Security, Crimes, Compliance and Continuity of IT in Enterprises - Case Study Example

Security, Crimes, Compliance, and Continuity of IT in Enterprises Security, Crimes, Compliance, and Continuity of IT in Enterprises Introduction Today organizations increasingly rely on online business to provide consumers with a greater shopping experience. Although the online shopping sector benefits customers in terms of time, money, and convenience, information security threats and other security vulnerabilities pose potential challenges to online business. Computer hacking, credit card theft and other network attacks raise great threats to online shopping despite a number of measures taken by online marketers to strengthen their network security. Protecting confidential data has become one of the major priorities of modern online marketers because loss of personal customer information/data may adversely affect the credibility and brand loyalty of the organization. Recently many leading online marketers have faced lawsuits as a result of the violations of stated customer privacy policy. This paper will perform a study about the security, crime, compliance, and continuity in Amazon.com with particular reference given to the firm’s data protection policy, information security vulnerabilities, risk management, network security, internal control and compliance. Company Background Amazon.com is a multinational E-commerce company headquartered in Seattle, Washington, United States. The company was founded by Jeff Bezos in 1994. Currently Amazon is named as the world’s largest online retailer with a strong presence in the consumer electronics sector. Although the organization began its operations as an online bookstore, it quickly grew to a world’s leading retailer of CDs, MP3 downloads, video games, computer software, apparel, and food and toys. As Thamhain (2014, p. 19) notes, Amazon Kindle e-book reader and cloud computing services are some of the widely recognized innovations of the company. In addition to offering shipping services to several countries, Amazon maintains distinct websites for countries including US, UK, Canada, Spain, Italy, Germany, France, China, and Japan. The company’s fast and stable growth throughout its corporate history could be attributed to its innovativeness and strategic management efficiency. As of 2013, the company had revenues worth US$ 74.45 billion and a net income of US$ 274 million (Jar Creative, n.d.). Protecting data and business operations Protecting data and business operations is of great significance today in the context of growing intensity of malware attacks, personal data theft, and credit card fraud. According to Wallace (2013), recent experiences indicate that even the name and contact number of a customer can help hackers or intelligent people to get unauthorized access to that customer’s account so that they can make purchases or pay bills pretending to be the authorized user. Evidently such an adverse situation would dissatisfy customers, and they are likely to file lawsuits against the company or leave the brand. Similarly, enhancing the security of business operations is also vital to ensure uninterrupted supply of finished products and timely and proper delivery of products ordered. If an organization’s security system is not strong enough to protect its business operations, hackers may intrude into the business affairs of the firm and cause great troubles to the smooth flow supply chain operations. Considering the recent flaws in consumer data protection, Amazon has taken a number of measures to strengthen its consumer data protection policy. The company has changed its privacy policy with intent to adequately comply with government regulations and meet consumer satisfaction. As per the new policy, the organization abstains from providing its consumer details to marketers because this practice increases hackers’ exposure to confidential customer data. Currently the company takes great efforts to adhere to various globally recognized standards and protocols of protecting sensitive consumer data/information. As McDougall (2012) points out, separation of powers or restricting the number of people who are authorized to access customer systems is another strategy used by Amazon to improve its consumer data protection. In addition, the firm gives particular attention to the disposal of old or unwanted customer data. Amazon crushes and destroys discs or hard drives containing consumer data properly to prevent them from reaching unintended hands. The company also performs surprise inspections and continuous updates in order to make sure that its security systems do not compromise the confidentiality of consumer data. IS vulnerabilities and threats Vulnerabilities and threats in information security (IS) have become a major security issue facing organizations, particularly those operating under the online business sector. It is important to note that threat and vulnerability are not the same. As EC-council (2009) defines, a threat can be simply referred to an individual or event which has the potential to negatively affect the valuable resource of a company whereas vulnerability is a weakness of a resource or its environment that increases the chances of threats (pp.1-3). According to Kadel (2004), non-updated systems and the absence of proper security measures like firewalls and anti-viruses increase the level of vulnerability in information security. Likewise, unethical employee behavior, unhealthy market competition, and increasing hacking activities seem to be some major threats to information security. Evidences suggest that fraudulent activities like phishing, vishing, and smishing appear to be the potential threats challenging the information security of Amazon (Tech Journal, n.d.). Under these techniques, hackers use fraudulently created web pages, e-mails, phone calls, and text messages to pretend to be actual users and intrude into the security systems of the company. Since Amazon is the world’s largest online retailer, professional hacker groups vehemently try to break the information security systems of Amazon so as to gain worldwide fame. From Amazon’s experiences, it is identified that one should not necessarily to be a computer expert to hack the information security. Even a person without any computer knowledge can be a threat to information security if there are potential vulnerabilities with the firm’s IS system. As CRN staff (2011) reports, a team of German researchers has discovered that Amazon cloud services are really vulnerable to cyber attacks as there is ‘massive security gap’ that help hackers to access user accounts. Similarly, security experts from Ruhr-University Bochum (RUB) revealed that Amazon Web Services are exposed to different modes of attack, such as signature wrapping and cross site scripting (CRN). Fraud, crime, and violations With the growing popularity of online shopping, online marketers are greatly challenged by a number of serious issues including fraud, crimes, and violations. Credit card fraud is identified to be the most potential security threat to the Amazon because this crime poses significant challenges to the trustworthiness of the Amazon business. Often even multinational corporations fail to fully comply with the industry standards of security and this pitfall increase firms’ vulnerability to fraud. Considering the terrible consequences of fraud, crime, and violations in the online business environment, governments and regulators take great efforts to address issues like credit card fraud and other cyber violations. Recent reports indicate that online business fraud and other cyber crimes raise a series of challenges to Amazon. It is evident that the organization deals with tens of thousands of business transactions a day and hence it is really a challenging task for the company to ensure the authenticity and security of every single transaction. Recently hackers and other cyber criminals have specifically targeted Amazon. “Emails disguised as messages from Amazon fooled users into clicking a link to infected websites hosting Black Hole Exploit kits. These kits are designed to take advantage of unpatched Windows operating systems and software” (Net Security. org). Subsequently an infected PDF file is downloaded to the user’s computer and it spreads malware into the system by exploiting a vulnerability in Adobe Reader. In addition, fake antivirus software and system utility programs raise a set of potential challenges to Amazon. Such software and programs fool users by warning them about false malware threats to their computers. It was reported that many internet-based fraud firms organize online contests and promise participants that the winner would receive a large amount of prize money from Amazon (Amazon payments, n.d.). Such fraudulent practices threaten the credibility of the Amazon brand. Information assurance and risk management According to Birchall, Ezingeard, McFadzean, Howlin and Yoxall (2004), information assurance can be simply referred to the process of managing information related risks in an organization. The process of information assurance pays particular attention to the protection of integrity, authenticity, and confidentiality of user data (p.5). Physical, technical, and administrative controls are used to enhance better information assurance. The modern business environment is highly competitive, and therefore firms would lose their market share to competitors unless they are able to manage various risks and market uncertain properly. As a result, modern businesses give particular focus to risk management, which is the process of identifying, assessing, and prioritizing risks. Amazon employs highly advanced technologies and qualified and experienced personal to promote information assurance and improve its brand dignity. The organization has clearly classified the type of information to be protected so as to deal with its information assurance process. The company regularly performs a comprehensive risk assessment to identify the vulnerabilities in information assets (if any) and thereby eliminate the threats capable of exploiting the vulnerabilities identified. Amazon measures the impacts of the exploitation of vulnerability in an asset by a threat in terms of the cost to the asset’s stakeholders. As noted already, Amazon maintains improved risk management mechanisms to address the growing uncertainty in the online retail sector. Referring to Amazon management professionals, advanced risk management programs benefit the organization to enhance economical application of proper resources to minimize the impacts of unforeseen events. Effective risk management also assists the company to identify emerging potential opportunities timely and seize them. Industry analysts opine that Amazon’s improved risk management programs aid this online retail giant to gain an edge over its competitors. They also add that extensive risk management is particularly inevitable for multinational companies like Amazon in the current context of bad financial market fluctuations and fast changing monetary policies. Network security Network security simply represents the set of provisions and policies followed by a network administrator to avoid the situations of unauthorized access or modification of a computer network. Network security is managed by a network administrator who is in charge of controlling the authorization of data access in a network. Each user is provided with a login ID and password or other authenticating details that authorize him/her to access information and programs within his/her account. The most widely accepted way of protecting a network is by simply assigning the network a unique name and a corresponding password. As the Amazon’s database and servers contain huge volume of sensitive business data and information, the organization pays specific attention to network security. The organization maintains its own teams of technical experts to identify flaws in its network security and thereby take counter measures to address the issues. The company always tries to keep its network updated so as to eliminate newly emerging network security threats. Interestingly, Amazon offers extensive protection against traditional network security problems and allows its clients to enable additional protection. A major security measure provided by Amazon to its clients is ‘distributed denial of service (DDoS) protection and password brute-force detection’ on its accounts (PR Newswire, n.d.). The organization has set secure access points that can ensure secure HTTP access; and this feature benefits Amazon customers to enjoy secure communication session with Amazon services using SSL. In addition, the AWS Virtual Private Cloud assists Amazon customers to improve their network security by creating private subnets (AWS). Multi-factor authentication (MFA) and encrypted data storage are some other improved tools used by Amazon to add another layer to its network security (Trend Micro, 2013). Other security measures adopted by Amazon to increase its network security include built-in firewalls, dedicated connection option, isolated GovCloud, dedicated hardware-based crypto key storage option, and trusted advisor (Amazon Web Services). Internal control and compliance Internal control is an integral aspect of business management as this process is inevitable for an organization to ensure that its financial statements represent a true and fair view of the state of affairs of the business (Amazon.com). Today advanced IT facilities are employed by organizational managements to sustain the monitoring of internal control and ensure that their financial operations are free from errors and fraud. Evidently an effective internal control system would assist firms to ensure that their operations are in well compliance with the accepted industry standards as well as legal standards (Controls and procedures). Considering the growing significance of stakeholder relations and business ethics, Amazon gives particular focus to corporate governance. Well established internal control procedures assist the country to deal with corporate governance practices successfully and increase shareholder values. Amazon’s well developed IT infrastructure aids the organization to prevent fraudulent practices like repetition of accounting entries and creation of fictitious assets. The firm’s internal control programs are exceptional in terms of authenticity and reliability, and therefore no fraudulent or erroneous business practices would go undetected. On the strength of its well performing internal control system, Amazon makes certain that its operations really abide by the policies set by regulators. Conclusion From the above discussion, it is clear that Amazon is the world’s largest online retailer with huge databases and servers containing a pool of sensitive business data/information. Therefore, it is inevitably important for the company to establish advanced systems to improve network security and protect confidential customer information. The company already performs outstandingly in this regard despite some information security vulnerabilities identified recently. Evidently information security vulnerabilities would increase the chances of a threat challenging the security of the whole system. Hence, Amazon pays specific attention to its network security in order to abolish vulnerabilities and thereby add to the network credibility of the company. In addition, the firm also maintains quality internal control systems backed up by well developed IT infrastructure so as to maintain the accuracy of its financial statements and comply with accepted industry and governmental standards. To sum up, Amazon performs well in terms of security, crime, compliance, and continuity and therefore it enjoys a potential edge over its market rivals. References Amazon payments. Internet Scams and Phishing. Retrieved from https://payments.amazon.com/help/Personal-Accounts/Privacy-Security/Internet-Scams-and-Phishing Amazon Web Services. AWS Security Center. Retrieved from https://aws.amazon.com/security/ AWS. (2011). Amazon Web Services: Overview of Security Processes May 2011. Retrieved from http://ip-saas-infopark23444378-cms.s3.amazonaws.com/public/485ba117a3a3c81b/22a5ed8017317efea08e2c2b34ffe0c4/AWS_Security_Whitepaper.pdf Amazon.com. corporate governance. Retrieved from http://phx.corporate-ir.net/phoenix.zhtml?c=97664&p=irol-govConduct_pf Birchall, D., Ezingeard, J., McFadzean, E., Howlin, N & Yoxall, D. (2004). Information assurance: Strategic alignment and competitive advantage. UK: Grist Ltd . CRN staff. (2011). Researchers Uncover Massive Security Flaws In Amazon Cloud. CRN. Retrieved from http://www.crn.com/news/cloud/231901911/researchers-uncover-massive-security-flaws-in-amazon-cloud.htm Controls and procedures. Wikiinvest. Retrieved from http://www.wikinvest.com/stock/Amazon.com_(AMZN)/Controls_Procedures EC-Council. (2009). Ethical Hacking and Countermeasures: Attack Phases. US: Cengage Learning Jar Creative. How to Adapt to Competition from Amazon and Win. Retrieved from http://www.jarcreative.com/e-commerce/how-to-compete-against-amazon/ Kadel, L. A. (2004). Designing And Implementing An Effective Information Security Program: Protecting The Data Assets Of Individuals, Small And Large Businesses. SANS Institute. Retrieved from http://www.sans.org/reading-room/whitepapers/hsoffice/designing-implementing-effective-information-security-program-protecting-data-assets-of-1398 McDougall, P. (2012). 5 Ways Amazon Web Services Protects Cloud Data. Retrieved from http://www.networkcomputing.com/networking/5-ways-amazon-web-services-protects-cloud-data/d/d-id/1106642? Net Security. Recycled cybercrime tactics adapted to conceal fraud. Retrieved from http://www.net-security.org/malware_news.php?id=1955 PR Newswire. Coordinated Systems, Inc., (CSI) of East Hartford, CT to exhibit at ICMI Contact Center Expo and Conference featuring its Virtual Observer "Workforce Optimization as a Service" (WFOaaS) for contact centers. Retrieved from http://www.prnewswire.com/news-releases/coordinated-systems-inc-csi-of-east-hartford-ct-to-exhibit-at-icmi-contact-center-expo-and-conference-featuring-its-virtual-observer-workforce-optimization-as-a-service-wfoaas-for-contact-centers-257071791.html Tech Journal. Top ten security threats target banks, Amazon shoppers, Adobe reader. Retrieved from http://www.techjournal.org/2012/01/top-ten-security-threats-target-banks-amazon-shoppers-adobe-reader/ Trend Micro White Paper. (2013). Best Practices for Security and Compliance with Amazon Web Services. Retrieved from http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_best-practices-security-and-compliance-with-amazon-web-services.pdf Thamhain, H. J. (2014). Managing Technology-Based Projects: Tools, Techniques, People and Business Processes. US: John Wiley & Sons. Wallace, G. (2013). Target credit card hack: What you need to know. CNN Money. Retrieved from http://money.cnn.com/2013/12/22/news/companies/target-credit-card-hack/ . Read More