Privacy and data breaches CSEC408

Program: CS

Course: Cloud Security

Assignment 8: Privacy and data breaches

Name: ___________________________________

Part A: Auditing the security of a bucket

Register in AWS Skill Builder (https://explore.skillbuilder.aws/) with a free account and enroll in the course below. Complete the course. Then, answer the questions, providing enough details for them to be fully marked.

Course title: Auditing Amazon Simple Storage Service (Amazon S3) Security

Course ID: E-D19KR1

Estimated time: 60 min

URL: https://explore.skillbuilder.aws/learn/course/502/auditing-amazon-simple-storage-service-amazon-s3-security

Questions:

1. How versioning can be helpful in S3 buckets?


2. Linda heard that logs related to a S3 buckets are kept in the same bucket, which you query when looking for specific events. What do you think about what Linda heard?


3. Name two numeric fields and two hexadecimal fields in a log.


4. What are the restrictions for the target bucket when enabling server access logging?


5. The SQL statement below might be useful to look for information in logs through AWS Athena. What logs would be retrieved? SELECT requestdatetime, requester, operation, requestid, hostid FROM s3_access_logs_db.mybucket_logs WHERE httpstatus = '403';


6. If you disabled encryption in a bucket, what specific type of action (API call) would be logged in CloudTrail?


7. Indicate two examples of using AWS Config to audit Amazon S3 buckets.


8. What happens if an AWS resource does not match the AWS Config rule.


9. Which component of AWS Config would allow an email to be sent if a S3 bucket is configured as public?


10. What AWS Config managed rules would you need to get notified about S3 buckets with public access permitted?


11. What is the zone of trust in IAM Access Analyzer used for?


12. What is the status for IAM Access Analyzer findings deemed false positives?

Part B: Reasoning

13. You are the security manager for a retail sales company that uses a software as a service (SaaS) public cloud service. One of your employees uploads sensitive information they were not authorized to put in the cloud. An administrator working for the cloud provider accesses that information and uses it for an illegal purpose, benefiting the administrator and causing harm to your organization.

After you perform all the incident-response activity related to the situation, your organization determines that the price of the damage was US$125,000. Your organization sues the cloud provider, and the jury determines that your organization shares in the blame (liability) for the loss because it was your employee performing an unauthorized action that created the situation.

If the jury determines that 25 percent of the evidence shows that the situation was your organizations fault and 75 percent of the evidence shows that the situation was the cloud providers fault, what is the likely outcome from following options? Justify your answer.

A) Your organization owes the cloud provider $31,250.

B) The cloud provider owes your organization $93,750.

C) Neither side owes the other party anything.

D) The cloud provider owes your organization $125,000.

14. You are the security manager for a software company that uses platform as a service (PaaS) in a public cloud service. Your companys general counsel informs you that they have received a letter from a former employee who is filing a lawsuit against your company. What is one of the common practices used in your industry that will have to be halted until the resolution of the case?

15. Your company receives a litigation hold notice from a customer that is suing you for harm caused by one of your products. You are using a managed cloud service for your production environment. You determine that the data requested by the litigant is vast and is going be very difficult to review for pertinence to the case.

The senior executive at your firm who is making decisions about this case suggests handing over all data the company has archived for the time frame related to the case, whether or not it may be pertinent, in order to both allow the litigant to find the pertinent data and reduce the costs your company would incur if it performed the reform. What should be your response to the executive and what is the reasoning behind that?

1. This is an excellent idea; it fulfills the companys legal requirements and reduces the overall costs of the litigation.


2. This is a good idea; it may alleviate some of the costs associated with the court case.


3. This is a bad idea; the company might not realize the full cost savings that it expects.


4. This is a horrible idea; it could lead to extensive unauthorized disclosure and additional lawsuits.