Information Security Management on Bill Brown:Thoughts and Reference Material Online

AWS Cloud Security Risks, Compliance, and Best Practices

Thu, 30 Oct 2025 00:00:00 +0000

Amazon Web Services Cloud Information Security Risks and Compliance

Abstract

This paper examines the critical security considerations and compliance requirements for organizations migrating to Amazon Web Services (AWS) cloud infrastructure, addressing the widespread concerns among IT professionals regarding cloud security risks. The research explores AWS's Shared Responsibility Model as the fundamental framework for delineating security obligations between AWS and its customers, where AWS manages the security "of" the cloud infrastructure while customers maintain responsibility for security "in" the cloud. Through analysis of AWS's global infrastructure security services, the paper identifies key customer responsibilities including operating system security, data encryption, network configuration, and identity access management, while AWS maintains the physical infrastructure, hypervisor, and managed services.

Common Issues with Security Policy Implementation

Wed, 29 Oct 2025 00:00:00 +0000

Common Issues with Security Policy Implementation

Original Query

Discuss common issues with implementation of security policies and Discuss include common issues and possible mitigations to ensure policy can be enforced.

Common Implementation Issues

Implementation issues happen with security policies. Some of the common implementation issues, as described by Johnson (2014) are organization structure, fitting policies to leaders and targeting early adopters. The implementation of the policy has to take into account the type of organization, how large or small the organization is and what kind of technology is in use. One leader may present a security policy in a team meeting or town hall while another leader may be more hierarchical in the approach by holding a series of group meetings.

Incident Response Best Practices and AWS Forensic Procedures

Tue, 28 Oct 2025 00:00:00 +0000

Incident Response Process Best Practices and AWS Forensic Procedures

Topic or Question

There are so many methods and best practices for handling incidents. Outline what an incident response process based on what is in the text. What is the process order, what may be missing, and how could the process be improved?

Introduction to Incident Response and Management

Incident response (IR) and Incident Management (IM) are similar when a disaster of any type occurs as described by Peltier (2013). IR and IM concepts document and developed and get utilized no matter why type of disaster that happened. The disaster could occur by computer security breach, a physical security attack or a natural disaster such as an earthquake.

Business Continuity and Disaster Recovery Planning Models

Mon, 27 Oct 2025 00:00:00 +0000

Compare and Contrast Various Business Continuity & Disaster Recovery Planning Models

Introduction

Business continuity is essential as described by Hiles (2014). It is the ability of an organization to survive and thrive, survive and bounce back after a disaster or catastrophes. The general objective is to accomplish the mission for the organization no matter what disruptions happen along the way. Business continuity as described by Rima (2013) focuses on an organization's capacity to continue operations irrespective of the nature of interruption. The business continuity planning (BCP) which is a methodology that can be studied, and practitioners can be certified by Rima (2013) points out. The disaster recovery plan is considered a subset of BCP since it addresses stopping the effects of the disaster, catastrophe or event. After the consequences of the disaster or event have been resolved, business continuity activities typically begin. Business continuity as described by Hiles (2014) is the constant readiness of all necessary assets that support critical business functions. Business continuity management (BCM) offers the readiness of the process and resources following a disruption in the business to ensure the continued achievement of mission critical objectives.

BCP & DR Planning: Common Approaches, Drawbacks, and Mitigations

Sun, 26 Oct 2025 00:00:00 +0000

Common Approaches and Drawbacks in Business Continuity and Disaster Recovery Plans

Types of Security Architecture and Design Models Explained

Sat, 25 Oct 2025 00:00:00 +0000

Appraise the Various Types of Security Architecture & Design Models

Security Architecture Overview

Security architecture is the view of the overall system architecture from a security perspective. Security architecture provides insight into the security services, mechanisms, technologies, and features that can be used to satisfy system security requirements as described by Tipton & Krause (2003). The security architecture offers recommendations in the context of the overall system architecture, and security mechanisms should be placed. The security view of a system architecture emphases the system security services and mechanisms, implementation of security related functionality, and identifies interdependencies among security-related components, services, mechanisms, and technologies, and at the same time reconciling any conflict between them. The security architecture is one aspect of an enterprise or system architecture, and can also include network architecture or connectivity architecture.

Physical Security Failure Points and Mitigation Strategies

Fri, 24 Oct 2025 00:00:00 +0000

Common Points of Failure and Strategies to Mitigate Physical Security Deficiencies

Layered Defense Approach

The nature of physical security ought to be like concentric rings or layers of defense with requirements for access that gets more difficult the closer one get to the center of the rings as described by Peltier (2013). The reason for the rings of security is evident because the security team takes some precautions to protect the organization.

Physical Security Models: Features and Functionality Compared

Thu, 23 Oct 2025 00:00:00 +0000

Evaluating the Features and Functionality of Various Physical Security Models

Three Levels of Information Security

Logical security, physical security, and premise security are the three levels of information security as described by Vacca (2013). Logical security protects data stored on computers from software and network threats. The physical safety or infrastructure security protects the information systems that store the data. Physical security must also protect the people who operate and maintain systems and those who use the data. Premises security normally entails protecting facilities security. Premise security protects the people and property within the facility or building(s) that make up the organization.