Week 4 Option 3 - THE ROLE OF IS POLICY-Amazon - Common...

This preview shows page 1 - 4 out of 14 pages.

Common Information Security Threats involving Ethical and LegalThe Internet and everything it encompasses is growing exponentially.With growthcomes responsibility to keep information systems secure to prevent harm to employees and to thecompany.Unfortunately, in todays’ cyber world, growth also means that those with less thandesirable intentions will seek to cause harm to others.Cyber criminals are committed toinfiltrating information systems in an effort to retrieve bank account information to steal money,social security information to commit identify theft, and any number of other criminal activities.According to Byers (2006), Amazon’s website began doing business online in 1995.Most people know about Amazon or have a least heard of them and are familiar with the onlinestore.Amazon has been committed to keeping their systems safe for seventeen years and havegone global.With locations around the world, Amazon must keep transmitted data safe frompossible interception by criminals.Information from millions of customers including personalidentifying information, bank account numbers, etc., travel non-stop twenty-four hours a day.The commitment from Amazon came at the cost of having their security system exploitedby a hacker code called ‘Phobia’.The security exploit allowed Phobia to access the reporter’sAmazon account by calling and resetting the passwords over the phone with the reporterscompromised AppleCare ID and Amazon ID (Kerr, 2016). Amazon responded with thefollowing, “We have investigated the reported exploit, and can confirm the exploit has beenclosed as of yesterday afternoon (Kerr, 2016).”Another major breach in security for Amazon occurred on the Zappos.com, whichAmazon also owns. 24 million accounts where compromised, which included the followingaccount information: names, shipping addresses, billing addresses, phone numbers, and emailaddresses (Vilches, 2016). Zappos CEO Tony Hsieh wrote in an email that the hackers gainedaccess to the internal network of Zappos allowing the hacker’s access to the server that was inKentucky. On October 28, 2014 a researcher uncovered a massive security flaw in the Amazon
Cloud service that is provided by Amazon (Hickey, 2014). A team of German researchers found away that hackers would be able to access user accounts and data. The methods of attack thesecurity researchers found that the Amazon Cloud service was vulnerable to where signaturewrapping and cross site scripting. XML signature wrapping attacks were developed that couldcompletely take over a user account with administrator permissions for the Amazon Cloudaccounts.The AWS interface could also be manipulated to run an executable code and create cross-site scripting attacks. The researchers said that they had access to all the customer data, includingauthentication data, tokens, and passwords (Hickey, 2014). There are many other vulnerabilitiesfor Amazon that may exist but are not known. Intruders (hackers) are a major threat for Amazonas proven from the previously listed examples. When the attack is done by a small group or justone person the threat will fall into the unstructured category (Conklin, White, Williams, Davis, &Cothren, 2016). Threats caused by attacks by hackers that are in a criminal group are known tofall into the structured category (Conklin, White, Williams, Davis, & Cothren, 2016). Physicalsecurity is important to remember because if a hacker can get into the internal network and

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 14 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
VALERIASHAPKO

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture