IT Security Management Implementation

Utilizing your comprehensive Security plan outline, develop a proposal for implementing IT Security Management.
Information Security Plan, Illustration using Amazon
1. Introduction
Information security plans could place enterprises in a state enabling them to avoid, transfer, acknowledge or evade risks centered on processes, people or technologies. Kouns and Minoli (2011) add that a properly grounded strategy also helps an institution to safeguard its integrity, integrity as well as confidentiality of information. This paper presents a security plan for Amazon Company.
2. Threat Profile
2.1 Asset Classification
2.1.1 Cloud server
Asset ID C.A 01 Cloud server
Attribute Description
Description Hosts tenant files and software utilities
Ownership Vice president operations
Location Internet
Security Classification
C Confidentiality Confidentiality impact assessment-very high
I Integrity Integrity impact assessment-high
A Availability Availability impact assessment-high
Value Corporate data store. Privacy agreements with tenants

2.1.2 Inventory Management System (IMS)
Asset ID C.A 03 IMS
Attribute Description
Description A software utility that keeps track of all I.T utilities in DM
Ownership I.T manager
Location I.T office
Security Classification
C Confidentiality Confidentiality impact assessment-high
I Integrity Integrity impact assessment-high
A Availability Availability impact assessment-high
Value Monetary value associated with the I.T assets

2.2 Threat Actors
2.2.1 TA. 01 Database hacker
Threat Actor Id TA. 01 Database hacker
Descriptions Fellows employed by some other enterprises (or driven by their individual interests) to explore the user-data validation pitfalls that surround back end databases.
Relationship: External Region of operation: unlimited
Motive: espionage
Capability: endowed with SQL programming skills and general functioning of web applications. Generally persistent.
Objectives: internal enterprise financial data, authentication details and hacking thrill

2.3 Threat Scenarios
2.3.1 T.S 01 View and share client private data
Threat campaign Steal cloud data
Threat scenario T.S 01 View and share client private data
Asset ID C.A 01 Cloud server
Phase Description
Reconnaissance The actor shares tenant’s data
Weaponaization The actor is authorized to view client data but intentionally violates the privacy agreements
Delivery Reveal the content cloud-featured data centers
Exploitation Enterprise data disclosed to competitor firms
Installation The actor copies and steals data resident on virtual machines
Command and control Not applicable
Actions and objectives Asset C.A 01 IMS compromised
Covering tracks Not applicable

2.3.2 T.S 02 Launch SQL injections
Threat campaign Compromise terminal databases
Threat scenario T.S 02 Launch SQL injections
Asset ID C.A 03 IMS
Phase Description
Reconnaissance The actor tries to access the terminal database of the inventory management system
Weaponaization The actor sends SQL injections to the terminal database
Delivery The actor uses the user input form fields associated with the target database
Exploitation The back-end database of the IMS is the tool to be compromised
Installation The terminal database receives and attempts to process the user query then becomes compromised
Command and control Not applicable
Actions and objectives Asset C.A 03 IMS compromised
Covering tracks Not applicable

3. Measures
3.1 Sharing of Client-Owned Private Data
Ø Formulate privacy agreements and let clients consent to them
Ø Train staff handling client data on the importance of privacy, highlighting the consequences of violating the same
3.2 Preventing SQL injections on the Inventory Management System
Ø Hire more experienced developers able to leverage database programming skills like prepared statements and user input trimming to curb SQL injection
Ø Train the end-users of the Inventory Management System on the best practices for feeding user inputs.

Kouns, J., & Minoli, D. (2011). Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams. Somerset: Wiley.

Order a unique copy of this paper
(550 words)

Approximate price: $22

Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

We value our customers, and so ensure that our papers are 100 percent original. Our Team of professionals does not miss the mark; they ensure that step by step each paper is written uniquely. We never duplicate or work as we compare papers rest assured. We deliver our work a day before time to ensure that you don’t miss your deadlines. It is not only doing the work but delivering it at the right time. We capture the consequences of late remittances. .

Money-back guarantee

We value customer satisfaction here at and make sure that you get the best value for your Money. It happens that sometimes you can pay twice for your order or may want to cancel it, or you feel that it doesn’t meet your requirements; our money back guarantee will give you the opportunity to get back your money. We will also refund 100% of money paid double. In case your paper does not satisfy your requirements , we request that you notify us via writing within 2 days otherwise on the third day we will assume that you have been satisfied. Do all your correspondences through our email address

Read more

Zero-plagiarism guarantee

At, our professional writers know the consequence plagiarism does for our clients. We have updated software’s such as article checker and copyscape to check for originality of the custom papers before submission of the final paper to the you. Our guarantee to the customer is that we will write 100% original papers for them that are quality, timely and of low cost. We have experienced professional and competent PhD writers who will write quality custom papers for you..

Read more

Free-revision policy

. At, we are proud to provide top-quality Essay writing service to our esteemed customers. We are ready to take up that challenging academic assignment that is giving you sleepless nights and simplify it for you according to your desired requirements. We are willing to revise your paper if it does not meet your requirements. At, we do not compromise with quality; thus, we offer unlimited free revisions until the customer is satisfied with their custom paper. Our unlimited free revision services are provided under the following terms:.. .

Read more

Privacy policy knows that client’s information is an essential tool for our company. It means that whatever the client requests from our service is kept strictly confidential. It means that whoever writes for this company understands the terms and conditions hence you should not be worried because you will never see your work somewhere else...

Read more

Fair-cooperation guarantee

Rest assured that we will always be attentive to your needs and requirements. We belief in the phrase treat your neighbour as you would want them to treat you. We leave nothing to chance and always look forward to a good interaction with each other.. .

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
The price is based on these factors:
Academic level
Number of pages