Course Hero Logo

CMGT 582 Week 5 Learning Team.docx - SECURITY AUDIT, PART...

  • University of Phoenix
  • CMGT 582
  • Essay
  • KidIronAnteater23
  • 8
  • 100% (12) 12 out of 12 people found this document helpful

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 1 - 4 out of 8 pages.

SECURITY AUDIT, PART IVSecurity Audit, Part IVCMGT/582 Security & Ethics
SECURITY AUDIT, PART IV2Security Audit, Part IVIt’s highly critical for Amazon to identify their corporate risk and threats which may havean negative impact on their business values and interests.As risk and threats are identified, it isvery important to outline the security controls which mitigate them. By utilizing the criticalsecurity controls platforms this will help enforce a strict and efficient method to supportproficient and actionable methods to eliminate potential attacks.Human error, according to IBM’s “2014 Cyber Security Intelligence Index” accountedfor 95 percent of all security incidents (Howarth, 2014). To mitigate this risk to an acceptablelevel, Amazon will formalize and document their current process surrounding InformationSecurity Awareness Training (ISAT). In addition, Amazon will implement a process to monitorand evaluate the company’s ISAT plan to ensure that all training topics and threats are keptcurrent (e.g. social engineering, recent vulnerabilities, and data breach examples). Topics thatwill be covered by the ISAT will consist of physical security, desktop security, wireless networkand security, password security, Phishing, hoaxes, malware, file sharing and copyrighting("Sans.org", 2009). At the completion of the training, all employees will be given an assessmentto demonstrate their understanding of the material. As a part of security awareness, Amazon willutilize helpful hints, visual Aides, promotions, and tips as a supplement to the training("Sans.org", 2009). These tools will be used as reminders and tips to employees about security.Amazon’s legacy systems perform numerous critical business functions, protecting thesesystems are paramount to Amazon’s operation.As such Amazon will implement the followingmitigation techniques to protect these systems. Amazon will manage privileged credential withgreater discipline, eliminate administrative rights, and enforce least privileges on these systems.Additionally, Amazon will Identify, categorize and analyze their system (application) portfolio,determine when to modernize or replace systems, determine the best technology modernization
SECURITY AUDIT, PART IV3approach, and build business cases to increase the likelihood of funding for upgrade projects(Hickey, 2015). The remaining residual risks are well within Amazon’s risk appetite.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 8 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Winter
Professor
N/A
Tags

Newly uploaded documents

Show More

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture