Isol 536 Security Architecture And Design Dr. Charles Desass ✓ Solved

Isol 536 Security Architecture And Designdr Charles Desassureuniver

ISOL 536 – Security Architecture and Design Dr. Charles DeSassure University of the Cumberlands Week 4 General Instructions 1. Use the coversheet Select a web application of your choice. Submit a two to three report outlining the company’s password policy relating to password setup and format (include the URL address to the professor can visit the site) at the bottom of the page. Within your report, explain why the current policy is suitable for this company.

Sample Paper For Above instruction

This report examines the password policy of Amazon, one of the world's largest online retail platforms, focusing on its password setup and format requirements and analyzing the suitability of the policy within the company’s security framework. Amazon’s commitment to customer data protection and its extensive digital infrastructure necessitates a robust password policy to prevent unauthorized access and cyber threats.

Amazon’s password policy mandates that users create passwords of at least 12 characters, including a mix of uppercase and lowercase letters, numbers, and special characters. The policy explicitly prohibits the use of common or easily guessable passwords such as “password123” or “admin”. Additionally, Amazon employs measures to prevent the reuse of previous passwords, requiring users to select unique credentials for each account. Users are prompted to create strong, complex passwords during account creation and are encouraged to update passwords periodically through security alerts.

The URL address for Amazon's login page is: https://www.amazon.com/ap/signin. This page provides clear guidelines for password creation, reflecting Amazon's emphasis on security. The website employs SSL encryption to protect password inputs, and the password strength meter guides users to create sufficiently complex passwords, adding an extra layer of security.

Amazon’s password policy is suitable for several reasons. Firstly, the minimum length and complexity requirements help mitigate brute-force attacks by increasing the number of possible combinations an attacker must attempt, thereby enhancing security. Secondly, the prohibition against reusing passwords reduces the risk associated with credential stuffing attacks, where attackers utilize previously compromised passwords. Thirdly, the policy aligns with industry best practices as recommended by cybersecurity authorities such as NIST, which emphasizes strong, unique passwords coupled with multi-factor authentication.

Furthermore, Amazon’s proactive prompts for password updates and the enforcement of password complexity serve to educate users about the importance of cybersecurity hygiene. The integration of SSL encryption ensures that password information remains confidential during transmission. These elements collectively bolster user confidence in the platform’s security measures and reduce vulnerability to cyber threats.

In conclusion, Amazon’s password policy exemplifies a comprehensive approach that balances usability and security. Its policies align with current cybersecurity standards and best practices, making them effective in protecting both user accounts and the organization’s digital assets. Implementing such stringent policies is crucial for online retailers and digital platforms to fend off increasingly sophisticated cyber attacks, thereby safeguarding sensitive data and maintaining customer trust.

References

  • NIST. (2017). Digital Identity Guidelines (SP 800-63). National Institute of Standards and Technology. https://pages.nist.gov/800-63-3/
  • Amazon. (2023). Manage your account security. Amazon Help. https://www.amazon.com/gp/help/customer/display.html?nodeId=202074280
  • Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley.
  • Grimes, R. (2019). Cybersecurity best practices for online businesses. Journal of Digital Security, 14(3), 56-65.
  • Schneier, B. (2015). Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W.W. Norton & Company.
  • Ferri, M., & Maggi, F. (2020). Assessing Password Policies: A Comparative Analysis. Journal of Information Security, 11(4), 245-258.
  • Verizon. (2023). Data Breach Investigations Report. https://www.verizon.com/business/resources/reports/databreach-investigations-report/
  • OWASP. (2021). Password Storage Cheat Sheet. Open Web Application Security Project. https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
  • Coker, S. (2022). Implementation of Password Policies in E-Commerce Platforms. International Journal of Cybersecurity, 8(2), 112-124.
  • NIST. (2018). Digital Identity Guidelines. NIST Special Publication 800-63-3. https://doi.org/10.6028/NIST.SP.800-63-3

Related Assignments