Is Security & Risk Management-Free-Samples -Myassignmenthelp.com

Question: Choose an Organisation and Investigate its Security Policies Including IT. Answer: Introduction The environment that involves devices, networks, software, processes, storage information, application services are to be protected from the mitigation of data breaches and cyber attacks (Glendon, Clarke McKenna, 2016). The IT and security standards plans and provides security to the information security management of the company. That highlights the international security standards, effective security practices and guidelines. Here we are choosing the Amazon for the further description of the security issues, protocols, security tools that are been utilized and hence the total risk management of the organization. Discussion of Protocols There are several layer of protocol in the security and privacy of an organization: Security socket layer (SSL); Transport Layer Security (TLS) Protocols; secure IP (IPSec); Secure HTTP (S-HTTP), secure E-mail ( PGP and S/MIME), DNDSEC, SSH, and others (Hopkin, 2017). This network security protocol ensures the integrity and security of the data transfer over networks. There layers includes: Application Layer: PGP S/MIME S-HTTP HTTPS SET KERBEROS Transport Layer: SSL TLS Network Layer: IPSec VPN Data Link Layer: PPP RADIUS TACACS+ The selected organization uses these layers of protocol efficiently and effectively of the development and security. Analysis of Security Tools Security tools are anti-spyware program belongs to System security, promoted through the use of Trojan and Web pop-ups. Trojans are generally installed in the system software by proper knowledge and permission. Relevant analysis of security tools are referred to the Static Application Security Testing (SAST) tools. Amazon launches security and compliance analysis tool for Amazon Web Services (AWS) for identification of potential security issues. These tools are used to discover security vulnerability and those instances where the developer does not follow the practice of Web application. Depth of analysis of mapping of tools with OSI OSI refers to the model of the applications that can communicate over networks. This model is a conceptual framework to understand the relationships the main purpose of this OSI model is to guide the vendors and hence develop the digital communication products and programmable software may explain some clear comparisons amongst the communication tools (Stallings Tahiliani, 2014). The vendors that are involved in the telecommunications helps in describing the products and services related to the OSI model. The Amazon AWS compliance Program provides designed and managed security to the customer in alignment to various IT security standards: SOC 1/SSAE 16/ISAE 3402, SOC 2, SOC 3, ITAR, FISMA, DIACAP, and FedRAMP, PCI DSS Level 1, DOD CSM Levels 1-5, FIPS 140-2. The flexibility and control that AWS platform provides to the customers for the development of the industry and meet several specific standards are: Cloud Security Alliance (CSA), Motion Picture Association of America (MPAA), Health Insurance Portability and Accountability Act(HIPAA), Criminal Justice Information Services(CJIS) and Family Educational Rights and Privacy Act (FERPA). Discussing Policy and Auditing features Clear details of policy and auditing features helps in several ways like Monitoring the active directory, administrative activities day wise, Maintain compliances and Security improvement (McNeil, Frey Embrechts, 2015). The main features of the audits are Assessment of the scopes of policies issued and review the parameters, Assessment of the commitments that are complying with the policies and the degree in which the records of individual are available, compliance with the IT/ARE policies. The policies issued concerns the information systems, services and data (SSD): Nondisclosure of company information Data protection Personal use of the companys information resources Use of social media Bring your own device (BYOD) Information security Discussion of Vendors The vendors of Amazon have the programs and guidelines: Programs for Listing Items on Amazon.com, About Content Guidelines and Limited License Agreement. The Amazon vendors central interface of web normally used for the manufacturing and distributing. These are the first party sellers and by selling the bulks to the amazons they are called the suppliers. Logical map of organizational structure The main organizational/functional units covered by the security policy concept include: Construct concept maps Logical sequencing of concepts Organized lists Drawn pictures to explain concepts Conclusion An effective management of risk gives rise to some significant improvement in operational profitability and operational effectiveness. An approach to risk management is required in each sector of industry for the better security management and safety process in the near future. This provides protection against data breaches and cyber crimes occurrence. The application of an integrated risk management information system is quite important for the approach to safety. Amazon uses and protects its customers database in advanced and secure way. The risk exposures in potential business are a measurement against the risk that involves significant priorities. The standard as discussed is durable and hence takes the risk management approach empowering the government business to function safety, security and effectiveness. The concept of risk management is to determine the agencys possible risk appetite and the medium of communication, the implementation of agencys risk management framework an d its allocation as well as the roles and responsibilities for managing the individual risk. References Glendon, A. I., Clarke, S., McKenna, E. (2016). Human safety and risk management. Crc Press. Hopkin, P. (2017). Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers. Lam, J., 2014. Enterprise risk management: from incentives to controls. John Wiley Sons. McNeil, A. J., Frey, R., Embrechts, P. (2015). Quantitative risk management: Concepts, techniques and tools. Princeton university press. Narula, S., Jain, A. (2015, February). Cloud computing security: Amazon web service. InAdvanced Computing Communication Technologies (ACCT), 2015 Fifth International Conference on(pp. 501-505). IEEE. Stallings, W., Tahiliani, M. P. (2014). Cryptography and network security: principles and practice (Vol. 6). London: Pearson.