You are the head of an IT department that is planning to move several critical production applications to Amazon Web Services. You will be directly managing EC2 instances and supporting infrastructure as well as the database servers and application stacks underlying the applications. Senior management has expressed concern about the risk to the company's intellectual property as a result of running these applications on AWS. You need to provide a written response to their concerns, highlighting AWS features and other technologies that you could use to mitigate these risks. One or two sentences should be enough to cover each risk.
The risks you need to address are:
Other AWS customers might be able to eavesdrop on communication between our servers.
Any of our EC2 instances might be running on the same physical host as those of another customer, exposing us to side-channel attacks through shared memory resources or hypervisor vulnerabilities.
Important proprietary data will be retained in persistent storage on some of our instances. An Amazon sysadmin could conceivably access our storage volumes and extract that data.
A major outage at an Amazon datacenter hosting our AWS resources could knock our applications offline, costing us significant revenue.
1=To prevent from eavesdrop,all AWS services provide secure customer access points (also called API endpoints) that allow you to establish secure HTTPS communication sessions.HTTPS uses the SSL/TLS protocol, which uses public-key cryptography to prevent eavesdropping, tampering, and forgery.
2=Amazon Web Services provides a range of networking services that enable you to create a logically isolated network that you define, establish a private network connection to the AWS cloud, use a highly available and scalable DNS service and deliver content to your end users with low latency at high data transfer speeds with a content delivery web service.So their is no chance of side-channel attacks through shared memory resources
3=Every AWS resource is owned by an AWS account, and permissions to create or access a resource are governed by permissions policies. An account administrator can attach permissions policies to AWS Identity and Access Management (IAM) identities (that is, users, groups, and roles).When granting permissions, you decide who is getting the permissions, the resources they get permissions for, and the specific actions that you want to allow on those resources.So without our permission no one can extract the data.
4=The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility so there is no fear of outage.
You are the head of an IT department that is planning to move several critical production...
You are the head of an IT department that is planning to move several critical production applications to Amazon Web Services. You will be directly managing EC2 instances and supporting infrastructure as well as the database servers and application stacks underlying the applications. Senior management has expressed concern about the risk to the company's intellectual property as a result of running these applications on AWS. You need to provide a written response to their concerns, highlighting AWS features and other...
critique or comment (with reputable source citation) on this report ? ASHEVILLE DISASTER RECOVERY Executive Summary A stable and prosperous city, Asheville in Western North Carolina operates a Website which has information about the city and can link to various online services. Asheville also created and maintains a popular mobile app for citizen services. Jonathan Feldman, the city’s chief information officer, who participated in the Hurricane Katrina recovery, was concerned by what he found. Asheville has a disaster recovery facility,...
The purpose of security policies is to help mitigate identified risks. Writing these policies is easier once you have created an asset inventory list, prioritized that list, and identified the major risk exposures found in those assets. The task of identifying your IT assets begins with recognizing that your IT infrastructure and supporting resources can be divided into the seven IT domains. The benefit of identifying the assets and prioritizing them across those domains is being able to document policies...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
1) Discuss the company's top risks? 2) Discuss whether the company treats risk reactively or proactively? 3) Do you observe a lack of understanding of potential exposures? 4) Does the company focus on internal risks or external risks? 5) Do you think the company is well prepared to respond to potential risks? Orange County he t die Following the debocie Orange County o dmorych of control procedures and financial gove nonce and d e setof o n policies December 1994...
CASE 8 Unlocking the Secrets of the Apple iPhone in the Name of access the male San Bernardino suspect's iPhone 5c. Cook stated: Antiterrorism We are challenging the FBI's demands with the deepes respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications While we believe the FBI's intentions are good, if would be wrong for the w e nt to force...
Please read the article and answer about questions. You and the Law Business and law are inseparable. For B-Money, the two predictably merged when he was negotiat- ing a deal for his tracks. At other times, the merger is unpredictable, like when your business faces an unexpected auto accident, product recall, or government regulation change. In either type of situation, when business owners know the law, they can better protect themselves and sometimes even avoid the problems completely. This chapter...
Please use own words. Thank you.
CASE QUESTIONS AND DISCUSSION > Analyze and discuss the questions listed below in specific detail. A minimum of 4 pages is required; ensure that you answer all questions completely Case Questions Who are the main players (name and position)? What business (es) and industry or industries is the company in? What are the issues and problems facing the company? (Sort them by importance and urgency.) What are the characteristics of the environment in which...
How can we assess whether a project is a success or a
failure?
This case presents two phases of a large business transformation project involving the implementation of an ERP system with the aim of creating an integrated company. The case illustrates some of the challenges associated with integration. It also presents the obstacles facing companies that undertake projects involving large information technology projects. Bombardier and Its Environment Joseph-Armand Bombardier was 15 years old when he built his first snowmobile...