Information Security Plan
This information security plan defines Amazon’s safeguards to ensure the confidentiality, integrity and availability of all information systems resources and data under the control of the company. The plan is divided into data classification, assessment of potential risks and security policies and procedures.
Amazon’s data assets are classified into three: confidential, private, and public.
1. Confidential data: Company-related information is classified as confidential if access by unauthorized parties could cause a substantial loss for the company (Western Kentucky University, 2020). This includes information that can affect Amazon’s brand, especially what is not public knowledge. Examples of Amazon’s confidential information include critical agreements and contacts, budgetary and intellectual properties and personal information of the company’s employees. Access to confidential information must be approved by the information owner.
2. Private data: Amazon’s data is classified as private if access is only permitted to authorized Amazon personnel. According to (Infosecinstitute, 2020), extreme care and precaution is required before and during usage, storage and transmittal. It is a violation to show or transfer private data to unauthorized parties. Examples of Amazon’s private information include employees’ salaries and non-sensitive personal information.
3. Public data: Information can only be classified as public if it has been quality controlled and approved by authorized personnel within Amazon for publication. Example of pubic data are those that have been legally printed in the internet.
Assessment of Potential Risks
The company acknowledges its resources faces both internal and external threats. The risks include, but not limited to:
• Cyber threats such as malware and worm attacks, network penetration, and denial of service
• Unauthorized access to information or resources
• Unauthorized modification or transfer of data
• Attacks against company reputation
• Hardware and Software misuse
• Accidental deletion of data or information
• Hardware failure and software glitches
• Natural factors such as power outage and Fire
The company recognizes that this may not be a complete list because of the changing technology. The IT security team is expected to regularly monitor advisory groups such as the Educause Security Institute and SANS for the identification of new risks (University of South Florida, 2020). Whereas the company believes the current safeguards provide security and confidentiality for its data and resources, it cannot guarantee absolute security due to evolving threats.
Security Policies and Reactive Emergency Plans
Access to information via the company’s IT Infrastructure is only limited to those who have valid business accessing them (University of South Florida, 2020). Each employee is provided with a user account, which is automatically placed into either one of the three levels of access. These levels include: levels one, two and three. Level one access has unlimited access to all data and systems of the company, level two can access everything else apart from confidential data, whereas level three has access to all internal data that are neither confidential nor private.
All data will incrementally be backed up safely and securely. In addition, all software and hardware systems must regularly be subjected to necessary security requirements as defined by the ITS Unit. In addition, employees are encouraged to memorize and keep safe their login credentials and to report suspicious activities.
The company has developed written detailed plans and procedures to detect actual or attempted attacks, and a well thought out response plan. The company will develop an education curriculum that aims at creating awareness of data security threats; all employees will be subjected to the curriculum.
Fedramp (n.d). Developing a System Security Plan (SSP). Retrieved 5 August 2020, from https://www.fedramp.gov/developing-a-system-security-plan/
Infosecinstitute (2020). Key elements of an Information Security Policy. Retrieved 5 August 2020, from https://resources.infosecinstitute.com/key-elements-information-security-policy.
University of South Florida (2020). IT Security Plan. Retrieved 5 August 2020, from https://www.usf.edu/it/about-us/issp0000securityplan.pdf
Western Kentucky University (2020). Information Security Plan. Retrieved 5 August 2020, from https://www.wku.edu/policies/docs/index.php?policy=79
The post The Information Security Plan first appeared on COMPLIANT PAPERS.
Quality Researched Papers
We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.
We have hired a team of professional writers experienced in academic and business writing. Most of them are native speakers and PhD holders able to take care of any assignment you need help with.
If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account.
All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. We will always strive to deliver on time.
Original & Confidential
We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text.
24/7 Customer Support
Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
No need to work on essay at night. Sleep tight, we will cover your back. We offer all kinds of essay writing services.
No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.
An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.
Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.
If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied.