Yoobee Colleges
MSE805 Cloud Security
Assessment Tasks
Task 1
Task 1: Cloud Architecture Model Selection for Enhanced Web Application Security
LO1: Analyse Cloud Security Architecture Models for suitability with a range of network
designs to optimise data protection, system workloads within existing cloud platforms.
Task scenario:
Imagine you are tasked with developing a secure cloud architecture model for a dynamic
web application that demands optimal data protection and efficient management of system
workloads. In this scenario, the focus is on adopting a cloud architecture that aligns
seamlessly with various network designs.
Your primary goal is to choose a suitable cloud architecture model that suits the specific
requirements of the scenario. Consider the implementation of a multi-tier architecture,
particularly beneficial for a web application seeking enhanced security and performance.
Implementation Steps:
1.Use AWS services like Amazon EC2 for compute, Amazon RDS for databases, and Amazon
S3 for storage.
a) Launch an Amazon EC2 instance in any AWS region convenient to your service
consumption with termination protection and a web server script. Configure
settings, including the instance name, AMI, instance type (t2.micro), and security
group. Monitor the instance by checking status and CloudWatch metrics, accessing
the system log, and exploring the instance screenshot. Access the web server
content using the Public IPv4 address; if unsuccessful due to port 80 restrictions,
update the security group to allow HTTP traffic.
b) Configure and launch a Multi-AZ Amazon RDS for MySQL database in AWS Console
with specific settings. Disable certain features for faster deployment, copy the
Endpoint once available, and wait for completion. Interact with a web app on your
EC2 instance, configure it with RDS database settings, and test data persistence and
automatic replication across Availability Zones for enhanced durability.
c) Create and attach an Amazon EBS volume to a new Amazon EC2 instance and attach
the Volume to an Instance.
2. Create VPC and VPC security groups against the default setting.
Security Considerations:
a) Restrict HTTP access by using an IP address start with 10.0.1.
b) Restrict HTTP access by using a network ACL and use the network ACLs to control
access to EC2 instances in a VPC.
c) Create an AWS KMS key for Amazon S3 and Amazon EC2 as the key will be used to
encrypt the actual data stored in an S3 bucket and on EBS volumes.
Submission:
• Create a suitable diagram using a convenient tool, such as Lucid App, draw.io, or
sketch.com, and save it as a Word or PDF. Ensure that you label the configured
services according to the instructions provided in Task 1 for your practical scenario.
• Compile a report, detailing the process you undertook to configure each step in
Task-1. Include a list of services employed and provide explanations for the choice of
each service and its relevance to the task.
Task 2
Task 2-A: Compliance and Governance Implementation for Healthcare Cloud Infrastructure
LO2: Implement compliance, governance, auditing, and operational auditing in cloud
environments
Task scenario:
Imagine you are responsible for managing the cloud infrastructure of a healthcare
organisation that handles sensitive patient data. The organisation must adhere to strict
industry standards such as HIPAA and GDPR to ensure the highest levels of compliance,
security, and governance.
Your primary objective is to showcase the organisation's commitment to compliance with
industry standards (e.g., HIPAA, GDPR) and implement robust governance controls within
the cloud environment.
Implementation Steps:
a) Configure AWS Config to assess, audit, and evaluate the configurations of AWS
resources in a region in the AWS account. Moreover, modify a security group that
AWS config monitors.
b) Create and enable CloudTrail with cloud Watch logs to analyse the type of event
information.
Security Considerations:
a) Apply and create an SNS topic and subscribe your email address to the topic and
later to deliver emails alerts.
b) Create an event bridge rule to monitor security groups whenever inbound rule
changes are made to a new or existing security group in the same region in AWS
account.
Submission:
• Capture screenshots for all the aforementioned steps, including the login to the AWS
user account, and ensure each screenshot is appropriately captioned. This
documentation should illustrate your work with all the AWS services utilised in
Task1-A.
• Create a suitable diagram using a convenient tool, such as Lucid App, draw.io, or
sketch.com, and save it as a Word or PDF. Ensure that you label the configured
services according to the instructions provided in Task 1-A for your practical
scenario.
• Provide an explanation, on how AWS services in Governance and Auditing contribute
to upholding organisational compliance.
Task 2-B: Monitoring and Auditing Implementation for Financial Cloud Infrastructure
Task scenario:
Consider a financial institution operating within the cloud environment, handling sensitive
financial transactions and client data. The institution is dedicated to ensuring compliance
with industry regulations and implementing robust governance measures to safeguard
financial information.
The primary objective is to establish effective monitoring and auditing practices within the
financial institution's cloud infrastructure, aligning with industry standards and reinforcing
security protocols.
Implementation Steps:
• Utilise AWS CloudWatch for comprehensive monitoring and alerting. Configure
CloudWatch to notify designated personnel when a user fails to log in to the AWS
Management Console a specific number of times, ensuring immediate awareness of
potential security threats.
Security Considerations:
• Employ CloudWatch Logs Insight to query CloudTrail logs efficiently.
• Leverage query capabilities to perform detailed analyses of CloudTrail logs, enhancing
the institution's ability to respond promptly to operational issues and security
incidents.
Submission:
• Capture screenshots for all the steps, including the login to the AWS user account, and
ensure each screenshot is appropriately captioned. This documentation should
illustrate your work with all the AWS services utilised in Task1-B.
• Create a suitable diagram using a convenient tool, such as Lucid App, draw.io, or
sketch.com, and save it as a Word or PDF. Ensure that you label the configured services
according to the instructions provided in Task 1-B for your practical scenario.
• Provide an explanation on how AWS services safeguard financial transactions and
customer’s data.
Task 2
Task 2-A: Compliance and Governance Implementation for Healthcare Cloud Infrastructure
LO2: Implement compliance, governance, auditing, and operational auditing in cloud
environments
Task scenario:
Imagine you are responsible for managing the cloud infrastructure of a healthcare
organisation that handles sensitive patient data. The organisation must adhere to strict
industry standards such as HIPAA and GDPR to ensure the highest levels of compliance,
security, and governance.
Your primary objective is to showcase the organisation's commitment to compliance with
industry standards (e.g., HIPAA, GDPR) and implement robust governance controls within
the cloud environment.
Implementation Steps:
a) Configure AWS Config to assess, audit, and evaluate the configurations of AWS
resources in a region in the AWS account. Moreover, modify a security group that
AWS config monitors.
b) Create and enable CloudTrail with cloud Watch logs to analyse the type of event
information.
Security Considerations:
a) Apply and create an SNS topic and subscribe your email address to the topic and
later to deliver emails alerts.
b) Create an event bridge rule to monitor security groups whenever inbound rule
changes are made to a new or existing security group in the same region in AWS
account.
Submission:
• Capture screenshots for all the aforementioned steps, including the login to the AWS
user account, and ensure each screenshot is appropriately captioned. This
documentation should illustrate your work with all the AWS services utilised in
Task1-A.
• Create a suitable diagram using a convenient tool, such as Lucid App, draw.io, or
sketch.com, and save it as a Word or PDF. Ensure that you label the configured
services according to the instructions provided in Task 1-A for your practical
scenario.
• Provide an explanation, on how AWS services in Governance and Auditing contribute
to upholding organisational compliance.
Task 2-B: Monitoring and Auditing Implementation for Financial Cloud Infrastructure
Task scenario:
Consider a financial institution operating within the cloud environment, handling sensitive
financial transactions and client data. The institution is dedicated to ensuring compliance
with industry regulations and implementing robust governance measures to safeguard
financial information.
The primary objective is to establish effective monitoring and auditing practices within the
financial institution's cloud infrastructure, aligning with industry standards and reinforcing
security protocols.
Implementation Steps:
• Utilise AWS CloudWatch for comprehensive monitoring and alerting. Configure
CloudWatch to notify designated personnel when a user fails to log in to the AWS
Management Console a specific number of times, ensuring immediate awareness of
potential security threats.
Security Considerations:
• Employ CloudWatch Logs Insight to query CloudTrail logs efficiently.
• Leverage query capabilities to perform detailed analyses of CloudTrail logs, enhancing
the institution's ability to respond promptly to operational issues and security
incidents.
Submission:
• Capture screenshots for all the steps, including the login to the AWS user account, and
ensure each screenshot is appropriately captioned. This documentation should
illustrate your work with all the AWS services utilised in Task1-B.
• Create a suitable diagram using a convenient tool, such as Lucid App, draw.io, or
sketch.com, and save it as a Word or PDF. Ensure that you label the configured services
according to the instructions provided in Task 1-B for your practical scenario.
• Provide an explanation on how AWS services safeguard financial transactions and
customer’s data.
咨询 Alpha 小助手,获取更多课业帮助