IS Security and Risk Management: Amazon Security Protocols Report

Verified

Added on 2020/02/24

AI Summary

This report provides an overview of IS security and risk management, with a specific focus on Amazon's practices. It begins with an executive summary and table of contents, followed by an introduction that emphasizes the importance of protecting devices, networks, and data from cyber threats. The report then discusses various security protocols, including SSL, TLS, and IPSec, and analyzes relevant security tools like SAST. It maps these tools to the OSI model, highlighting vendor involvement. Furthermore, it explores policy and auditing features, vendor programs, and presents a logical organizational structure. The conclusion emphasizes the importance of risk management for operational efficiency and the security of data. The report references key publications in the field, providing a comprehensive analysis of Amazon's security strategies and risk management.

Running head: IS SECURITY AND RISK MANAGEMENT
IS SECURITY AND RISK MANAGEMENT
Name of the Student
Name of the University

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1IS SECURITY AND RISK MANAGEMENT
Executive Summary
For the IS risk management and security in an organization are techniques that are usually set for
the protection of cyber environment of an individual or an organization. The main principle is to
reduce the risk and hence manage the security system.

2IS SECURITY AND RISK MANAGEMENT
Table of Contents
Introduction..........................................................................................................................3
Discussion of Protocols.......................................................................................................3
Analysis of Security Tools...................................................................................................5
Depth of analysis of mapping of tools with OSI.................................................................5
Discussing Policy and Auditing features.............................................................................6
Discussion of Vendors.........................................................................................................6
Logical map of organizational structure..............................................................................7
Conclusion...........................................................................................................................7
References............................................................................................................................8

3IS SECURITY AND RISK MANAGEMENT
Introduction
The environment that involves devices, networks, software, processes, storage
information, application services are to be protected from the mitigation of data breaches and
cyber attacks (Glendon, Clarke & McKenna, 2016). The IT and security standards plans and
provides security to the information security management of the company. That highlights the
international security standards, effective security practices and guidelines.
Here we are choosing the ‘Amazon’ for the further description of the security issues,
protocols, security tools that are been utilized and hence the total risk management of the
organization.
Discussion of Protocols
There are several layer of protocol in the security and privacy of an organization:
Security socket layer (SSL); Transport Layer Security (TLS) Protocols; secure IP (IPSec);
Secure HTTP (S-HTTP), secure E-mail ( PGP and S/MIME), DNDSEC, SSH, and others
(Hopkin, 2017). This network security protocol ensures the integrity and security of the data
transfer over networks.
There layers includes:
• Application Layer:
1. PGP
2. S/MIME
3. S-HTTP

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4IS SECURITY AND RISK MANAGEMENT
4. HTTPS
5. SET
6. KERBEROS
• Transport Layer:
1. SSL
2. TLS
• Network Layer:
1. IPSec
2. VPN
• Data Link Layer:
1. PPP
2. RADIUS
3. TACACS+
The selected organization uses these layers of protocol efficiently and effectively of the
development and security.
Analysis of Security Tools
Security tools are anti-spyware program belongs to System security, promoted through
the use of Trojan and Web pop-ups. Trojans are generally installed in the system software by

5IS SECURITY AND RISK MANAGEMENT
proper knowledge and permission. Relevant analysis of security tools are referred to the Static
Application Security Testing (SAST) tools.
Amazon launches security and compliance analysis tool for Amazon Web Services
(AWS) for identification of potential security issues. These tools are used to discover security
vulnerability and those instances where the developer does not follow the practice of Web
application.
Depth of analysis of mapping of tools with OSI
OSI refers to the model of the applications that can communicate over networks. This
model is a conceptual framework to understand the relationships the main purpose of this OSI
model is to guide the vendors and hence develop the digital communication products and
programmable software may explain some clear comparisons amongst the communication tools
(Stallings & Tahiliani, 2014). The vendors that are involved in the telecommunications helps in
describing the products and services related to the OSI model.
The Amazon AWS compliance Program provides designed and managed security to the
customer in alignment to various IT security standards: SOC 1/SSAE 16/ISAE 3402, SOC 2,
SOC 3, ITAR, FISMA, DIACAP, and FedRAMP, PCI DSS Level 1, DOD CSM Levels 1-5,
FIPS 140-2. The flexibility and control that AWS platform provides to the customers for the
development of the industry and meet several specific standards are: Cloud Security Alliance
(CSA), Motion Picture Association of America (MPAA), Health Insurance Portability and
Accountability Act(HIPAA), Criminal Justice Information Services(CJIS) and Family
Educational Rights and Privacy Act (FERPA).

6IS SECURITY AND RISK MANAGEMENT
Discussing Policy and Auditing features
Clear details of policy and auditing features helps in several ways like Monitoring the
active directory, administrative activities day wise, Maintain compliances and Security
improvement (McNeil, Frey & Embrechts, 2015). The main features of the audits are
Assessment of the scopes of policies issued and review the parameters, Assessment of the
commitments that are complying with the policies and the degree in which the records of
individual are available, compliance with the IT/ARE policies. The policies issued concerns the
information systems, services and data (SSD):
• Nondisclosure of company information
• Data protection
• Personal use of the company’s information resources
• Use of social media
• Bring your own device (BYOD)
• Information security
Discussion of Vendors
The vendors of Amazon have the programs and guidelines: Programs for Listing Items on
Amazon.com, About Content Guidelines and Limited License Agreement. The Amazon vendors
central interface of web normally used for the manufacturing and distributing. These are the first
party sellers and by selling the bulks to the amazons they are called the suppliers.
Logical map of organizational structure
The main organizational/functional units covered by the security policy concept include:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7IS SECURITY AND RISK MANAGEMENT
1. Construct concept maps
2. Logical sequencing of concepts
3. Organized lists
4. Drawn pictures to explain concepts
Conclusion
An effective management of risk gives rise to some significant improvement in
operational profitability and operational effectiveness. An approach to risk management is
required in each sector of industry for the better security management and safety process in the
near future. This provides protection against data breaches and cyber crimes occurrence. The
application of an integrated risk management information system is quite important for the
approach to safety. Amazon uses and protects its customer’s database in advanced and secure
way. The risk exposures in potential business are a measurement against the risk that involves
significant priorities. The standard as discussed is durable and hence takes the risk management
approach empowering the government business to function safety, security and effectiveness.
The concept of risk management is to determine the agency’s possible risk appetite and the
medium of communication, the implementation of agency’s risk management framework and its
allocation as well as the roles and responsibilities for managing the individual risk.

8IS SECURITY AND RISK MANAGEMENT
References
Glendon, A. I., Clarke, S., & McKenna, E. (2016). Human safety and risk management. Crc
Press.
Hopkin, P. (2017). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
Lam, J., 2014. Enterprise risk management: from incentives to controls. John Wiley & Sons.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Narula, S., & Jain, A. (2015, February). Cloud computing security: Amazon web service.
In Advanced Computing & Communication Technologies (ACCT), 2015 Fifth
International Conference on (pp. 501-505). IEEE.
Stallings, W., & Tahiliani, M. P. (2014). Cryptography and network security: principles and
practice (Vol. 6). London: Pearson.