Information security is of paramount importance to Amazon Web Services (AWS) customers. Security is a core functional requirement that protects mission-critical information from accidental or deliberate theft, leakage, integrity compromise, and deletion.
Under the AWS shared responsibility model, AWS provides a global secure infrastructure and foundation compute, storage, networking and database services, as well as higher level services. AWS provides a range of security services and features that AWS customers can use to secure their assets. AWS customers are responsible for protecting the confidentiality, integrity, and availability of their data in the cloud, and for meeting specific business requirements for information protection. For more information on AWS’s security features, please read Overview of Security Processes Whitepaper.
This whitepaper describes best practices that you can leverage to build and define an Information Security Management System (ISMS), that is, a collection of information security policies and processes for your organization’s assets on AWS. For more information about ISMSs, see ISO 27001 at http://www.27000.org/iso-27001.htm. Although it is not required to build an ISMS to use AWS, we think that the structured approach for managing information security that is built on basic building blocks of a widely adopted global security approach will help you improve your organization’s overall security posture.
