential to revise the organization's incident response plan and ensure that the differences between the computing environment of the organization and the cloud are addressed. This is a prerequisite for transitioning of applications and data but it is overlooked most of the time. To ensure security and privacy in cloud computing, it is important for the service provider and the subscriber to collaborate and formulate a well-defined incident response plan.
Companies and organizations will need to determine security options for any new systems that are built. Security is a high priority for companies and organizations to keep important data safe. The companies and organizations would also have to figure out ways to save or backup any information in the systems. Backing up information for companies and organizations are very important. Backing up information can help safe the companies if any data is lost, and the companies would be able to recover the data that was lost.
In [1], they mainly focused on the data security issues in the cloud like: 1) Privacy and Confidentiality which means that once the user hosted the data in the cloud, there should be some guarantee that access to that hosted data will only be limited to the authorized access. It is ensured by the authentication services, security protocols and data encryption services. 2) Data Integrity which means data sent is same as the message received i.e. it is not altered in between. It is ensured by the firewalls and intrusion detection system (IDS).
“Does ‘cloud computing’ present additional internal control issues beyond those encountered in traditional computing?” Unaware of what is meant by “cloud computing,” this writer, after some research on the subject matter, believes that the answer to this question is YES, “cloud computing” does present additional internal control issues beyond the internal controls encountered in traditional computing. This question is answered from the viewpoint of a client company that has transferred its data to a cloud. It seems that there will always be a need for internal controls; however, where those controls are located is dependent upon the type of network infrastructure a company uses. When compared to traditional computing, cloud computing seems to have the opposite effect on internal controls of the client company: there is actually a decrease or elimination of internal controls for the company. Internal controls are processes designed by companies to ensure the security, accuracy, and completeness of its financial and accounting data.
Information security is no good until it is efficiently managed and controlled. An information security management system (ISMS) is to systematically managing the important data of an organization. The objective of an ISMS is to minimize risk and ensuring continuing of business by pro-actively limiting the impact of security violation. It can be aimed towards a particular type of data, such as client data, or it can be implemented in a way that becomes part of the organization’s culture. The installation, maintenance and continuous update of an ISMS provide a strong indication that a company is using a systematic approach for the assessment, management and identification of security risks.
The most important of these being detailed descriptions of the service provider's security, details on auditing and metrics capabilities, thorough separation of duties and responsibilities, and penalties for not complying with the security requirements (Greer, 2012). First, a business must know the capabilities of the cloud service provider (CSP) in regard to security, privacy, and business continuity. I feel that this is the most important of the four points, due to it showing the proactive abilities of the cloud provider. It is in the best interest of the organization to pursue defensive measures, rather than react to problems that have occurred or are still occurring. These facts are especially true in the cloud model, due to the relinquishing of control to an outside entity.
[1] 1. TRUSTED CLOUD COMPUTING WITH SECURE RESOURCES AND DATA COLORING 1.1 trust and security is considered as two major factors in the platform of cloud computing. Trust and security have prevented businesses from fully accepting cloud platforms. Trust & Reputation Management has made Cloud Computing Trusted with Secure Resources and Data Coloring and water marking. A reputation system is one of the ways for establishing trust between service providers and data owners.
With SaaS, customer may use service provider software through a web browser. In SaaS model, overall security burden lies with cloud provider and data security is a major challenge when a customer uses SaaS model. Cloud computing is distributed system having multiple interconnected computers in virtualized form. Data centers supply computational power of cloud computing, which consist of thousands of servers. Customer data is stored on these servers and of security of these data is a serious issue.
While the Federal Trade Commission has data security guidelines there is some significant room for improved regulations. The one regulation that is relevant to all companies is that they must meet cyber security compliance requirements. The FTC has the ability to charge companies for poor security practices, especially those that put consumers in danger. In order for Zara to prevent a FTC cyber security action lawsuit they must enact this incident response plan. The components of this plan include all of the compliance measures, which can avoid lawsuits similar to those faced by Zara’s competition.
Security and Open Systems Interconnect (OSI) NTC/410, Network and Telecommunications Concepts II Security and Open Systems Interconnect (OSI) Security to networks and data has been a concern since the introduction of the Personal Computer (PC) in the work place. There always seems to be someone who wants gain unauthorized access. Below are a few areas that an administrator can look into to help secure their system. File Security and Firewalls File Security is keeping unauthorized access to your data. Encryption and password security is normally the best way to keep your data in the correct hands.