Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Security

Cloud Computing forensic psychological considerations on security

Cloud computing will play an increasingly critical role in the future of the information technology sector, impacting individual consumers, corporations, governments, and international commerce alike. As a forensic psychologist with a national security and law enforcement background, arguably, the design and implementation of cloud computing also involves exposure to multiple security risks at various levels. Understanding the “dark side” of cloud computing at […]

Cloud computing will play an increasingly critical role in the future of the information technology sector, impacting individual consumers, corporations, governments, and international commerce alike.

As a forensic psychologist with a national security and law enforcement background, arguably, the design and implementation of cloud computing also involves exposure to multiple security risks at various levels.

Understanding the “dark side” of cloud computing at the conceptualization phase – including behavioral, cultural, and forensic related criminal issues – offers hardware and software manufacturers insight into the potential behavior of criminal groups and others seeking to exploit vulnerabilities; having this knowledge, in turn, fosters development of appropriate risk mitigation strategies and safeguards at each level of the cloud. Such a proactive strategy would seemingly be cost effective over the longer term. Having a thorough understanding of one’s adversaries and implementing appropriate counterstrategies beforehand mitigates the risk of retrofitting these technologies later pursuant to an intrusion and/or data compromise.

Some behavioral and forensic-related issues to seriously consider include examining the characteristics and behaviors of various criminals and groups (e.g., organized criminal networks, terrorists, hostile foreign governments, white collar criminals, and hackers); trying to ascertain their motives and objectives (e.g., fi nancial gain, sabotage, cyberespionage, etc.); and probing how their behavior would interface both at the desktop (e.g., violating someone else’s computer through the cloud) and the mainframe (e.g., writing code to prevent intrusions, misuse of data, etc.) levels. Considering insider and external threats (e.g., a corporate employee sabotaging the cloud individually from the “inside” and/or collaborating with an unaffi liated, “external” party) is also important. Additionally, analyzing the nature of prior intrusions and resulting security measures taken (e.g., software patches) provides valuable forensic data regarding vulnerabilities and those parties seeking to exploit them.
About the Author:
Jonathan A. Dudek, Ph.D. is a forensic psychologist with a national security and law enforcement background. As the founder of Dudek Global Partners, he maintains an international consulting practice assisting developing countries, corporations, and other public and private sector entities with business and program development; human capital and systems-based risk management, risk mitigation, and problem-solving; identifying strategic opportunities as well as human and cultural barriers to entry; and forensic and investigative consultation. He is also a Principal of HUMINT Group International, LLC, a global risk management, business advisory, and security services company.
Dr. Dudek may be contacted at:
jonathan_dudek@hotmail.com