Aidan McGraw’s requirements to protect sensitive information shared outside the organization can

be satisfied by Information Rights Management (IRM).

IRM Overview: IRM is a form of IT security technology used to protect documents containing

sensitive information from unauthorized access. It does this by encrypting the data and embedding

user permissions directly into the file1.

Encryption and Permissions: IRM allows for the encryption of the actual data within the file and

includes access permissions that dictate who can view, edit, print, forward, or take other actions with

the data. These permissions are enforced regardless of where the file is located, making it ideal for

sharing outside the organization1.

Protection Against Attacks: By using IRM, Aidan ensures that even if attackers were to gain access to

the file, they would not be able to decrypt the information without the appropriate permissions. This

protects against unauthorized intruders and hackers1.

Reference:

Strategies and Best Practices for Protecting Sensitive Data1.

Data security and encryption best practices - Microsoft Azure2.

What Is Cryptography? | IBM3.

To effectively overcome shadow IT and unwarranted usage of cloud resources at FinTech Inc., the

organization should implement cloud governance.

Cloud Governance Defined: Cloud governance is a set of rules and policies that govern the use of

cloud resources. It ensures that the IT infrastructure is used in a way that aligns with the company’s

strategic goals, compliance requirements, and security standards1.

Addressing Shadow IT:

Policy Creation: Establish clear policies regarding the use of cloud services and the procurement of IT

resources.

Enforcement Mechanisms: Implement controls to enforce these policies, such as requiring approval

for new cloud services or software.

Education and Training: Educate employees about the risks associated with shadow IT and the

importance of following IT department rules.

Monitoring and Reporting: Use tools to monitor cloud usage and report on compliance with

governance policies.

Benefits of Cloud Governance:

Control and Visibility: Provides better control over IT resources and visibility into how they are being

used.

Cost Management: Helps prevent unnecessary spending on unapproved cloud services.

Security and Compliance: Ensures that cloud services are used in a secure and compliant manner,

reducing the risk of breaches.

Reference:

Microsoft Learn: Discover and manage Shadow IT1.

CrowdStrike: What is Shadow IT? Defining Risks & Benefits2.

Microsoft Security Blog: Top 10 actions to secure your environment3.

SC Magazine: Stop chasing shadow IT: Tackle the root causes of cloud breaches4.

An incremental backup involves backing up only those files that have changed since the last backup

of any type (full or incremental). This approach saves time and storage space compared to full

backups by only copying data that has changed.

Incremental Backup Process: After a full backup is taken, subsequent incremental backups only

include changes made since the last backup.

Efficiency: This method is efficient in terms of both time and storage, as it avoids duplicating

unchanged data.

Comparison with Other Backups: Unlike differential backups, which copy all changes since the last

full backup, incremental backups only include the changes since the last backup of any kind.

Reference

Backup and Recovery

:

:

Given that Michael Keaton’s nl-standard-1 instance has had low memory utilization, the

recommended machine type switching would be to a machine type that is more cost-effective while

still meeting the application’s requirements.

Assessing Current Utilization: Keaton’s current machine type, nl-standard-1, has 1 vCPU and 3.75 GB

memory. The low memory utilization suggests that the application does not require the full 3.75 GB

of memory provided by this machine type.

Choosing the Right Machine Type: Among the options provided:

Option A, g1-small, offers 1 vCPU and 1.7 GB memory, which is a step down in memory but still

provides a sufficient amount of memory for the application given its low memory usage.

Option B, n1-standard-2, increases both the vCPU and memory, which is not necessary given the low

utilization.

Option C, f1-micro, offers a very minimal amount of memory (614 MB), which might be too low for

the application’s needs.

Option D, n1-standard-1, maintains the same memory as the current machine type and therefore

does not optimize for the low memory utilization.

Recommendation: Based on the low memory utilization and the need to optimize costs, the g1-small

machine type (Option A) is recommended. It provides enough memory for the application’s needs

while reducing costs associated with unused resources.

Reference:

Google Cloud Documentation: Understanding machine types1.

Google Cloud Documentation: Machine type recommendations2.

Google Cloud Documentation: Memory-optimized machine family3.

Cosmic IT Services is looking to set business goals and objectives for cloud computing using the

COBIT framework. The IT governance body that offers COBIT (Control Objectives for Information and

Related Technology) is the Information System Audit and Control Association (ISACA).

COBIT Overview: COBIT is a framework for developing, implementing, monitoring, and improving IT

governance and management practices. It is a comprehensive framework that aligns IT goals with

business objectives1.

ISACA’s Role: ISACA is the organization that developed and maintains the COBIT framework. It

provides guidance, benchmarks, and other materials for managing and governing enterprise IT

environments1.

Setting Business Goals: By utilizing COBIT, Cosmic IT Services can establish a structured approach to

align IT processes with business goals, ensuring that their cloud computing initiatives support the

overall objectives of the organization1.

Why Not the Others?:

ISO (International Standards Organization) develops and publishes a wide range of proprietary,

industrial, and commercial standards, but it is not the governing body for COBIT.

CSA (Cloud Security Alliance) specializes in best practices for security assurance within cloud

computing, and while it provides valuable resources, it does not govern COBIT.

COSO (Committee of Sponsoring Organizations) focuses on internal control, enterprise risk

management, and fraud deterrence, but does not offer COBIT.

Reference:

ISACA: COBIT | Control Objectives for Information Technologies1.

CIO: What is COBIT? A framework for alignment and governance2.

ITSM Docs: IT Governance COBIT3.

To monitor the organization’s cloud logging stream and detect security breaches, Veronica Lauren

can utilize the Event Threat Detection service within Google Security Command Center.

Event Threat Detection: This built-in service of Google Security Command Center is designed to

monitor cloud logs across multiple projects and detect threats such as malware, brute force SSH

attempts, and cryptomining1. It uses threat intelligence and advanced analytics to identify and alert

on suspicious activity in real time.

Functionality:

Log Analysis: Event Threat Detection continuously analyzes the logs generated by Google Cloud

services.

Threat Detection: It automatically detects the presence of threats like malware, SSH brute force

attempts, and cryptomining activities.

Alerts and Findings: When a potential threat is detected, Event Threat Detection issues findings that

are integrated into the Security Command Center dashboard for further investigation.

Why Not the Others?:

Web Security Scanner: This service is primarily used for identifying security vulnerabilities in web

applications hosted on Google Cloud, not for monitoring logs for security breaches.

Container Threat Detection: While this service is useful for detecting runtime threats in containers, it

does not provide the broad log analysis capabilities that Event Threat Detection offers.

Security Health Analytics: This service provides automated security scanning to detect

misconfigurations and compliance violations in Google Cloud resources, but it is not specifically

focused on the real-time threat detection provided by Event Threat Detection.

Reference:

Security Command Center overview | Google Cloud1.

Understanding the Incident: When an EC2 instance communicates with a suspicious port, it’s crucial

to analyze network traffic to understand the patterns of the security breach1.

Log Sources for Forensic Investigation: AWS provides several log sources that can be used for forensic

investigations, including AWS CloudTrail, AWS Config, VPC Flow Logs, and host-level logs1.

Amazon VPC Flow Logs: These logs capture information about the IP traffic going to and from

network interfaces in a Virtual Private Cloud (VPC). They are particularly useful for understanding

network-level interactions, which is essential in this case1.

Evidentiary Value: VPC flow logs can provide data with evidentiary value, showing the source,

destination, and protocol used in the network traffic, which can help investigators identify patterns

related to the security breach1.

Other Log Sources: While Amazon CloudTrail and Amazon CloudWatch provide valuable information

on user activities and metrics, respectively, they do not offer the detailed network traffic insights

needed for this specific forensic investigation1.

Reference:

AWS Security Incident Response Guide’s section on Forensics on AWS1.

Azure Information Protection (AIP) is a cloud-based solution that helps organizations classify and

protect documents and emails by applying labels. AIP can be used to protect both data at rest and in

transit, making it suitable for securely sharing classified information.

Here’s how AIP secures document sharing:

Classification and Labeling: AIP allows administrators to classify data based on sensitivity and apply

labels that carry protection settings.

Protection: It uses encryption, identity, and authorization policies to protect documents and emails.

Access Control: Only authorized users with the right permissions can access protected documents,

even if the document is shared outside the organization.

Tracking and Revocation: Administrators can track activities on shared documents and revoke access

if necessary.

Integration: AIP integrates with other Microsoft services and applications, ensuring a seamless

protection experience across the organization’s data ecosystem.

Reference:

Microsoft’s overview of Azure Information Protection, which details how it helps secure document

sharing1.

A guide on how to configure and use Azure Information Protection for protecting sensitive

information2.