FEEDBACK FROM INSTRUCTOR
Max, one of your primary goals of the introduction is to immediately capture your audience’s attention. The people you are inviting to this meeting are busy with many demands on their time. You need to capture their attention by demonstrating this presentation will help them to do their jobs or be beneficial to the business. I would suggest that you provide some statistics and costs to put things into perspective. For example, include a statistic on the cost per record following a data breach.
Max, you have listed some important areas where problems may occur. One of the things that is readily missing is phishing emails and Ransomware. These types of attacks frequently and are among the most dangerous and most prevalent threats currently being experienced by businesses.
Max, you provided a nice summary of malicious behavior which would need to be addressed in your presentation.
Max, you have listed some great information here. One of the key items to educate on is the information security policies. The security awareness training program should reference the organizational policies as part of the presentation and training.
Scott, you provided some technical information in your conclusion which while helpful and is good information you should be concluding your presentation and not providing additional information. Additionally, the objective of this presentation is not to have a technology discussion but rather to educate employees and make them aware of their role with security. Scott, it is very important to remember you will be speaking to business leaders who are a non-technical audience and may not understand the technical terms.
Amazon’s security threats due to human errors in which it will include the highlights what is going to consider throughout the paper mean a formal discussion that will cover throughout this study. Amazon and its security errors as well as security practices by considering below points:
- How Amazon protected its servers and web portals?
- Security standards and procedures in Amazon’s payment gateway portals
- Security awareness practices use by Amazon
Unintentional Human Error
Human errors can be costly if they are not addressed timely that is why Amazon support automation training to its all administrative employees so that to control over any incorrect command that may lead to the removal of a larger set of servers even without human intention. So, this section will address possible types of intended human errors, what steps Amazon takes to control over them either by training or automation practices and how they reduce the chances of untended human errors. Possible areas of human errors will also address, “Human Errors Can Be Costly, It Just Happened at Amazon.”.
- Technical fault due to human errors.
- Lacking in Social Engineering.
- System misconfiguration
- Poor patch management
- Default credentials
- Lost devices
- Unintentional disclosure of information
- Credential Sharing
Malicious Human Behaviours
The humanfactor is a most dangerous threat to any system that could raise outrage and may result inshut down many internet sites for hours or even threaten many customers. Therefore, Amazon is maintaining its possible high-security system that keeps and informing about any potentialthreat. So, this section will address on possible malicious and human factor against Amazon, and how Amazon’s security system handle those malicious issues and ensure that their customer’s data is secure.
- Changes to critical and confidential data
- Inefficient user manual to provide control access
- Decrypted data
- Keep Transactions logs
- No separate job functions
Key Security Services
This section will address major security steps taken by Amazon to prevent any malicious human threat on its servers and web services that will address as listed below, “Security and Identity Services for AWS.”
- Effective cryptography
- Efficient and strict user manual
- Human error prevention strategy
- Mitigation strategy to control over losses
All possible organizational factors which may lead to the security threat and how Amazon ensure that it has a mechanism to control over potential breaching factors is address. To do so, Amazon maintains its email security policies, legal policies, security system, and security researchers that can assure its high-security system which is capable enough to address all possible organizational security issues that may lead to organizational security threats as listed below, “Security & Privacy.”
- Training for IT department to protect the internal environment.
- Information Security Program
- Security breach due to human errors
- Organizational factors support Amazon’s security system.
The call for and desire for security and privacy has led to several security protocols and standards.
Among these are: Secure Socket Layer (SSL) and Transport Layer Security (TLS) Protocols; secure IP (IPsec); Secure HTTP (S-HTTP), secure E-mail (PGP and S/MIME), DNDSEC, SSH, and employers training to understand the importance of security and follow the company guideline.
It is essential for Amazon if the company desire to continue providing e-commerce and thrive in cyberspace.
Delrey, Jason (March 2, 2017). Amazon’s massive AWS outage was caused by human error. RECODE. Retrieved from https://www.recode.net/2017/3/2/14792636/amazon-aws-internet-outage-cause-human-error-incorrect-command
Human Errors Can Be Costly; It Just Happened At Amazon. Retrieved from http://www.techelium.in/blog/human-errors-can-costly-amazon-just-went/
Security & Privacy. Help & Customer Service. Retrieved from https://www.amazon.com/gp/help/customer/display.html?nodeId=551434
Security and Identity Services for AWS. Retrieved from http://docs.aws.amazon.com/gettingstarted/latest/awsgsg-intro/gsg-aws-security-identity.html