Great Deal! Get Instant $10 FREE in Account on First Order + 10% Cashback on Every Order Order Now

CIS8018 – Cyber Security Semester 2, 2020 Page 1 of 3 Research paper 1 Due date: 25 August 2020 Value: 25% Objectives The course objectives met by this assignment include: • Course specifications are...

1 answer below »
CIS8018 – Cyber Security Semester 2, 2020
Page 1 of 3

Research paper 1

Due date: 25 August 2020
Value: 25%
Objectives
The course objectives met by this assignment include:
• Course specifications are available online from the USQ website
http:
www.usq.edu.au/course/specification
. Always check the website for the latest version.
Background
This assessment item covers chapters 1-4 of your textbook. Select one organisation of your choice.
Investigate and report on the cu
ent state of this organisation (as per material covered in these
chapters) and make suggestions for improvements that the organisation could adopt to improve
their security. If you are working at this organisation, please make sure NOT to divulge any sensitive
information (you may wish to check online what information is made public by the organisation to
ensure this). While the scope is reflected by chapters 1-4, you are allowed to use journal articles to
support your statements.
Provide the URL, values, vision, and mission statement as an appendix.
Write a research paper and organise it in the following way:
 Title (you are required to decide your paper’s title)
 Your name and student number
 Abstract (about 100 words)
 Introduction
 Body context (you could divide into several sub-sections if required)
 Conclusion
 References.
The word-count limit for the introduction, body and conclusion of this paper is set at about 3000
words. Use two (2) or more resources for your citing and referencing in Harvard style.
Submission requirements
• Submit your word document through your study desk– a link will be available on the study desk.
CIS8018 – Cyber Security Semester 2, 2020
Page 2 of 3

Marking criteria for research paper 1 – CIS8018
Student name: ___________________________ Student number: ____________________



Marks
Structured development of research paper
Logical flow leading the reader from start to finish on a clear path of addressing
the assessment requirements; clear identification of the cu
ent security state;
and description of network usage.
Excellent meets all the requires for this objective 25-30
Good work – minor issue 15-24
Requires more work 5-14
Very poor effort 0-5
Comment:


/30
Depth of research/ critical reflection
Reason to support findings: critical evaluation and analysis of the cu
ent state
of the organisation aligned with chapters 1-4; suggestions of improvements
implement the understanding of the cu
ent state and the solutions provided
in the chapters 1-4;
Excellent meets all the requires for this objective 25-30
Good work – minor issue 15-24
Requires more work 5-14
Very poor effort 0-5
Comment:


/30
Understanding of key ideas and concepts
Understood the course material; able to identify key ideas and concept within
a real life scenario of issues; able to explain an issue with the use of key ideas
and concepts; able to relate own experience to course material and issue by
introducing own perspective
Excellent meets all the requires for this objective 25-30
Good work – minor issue 15-24
Requires more work 5-14
Very poor effort 0-5
Comment:
/30
CIS8018 – Cyber Security Semester 2, 2020
Page 3 of 3


Evidence of support
Citing and referencing: Co
ect within text Harvard citing; co
ect Harvard
eferencing; used more than two (2) sources (book, journal article, report,
news article on the internet) in addition to the course text book.
Excellent meets all the requires for this objective 8-10
Good work – minor issue 5-7
Requires more work 3-4
Very poor effort 0-2
Comment:


/10
Total /100
General Comments:

Slide 1
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
1
Upon completion of this material, you should be able to:
List and discuss the key characteristics of information security
List and describe the dominant categories of threats to information security
Discuss the key characteristics of leadership and management
Describe the importance of the manager’s role in securing an organization’s information assets
Differentiate information security management from general business management
Learning Objectives
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
2
Introduction
IT enables the storage and transportation of information—often a company’s most valuable resource—from one business unit to anothe
But what happens if the vehicle
eaks down, even for a little while?
Astute managers increasingly recognize the critical nature of information security as the vehicle by which the organization’s information assets are secured
The emergence of executive-level InfoSec managers allows for the creation of professionally managed information security teams that have a primary objective to protect information assets, wherever—or whatever—they may be
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
3
laser (laser) - Au/PE: Global: Please note that end periods have been deleted at the end of listed sentences wherever they are given because they are not given in majority of the cases.
Introduction (Continued)
Organizations must realize that information security planning and funding decisions involve more than managers of information, the members of the information security team, or the managers of information systems
Altogether, they must involve the entire organization, as represented by three distinct groups of managers and professionals, or communities of interest:
Those in the field of information security
Those in the field of IT
Those from the rest of the organization
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
4
Communities of Interest
These three groups should engage in a constructive effort to reach consensus on an overall plan to protect the organization’s information assets:
The information security community protects the organization’s information assets from the many threats they face
The IT community supports the business objectives of the organization by supplying and supporting IT that is appropriate to the organization’s needs
The general business community articulates and communicates organizational policy and objectives and allocates resources to the other groups
Working together, these communities of interest make recommendations to executive management about how to secure an organization’s information assets most effectively
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
5
What Is Security?
In general, security means being free from danger. To be secure is to be protected from the risk of loss, damage, unwanted modification, or other hazards
Achieving an appropriate level of security for an organization also depends on the implementation of a multilayered system
Security is often achieved by means of several strategies undertaken simultaneously or used in combination with one anothe
It is the role of management to ensure that each strategy is properly planned, organized, staffed, directed, and controlled
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
6
Specialized Areas of Security
Specialized areas of security include:
Physical security
Operations security
Communications security
Cyber (or computer) security
Network security
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
7
Information Security
Information security (InfoSec) focuses on the protection of information and the characteristics that give it value, such as confidentiality, integrity, and availability, and includes the technology that houses and transfers that information through a variety of protection mechanisms such as policy, training and awareness programs, and technology
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
8
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
9
The CIA Triad and the CNSS Model
The NSTISSI (or CNSS) Security Model (also known as the McCumber Cube) provides a more detailed perspective on security
While the NSTISSC model covers the three dimensions of information security, it omits discussion of detailed guidelines and policies that direct the implementation of controls
Another weakness of using this model with too limited an approach is to view it from a single perspective
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website
Answered Same Day Aug 17, 2021

Solution

Dilpreet answered on Aug 22 2021
136 Votes
CRITICAL ANALYSIS OF THE MANAGEMENT OF INFORMATION SECURITY BY AMAZON
Abstract
The assets owned by an organisation are all based on the information the organisation has gathered and analysed. Information can be thought of as the foundation of the organisations. as the organisations now depend a lot on the internet for performing their operations, they need to focus immensely on the security of the information they possess. This report will critically analyse the management of information security by e-commerce giant Amazon. Through this report the information security policies and strategic planning for security of Amazon will be discussed. The report will also shed some light on the information laws and ethics being followed by the organisation.
Table of Contents
Introduction    4
Background of the Company    4
Management of Information Security    4
Information Security Policies of Amazon    6
Amazon’s Strategic Planning for Security    8
Laws and Ethics Followed by Amazon    9
Recommendations    10
Conclusion    10
References    11
Appendix    12
Introduction
Information can be thought of as the foundation of the organisations. The assets owned by an organisation are all based on the information the organisation has gathered and analysed. With advancements in digital technologies and increased usage of internet, it has become quite a challenging task for business organisations all around the globe to effectively manage the voluminous information that flows in and out the organisation. Moreover, as the organisations now depend a lot on the internet for performing their operations, they need to focus immensely on the security of the information they possess. This report will critically analyse the management of information security by e-commerce giant Amazon. Through this report the information security policies and strategic planning for security of Amazon will be discussed. The report will also shed some light on the information laws and ethics being followed by the organisation.
Background of the Company
Amazon was founded in the year 1994 by Jeff Bezos in Washington. The company, which started as an online marketplace for selling books to sell software, clothes, food, electronic products, furniture, toys, jewellery and what not. The company managed to grow sustainably and has turned out to be the largest internet company of the world by revenue. The business operations of Amazon are focused towards cloud computing, digital streaming, artificial intelligence and e-commerce. Amazon has been making use of a number of information systems for internet activity. The company has been investing a handsome amount on the development of a new system in order to improve the security of the information and associated systems owned by the organisation.
Management of Information Security
With the voluminous inflow and outflow of information, a number of business organisations have started focusing on the security of the information they own. Information system deployed by Amazon has been enabling this organisation to store and transport information from one business unit to the other business unit. Most of the managers within the organisation are of the opinion that the nature of information security is very critical and it acts as vehicle, by which the information assets owned by the organisation is being secured (Safa, Von Solms and Furnell, 2016). In order to manage the security of the information owned solely by Amazon, the company has spent nearly $200 million dollars on its new system. Amazon primarily uses DBMS from oracle. In addition to this, Amazon has a professionally managed information security team, which works in coordination to protect the information assets owned by Amazon.
The high-level management of Amazon is of the opinion that decisions related to information security must involve experts in the field of information security, expert form the field of information technology and people who have a stake in the information owned by the organisation. Amazon ensures that the information it collects from its customers during a number of transmissions and transactions is protected through encryption protocols and software. The personal information of the users and customers that Amazon gathers is used for operating, providing, developing and improving the products and services that Amazon offers to its customers. The company ensures that under no circumstances shall the information gained must be used for unethical purposes. The organisation also ensures that its website and order fulfilment systems are separate in order to improve the security of the information being gained.
Amazon allows its users to choose, what information will they like to be shared with the organisation. The company incorporates a number of security features that are used for the purpose of improving the information security by avoiding unauthorised access. Amazon has been acting quite sensitively, when it comes to protecting the bank, credit and debit card data of its customers. Payment Card Industry Data Security Standard (PCI DSS) is used by the organisation to manage the information security while handling online transactions (Amazon, 2020). To manage the security of the information further, this e-commerce giant maintains electronic, procedural and physical safeguards while collecting, storing and managing the sensitive information owned by the company. The Amazon devices inbuilt security features that help to ensure that unauthorised access and loss of data can be avoided.
As far as Amazon Web Services (AWS) are to be considered, these services make sure that information is being safeguarded to win the trust of the customers. AWS gives its customers with control and ownership over the content through powerful tools, which provide the customer with enough information about the storage and security of the contents whether it is being stored at a place or it is in the transit stage. Moreover, technical and physical controls are being implemented to prevent unauthorised access or disclosure of the valuable information and content. Amazon has been managing the security of the information by making use of strong encryption. It also provides its users using the services...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here