Information Security Risk Assessment for Zappos.com
Zappos.com (http://www.zappos.com/) formerly known as Shoesite.com is a retail industry founded in the year 1999 originally established to offer shopping services for footwear. This public company has grown to offer other services as accessories, clothing, eyewear, housewares and beauty products, bags and handbags and gift cards.
System Characterization
The company locations are in Las Vegas, Shpherdsville and San Francisco. The types of data, information transmitted in Zappos.com include passwords and credit card numbers for online transactions.
Zappos.com uses Secure Sockets Layers (SSL) technology to enable scrambling of sensitive information and also to ensure that personal information …show more content…
The company private policy page offers explanations on information collection, information use and disclosure, data security, opt outs and corrections and updates to policy.
Zappos domain is hosted in Virginia – Ashburn by the Amazon Europe Holding Technologies. Although there are security concerns in conducting this business, risk assessment is key to addressing these concerns, therefore, Information protection and availability, confidentiality and integrity maintenance to any information technology asset is vital in meeting program delivery
Threat Identification
Attacks on information system has become persistent and part of doing digital business in many business enterprises. Most of these threats come from the insider accounts, outsiders, the softwares and applications used in the entire business cycle.
Zappos system has recorded instances of system attack and copyright infringement and from these there were identified possible threats to the system.
Threat Source Threat Motivations/insights Threat …show more content…
Operational controls in Zappos system include; Security reviews and audits, separation of duties together with security awareness. The management and administrative controls, includes security reviews and assessment and policy statements of the rules of behavior.
Some of the specific control analysis strategies used by Zappos are to inhibit the theft risks, File encryption mechanisms have been employed by Zappos to protect the data stored on their hard drives.
The site encourages strong passwords that cannot be easily cracked by the attackers and have also availed list of site use policies to its customers.
Control possible motives to threats by screening out potential problems before they arise Zappos always provides information when a threat has occurred through the audit trails they carry out.
They have as well provided a way to respond to the threats that have occurred in their site and did recreate applications for contingency
Zappos.com (http://www.zappos.com/) formerly known as Shoesite.com is a retail industry founded in the year 1999 originally established to offer shopping services for footwear. This public company has grown to offer other services as accessories, clothing, eyewear, housewares and beauty products, bags and handbags and gift cards.
System Characterization
The company locations are in Las Vegas, Shpherdsville and San Francisco. The types of data, information transmitted in Zappos.com include passwords and credit card numbers for online transactions.
Zappos.com uses Secure Sockets Layers (SSL) technology to enable scrambling of sensitive information and also to ensure that personal information …show more content…
The company private policy page offers explanations on information collection, information use and disclosure, data security, opt outs and corrections and updates to policy.
Zappos domain is hosted in Virginia – Ashburn by the Amazon Europe Holding Technologies. Although there are security concerns in conducting this business, risk assessment is key to addressing these concerns, therefore, Information protection and availability, confidentiality and integrity maintenance to any information technology asset is vital in meeting program delivery
Threat Identification
Attacks on information system has become persistent and part of doing digital business in many business enterprises. Most of these threats come from the insider accounts, outsiders, the softwares and applications used in the entire business cycle.
Zappos system has recorded instances of system attack and copyright infringement and from these there were identified possible threats to the system.
Threat Source Threat Motivations/insights Threat …show more content…
Operational controls in Zappos system include; Security reviews and audits, separation of duties together with security awareness. The management and administrative controls, includes security reviews and assessment and policy statements of the rules of behavior.
Some of the specific control analysis strategies used by Zappos are to inhibit the theft risks, File encryption mechanisms have been employed by Zappos to protect the data stored on their hard drives.
The site encourages strong passwords that cannot be easily cracked by the attackers and have also availed list of site use policies to its customers.
Control possible motives to threats by screening out potential problems before they arise Zappos always provides information when a threat has occurred through the audit trails they carry out.
They have as well provided a way to respond to the threats that have occurred in their site and did recreate applications for contingency