Shared+Responsibility

pdf

School

University of Phoenix *

*We aren’t endorsed by this school

Course

531

Subject

Information Systems

Date

Jan 9, 2024

Type

pdf

Pages

4

Uploaded by WalkingIntoBradshaw

Report
1 Shared Responsibility Shared Responsibility Brianne Walker University of Phoenix
2 Shared Responsibility Shared responsibility defines the relationship between AWS and the customer as it relates to security and compliance; they must work together to achieve the desired goal of mitigating cyber security risks. While AWS provides the host software system which uses the services it offers to analyze, track, and monitor the data from the customer. It is the customers responsibility to manage the information provided by the host software system; this will depend on which services the customer choose to use and integrate into their business model. This is unique to cloud environment because AWS is basically responsible for security of the cloud; the customer is responsible for what is being monitored in the cloud. In onsite situations the customer has full responsibility over security provisions, whereas in the cloud the responsibility is shared. One major security threat is Malware. Malware is an abbreviation for malicious software. An example of malicious software is a virus compromising the infrastructure; this is just one example of many. GTR would need to consider taking extra security step to prevent data breaches due to malware. Another major security threat is in adequate comprehension what is required to maintain optimum security. When using the shared responsibility model it is important to do due diligence as it relates to having a thorough understanding of the services offered to mitigate security risks. Often lack knowledge leads to certain security measures being skipped or not utilized which ultimately leads to in efficiency. GTR would need to make sure the correct AWS training is offered to employees avoid this issue. Lastly there is compliance; this relates to monitoring who is given what level of security clearance how this is tracked and stored. With a larger company like GTR multiple users are given access to different things; you would need to ensure the proper access controls are in place to protect the privacy of the data in the cloud.
3 Shared Responsibility The first example of security services is privacy management. One of the most important factors in mitigating security threat is protecting the business models privacy. Privacy management is the services a system offers to ensure optimum privacy from unwanted cyber security risks. Privacy management offers services such as two-factor authentication; data encryption; multiple password implementations; and facial recognition and fingerprint scan. Using these extra steps helps deter hackers and helps limit security breaches. With GTR being a rapidly growing business, these are some measures that would increase privacy and security. Like I mentioned above Access controls are another example of security services. There are two types of Access controls: physical and virtual. Physical access means who can enter buildings or on-site data centers. Virtual Access means who has security clearance to stored data and online services offered. There are multiple sub-types of access controls: Mandatory access control, Discretionary access control, Role-based access control, Rule-based access control, and Attribute- based access control. GTR should consider which type of access control would best fit into their business model; access control help keep out unwanted security risks physically and virtually. Data integrity is another security service that helps mitigate security risk. Data integrity is taking precautionary steps to prevent unauthorized users from altering and abusing data. This includes monitoring consistency throughout its entire existence. Compromised data has little to no use once it has been altered; GTR should consider some form of data integrity cyber security. Some examples of this are having off site backups in place to replace altered data; added encryption; and limited redundancy. References:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 Shared Responsibility Buff, H. G. (2000). Compliance . Amazon. Retrieved March 3, 2022, from https://aws.amazon.com/compliance/shared-responsibility-model/ Lutkevich, B. (2020, September 3). What is access control? SearchSecurity. Retrieved March 3, 2022, from https://www.techtarget.com/searchsecurity/definition/access- control#:~:text=Access%20control%20is%20a%20security,access%20control%3A %20physical%20and%20logical . What is data integrity and why is it important? Talend. (n.d.). Retrieved March 3, 2022, from https://www.talend.com/resources/what-is-data-integrity/