This assessment item covers chapters 1-4 of your textbook. Select one organisation of your...

Question

This assessment item covers chapters 1-4 of your textbook. Select one organisation of your choice.

CIS8018 – Cyber Security Semester 2, 2020 Page 1 of 3 Research paper 1 Due date: 25 August 2020 Value: 25% Objectives The course objectives met by this assignment include: • Course specifications are available online from the USQ website. Always check the website for the latest version. Background This assessment item covers chapters 1-4 of your textbook. Select one organisation of your choice. Investigate and report on the current state of this organisation (as per material covered in these chapters) and make suggestions for improvements that the organisation could adopt to improve their security. If you are working at this organisation, please make sure NOT to divulge any sensitive information (you may wish to check online what information is made public by the organisation to ensure this). While the scope is reflected by chapters 1-4, you are allowed to use journal articles to support your statements. Provide the URL, values, vision, and mission statement as an appendix. Write a research paper and organise it in the following way:  Title (you are required to decide your paper’s title)  Your name and student number  Abstract (about 100 words)  Introduction  Body context (you could divide into several sub-sections if required)  Conclusion  References. The word-count limit for the introduction, body and conclusion of this paper is set at about 3000 words. Use two (2) or more resources for your citing and referencing in Harvard style. Submission requirements • Submit your word document through your study desk– a link will be available on the study desk. CIS8018 – Cyber Security Semester 2, 2020 Page 2 of 3 Marking criteria for research paper 1 – CIS8018 Student name: ___________________________ Student number: ____________________ Marks Structured development of research paper Logical flow leading the reader from start to finish on a clear path of addressing the assessment requirements; clear identification of the current security state; and description of network usage. Excellent meets all the requires for this objective 25-30 Good work – minor issue 15-24 Requires more work 5-14 Very poor effort 0-5 Comment: /30 Depth of research/ critical reflection Reason to support findings: critical evaluation and analysis of the current state of the organisation aligned with chapters 1-4; suggestions of improvements implement the understanding of the current state and the solutions provided in the chapters 1-4; Excellent meets all the requires for this objective 25-30 Good work – minor issue 15-24 Requires more work 5-14 Very poor effort 0-5 Comment: /30 Understanding of key ideas and concepts Understood the course material; able to identify key ideas and concept within a real life scenario of issues; able to explain an issue with the use of key ideas and concepts; able to relate own experience to course material and issue by introducing own perspective Excellent meets all the requires for this objective 25-30 Good work – minor issue 15-24 Requires more work 5-14 Very poor effort 0-5 Comment: /30 CIS8018 – Cyber Security Semester 2, 2020 Page 3 of 3 Evidence of support Citing and referencing: Correct within text Harvard citing; correct Harvard referencing; used more than two (2) sources (book, journal article, report, news article on the internet) in addition to the course text book. Excellent meets all the requires for this objective 8-10 Good work – minor issue 5-7 Requires more work 3-4 Very poor effort 0-2 Comment: /10 Total /100 General Comments: Slide 1 © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. ‹#› Management of Information Security, 6th ed. - Whitman & Mattord © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 1 Upon completion of this material, you should be able to: List and discuss the key characteristics of information security List and describe the dominant categories of threats to information security Discuss the key characteristics of leadership and management Describe the importance of the manager’s role in securing an organization’s information assets Differentiate information security management from general business management Learning Objectives ‹#› Management of Information Security, 6th ed. - Whitman & Mattord © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 2 Introduction IT enables the storage and transportation of information—often a company’s most valuable resource—from one business unit to another But what happens if the vehicle breaks down, even for a little while? Astute managers increasingly recognize the critical nature of information security as the vehicle by which the organization’s information assets are secured The emergence of executive-level InfoSec managers allows for the creation of professionally managed information security teams that have a primary objective to protect information assets, wherever—or whatever—they may be ‹#› Management of Information Security, 6th ed. - Whitman & Mattord © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 3 laser (laser) - Au/PE: Global: Please note that end periods have been deleted at the end of listed sentences wherever they are given because they are not given in majority of the cases. Introduction (Continued) Organizations must realize that information security planning and funding decisions involve more than managers of information, the members of the information security team, or the managers of information systems Altogether, they must involve the entire organization, as represented by three distinct groups of managers and professionals, or communities of interest: Those in the field of information security Those in the field of IT Those from the rest of the organization ‹#› Management of Information Security, 6th ed. - Whitman & Mattord © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 4 Communities of Interest These three groups should engage in a constructive effort to reach consensus on an overall plan to protect the organization’s information assets: The information security community protects the organization’s information assets from the many threats they face The IT community supports the business objectives of the organization by supplying and supporting IT that is appropriate to the organization’s needs The general business community articulates and communicates organizational policy and objectives and allocates resources to the other groups Working together, these communities of interest make recommendations to executive management about how to secure an organization’s information assets most effectively ‹#› Management of Information Security, 6th ed. - Whitman & Mattord © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 5 What Is Security? In general, security means being free from danger. To be secure is to be protected from the risk of loss, damage, unwanted modification, or other hazards Achieving an appropriate level of security for an organization also depends on the implementation of a multilayered system Security is often achieved by means of several strategies undertaken simultaneously or used in combination with one another It is the role of management to ensure that each strategy is properly planned, organized, staffed, directed, and controlled ‹#› Management of Information Security, 6th ed. - Whitman & Mattord © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 6 Specialized Areas of Security Specialized areas of security include: Physical security Operations security Communications security Cyber (or computer) security Network security ‹#› Management of Information Security, 6th ed. - Whitman & Mattord © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 7 Information Security Information security (InfoSec) focuses on the protection of information and the characteristics that give it value, such as confidentiality, integrity, and availability, and includes the technology that houses and transfers that information through a variety of protection mechanisms such as policy, training and awareness programs, and technology ‹#› Management of Information Security, 6th ed. - Whitman & Mattord © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 8 © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. ‹#› Management of Information Security, 6th ed. - Whitman & Mattord © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 9 The CIA Triad and the CNSS Model The NSTISSI (or CNSS) Security Model (also known as the McCumber Cube) provides a more detailed perspective on security While the NSTISSC model covers the three dimensions of information security, it omits discussion of detailed guidelines and policies that direct the implementation of controls Another weakness of using this model with too limited an approach is to view it from a single perspective ‹#› Management of Information Security, 6th ed. - Whitman & Mattord © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website

cis8018-assignment-1-specifications-pnkik1ae.pdf mgmtofinfosec6e-ch01pr-nampu333.pptx mgmtofinfosec6e-ch02pr-supxtono.pptx mgmtofinfosec6e-ch03pr-hzys0dtg.pptx mgmtofinfosec6e-ch04pr-whf5lag4.pptx

Dilpreet · Accepted Answer

CRITICAL ANALYSIS OF THE MANAGEMENT OF INFORMATION SECURITY BY AMAZON
Abstract
The assets owned by an organisation are all based on the information the organisation has gathered and analysed. Information can be thought of as the foundation of the organisations. as the organisations now depend a lot on the internet for performing their operations, they need to focus immensely on the security of the information they possess. This report will critically analyse the management of information security by e-commerce giant Amazon. Through this report the information security policies and strategic planning for security of Amazon will be discussed. The report will also shed some light on the information laws and ethics being followed by the organisation. 
Table of Contents
Introduction	4
Background of the Company	4
Management of Information Security	4
Information Security Policies of Amazon	6
Amazon’s Strategic Planning for Security	8
Laws and Ethics Followed by Amazon	9
Recommendations	10
Conclusion	10
References	11
Appendix	12
Introduction
Information can be thought of as the foundation of the organisations. The assets owned by an organisation are all based on the information the organisation has gathered and analysed. With advancements in digital technologies and increased usage of internet, it has become quite a challenging task for business organisations all around the globe to effectively manage the voluminous information that flows in and out the organisation. Moreover, as the organisations now depend a lot on the internet for performing their operations, they need to focus immensely on the security of the information they possess. This report will critically analyse the management of information security by e-commerce giant Amazon. Through this report the information security policies and strategic planning for security of Amazon will be discussed. The report will also shed some light on the information laws and ethics being followed by the organisation. 
Background of the Company
Amazon was founded in the year 1994 by Jeff Bezos in Washington. The company, which started as an online marketplace for selling books to sell software, clothes, food, electronic products, furniture, toys, jewellery and what not. The company managed to grow sustainably and has turned out to be the largest internet company of the world by revenue.  The business operations of Amazon are focused towards cloud computing, digital streaming, artificial intelligence and e-commerce. Amazon has been making use of a number of information systems for internet activity. The company has been investing a handsome amount on the development of a new system in order to improve the security of the information and associated systems owned by the organisation. 
Management of Information Security
With the voluminous inflow and outflow of information, a number of business organisations have started focusing on the security of the information they own. Information system deployed by Amazon has been enabling this organisation to store and transport information from one business unit to the other business unit. Most of the managers within the organisation are of the opinion that the nature of information security is very critical and it acts as vehicle, by which the information assets owned by the organisation is being secured (Safa, Von Solms and Furnell, 2016). In order to manage the security of the information owned solely by Amazon, the company has spent nearly $200 million dollars on its new system. Amazon primarily uses DBMS from oracle. In addition to this, Amazon has a professionally managed information security team, which works in coordination to protect the information assets owned by Amazon. 
The high-level management of Amazon is of the opinion that decisions related to information security must involve experts in the field of information security, expert form the field of information technology and people who have a stake in the information owned by the organisation. Amazon ensures that the information it collects from its customers during a number of transmissions and transactions is protected through encryption protocols and software. The personal information of the users and customers that Amazon gathers is used for operating, providing, developing and improving the products and services that Amazon offers to its customers. The company ensures that under no circumstances shall the information gained must be used for unethical purposes. The organisation also ensures that its website and order fulfilment systems are separate in order to improve the security of the information being gained.
Amazon allows its users to choose, what information will they like to be shared with the organisation. The company incorporates a number of security features that are used for the purpose of improving the information security by avoiding unauthorised access. Amazon has been acting quite sensitively, when it comes to protecting the bank, credit and debit card data of its customers. Payment Card Industry Data Security Standard (PCI DSS) is used by the organisation to manage the information security while handling online transactions (Amazon, 2020). To manage the security of the information further, this e-commerce giant maintains electronic, procedural and physical safeguards while collecting, storing and managing the sensitive information owned by the company. The Amazon devices inbuilt security features that help to ensure that unauthorised access and loss of data can be avoided. 
As far as Amazon Web Services (AWS) are to be considered, these services make sure that information is being safeguarded to win the trust of the customers. AWS gives its customers with control and ownership over the content through powerful tools, which provide the customer with enough information about the storage and security of the contents whether it is being stored at a place or it is in the transit stage. Moreover, technical and physical controls are being implemented to prevent unauthorised access or disclosure of the valuable information and content. Amazon has been managing the security of the information by making use of strong encryption.

CIS8018 – Cyber Security Semester 2, 2020 Page 1 of 3 Research paper 1 Due date: 25 August 2020 Value: 25% Objectives The course objectives met by this assignment include: • Course specifications are...

Answer To: CIS8018 – Cyber Security Semester 2, 2020 Page 1 of 3 Research paper 1 Due date: 25 August 2020...

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment