User Account

All Pages

CSIA 350 Cybersecurity in Business & Industry Assignment

Assignment Help Computer Network Security
Reference no: EM132568721

CSIA 350 Cybersecurity in Business & Industry - University of Maryland Global Campus

Project e-Commerce Risk Analysis

Description
For this project, you will begin by researching a publicly traded company that engages in e-Commerce. You will then review the company's risk statements as published each year in the company's Annual Report to Investors (also published in the company's annual filing of SEC Form 10-K). After analyzing the company's e-Commerce operations and its risk statements about those activities, you will construct and document your own cybersecurity risk analysis which focuses upon the company's e-Commerce activities (including all supporting business processes).

A list of approved companies appears at the end of this file (see Table 2). If you wish to use acompany not on the approved list you must first obtain the approval of your instructor.

Note: before beginning this assignment, you should review NIST SP 800-30 R1: Guide for Conducting Risk Assessments. Pay special attention to Appendix D: "Threat Sources: Taxonomy of Threats Sources Capable of Initiating Threat Events" and Appendix H: "Impact: Effects of Threat Events on Organizations, Individuals, and the Nation."

Research Your Chosen Company

Part 1. Review the company's website to learn about the products and services which it sells via e-Commerce.

Part 2. Retrieve and review the Hoovers profile for the company. These profiles are written by professional analysts; pay close attention to the types of questions the analysts ask and answer in the company profile.

Part 3. Use the search bar at the top of the "Search & Build a List" tab to find your chosen company.

Part 4. The company profile web pages in the Hoovers database are interactive and have expanding menus / options (see figure below). You may find it helpful to use the "OneStop Report" button to generate a PDF version of the information. Select "Core" under categories (Available Fields: Company Summary, Contacts, Corporate Family, Corporate Overview, SWOT, and News). Click on the field names in the middle column to select them for your report.

Part 5. After you have looked at the company website and the Hoovers report, Identify 3 or more additional sources of information about the company and how it operates in cyberspace. These can be news articles, data breach reports, etc.
Part 6. Using the information obtained from your sources, identify the types of information and business operations which drive this company's need for cybersecurity products and services. (What needs to be protected?)

Analyze the Company's Risk Statements

Part 1. Using the links from Table 1 (at the end of this file), download a copy of your selected company's most recent Annual Report to Investors from its Form 10-K filing with the United States Securities and Exchange Commission. (Note: the company is the author of its Form 10-K. Do not list the SEC as the author.)

Part 2. Read and analyze the Risk Factors section in the company's report to investors (Item 1.A). This section is a professionally written risk analysis that has been written for a specific audience. Pay close attention to what the company includes as risk factors and how the writers chose to present this information.

Part 3. Analyze the risk factors to determine which ones are related to e-Commerce / Internet operations or are otherwise affected by the use of information in digital form and Information Technology systems and infrastructures. Make a list that shows what information, digital assets, and/or business operations (processes) need to be protected from cyberattacks and/or cybercrime (including insiders and external threats) and the type of risk or threat that could affect those assets and processes.

Write

Part 1. An introduction section which identifies the company being discussed and provides a brief introduction to the company including when it was founded and significant events in its history.

Part 2. A business profile for the company. This information should include: headquarters location, key personnel, primary types of business activities and locations, major products or services sold by the company, major competitors, stock information (including ticker symbol or NASDAQ code), recent financial performance, and additional relevant information from the business profiles. (Use information from Hoovers and other authoritative sources)

Part 3. An overviewof the company's e-Commerce operations which summarizes information obtained from its annual report, the Hoovers profile for the company, and other sources which you found in your research.

Part 4. A separate section in which you describe this company's needs or requirements for cybersecurity. What information and/or business operations need to be protected? While your focus should be upon the company's e-Commerce activities, you should also address the back-office or supporting information and business processes required to deliver those e-commerce activities.

Part 5. A separate section which provides a detailed summary of the identified risks and potential impacts upon the company's operations as a whole.What are the likely sources of threats or attacks for each type of information or business operation? (E.g. protect customer information from disclosure or theft during online purchase transactions.). What are the possible impacts should these risks occur? You may present your summary in table format.

Project -Risk Management Strategy for an e-Commerce Company

Description
For this project, you will build upon the e-Commerce Risk Analysis performed in Project #2. For this project, you will construct a risk management strategy for your selected company which includes specific cybersecurity activities (as defined in the NIST Cybersecurity Framework Core) which will help the company mitigate the identified risks. Your strategy will include an "acquisition forecast" in which you identify and discuss the technologies, products, and services required to implement your recommended risk management strategy. (Note: you must use the same company as used in Project #2. You may expand upon your risk analysis if necessary.)

Develop an Executive Summary
Since this is a separate deliverable, you will need to begin by identifying the selected company and providing an executive summary of the e-Commerce Risk Analysis that you presented in Project #2.

Develop and Document theRisk Mitigation Strategy
For this section of your project, you must identify and document a risk mitigation strategy for 10 separate risks. Your risk mitigation strategies must utilize at least three (3) of the five (5) NIST Cybersecurity Framework (CSF) Core Functions.

1. Begin by copying Table 1 from this file into a new file (for your assignment submission). This table will become your Risk Profile Table. (Delete the example text.)

2. Next, convert your list of risk factors (from Project #2) into a "Risk Profile" Each risk factor should be listed as a separate risk item with its own row in your Risk Profile.(Add a row to your table for each identified risk - one per row). For this step, you will fill in the information for the first two columns (Risk ID and Risk).

3. Next, consult the NIST Cybersecurity Framework (see Table 2: Framework Core) to identify the cybersecurity activities which can be used to control / mitigate the identified risks. Add this information to each row in your table. Note: you should paraphrase the information for the "Risk Mitigation Strategy (description)" column and the "Implementation: Required Technologies, Products, or Services" column.

4. Complete the final two columns of the table by entering the exact function, category, and sub-category identifiers and descriptions as listed in NIST CSF Table 2. See the example below.

Develop an "Acquisition Forecast"

To complete your work, summarize the technologies which you are recommending that the company acquire (purchase) in order to mitigate risks; these technologies MUST appear in your risk profile table. Your acquisition forecast should identify and fully discuss a minimum ofthree categories or types of cybersecurity products or services which this company will need to purchase in order to appropriately mitigate the identified risks.Remember to include information about potential vendors or suppliers including how you can identify and qualify appropriate sources of technologies, products, and services. This information provides the justification or rationale for your recommendations.

Note: "qualifying" a producer / manufacturer, vendor or seller refers to the due diligence processes required to investigate the supplier and ensure that the products, services, and technologies acquired from it will meet the company's needs and requirements. For cybersecurity related acquisitions, this many include testing the products and services to ensure that they can be trusted to deliver the required functionality and will not be a source of threats or harm.

Write
1. An executive summary which identifies the company being discussed and provides a brief introduction to the company including when it was founded and significant events in its history. This summary must also provide a high level overviewof the company's operations(reuse and adapt your narrative from Project #2) and the e-Commerce risks that the company must address and mitigate.
2. A separate section in which you present a Risk Management Profile. Begin with an introductory paragraph in which you summarize the risks and risk mitigation strategies. Your introduction should also explain the Risk Profile table (what is in it, how to use it).
3. Complete and then insert your Risk Profile Table at the end of this Risk Management Profile section. In-text citations are NOT required within the body of your Risk Profile Table but you must credit the sources of information used by listing / mentioning them in your introduction to this section.
4. A separate section in which you present your "Acquisition Forecast" in which you identify and discuss the products, services, and/or technologies which the company must purchase in the future to implement the recommended risk mitigation strategies. Remember to include information about potential vendors or suppliers including how you can identify and qualify appropriate sources of technologies, products, and services.
5. A closing section (Summary & Conclusions) which summarizes your risk management strategy and presents a compelling argument as to how your risk mitigation strategies (including the acquisition forecast) will reduce or control (mitigate) the identified "cyber" risks. Remember to address the five NIST Cybersecurity Framework Core Functions in your summation.

Project : Acquisition RiskAnalysis

Overview
For this project, you will investigate and then summarize key aspects of risk and risk management for acquisitions or procurements of cybersecurity products and services. The specific questions that your acquisition risk analysis will address are:

1. What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaserofcybersecurity related products and/or services?

2. Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and services? (That is, does the risk transfer from seller to buyer?)

3. How can governance frameworks be used by both suppliers and purchasers of cybersecurity related products and services to mitigate risks?

For this assignment, your "purchaser" will be the same company that you researched in Project #2. You should reuse relevant information from your risk assessment and risk profile (especially your recommended security controls).

Begin by reviewing your selected company's needs or requirements for cybersecurity (this information should have been collected your earlier projects in this course). What information and/or business operations need to be protected? What are the likely sources of threats or attacks for each type of information or business operation? What technologies, products, or services did you identify and discuss in your risk management strategy / acquisition forecast?

Next, you will research how operational risk during the manufacturing, development, or service delivery processes can affect the security posture (integrity) of products and services listed in your acquisition forecast. You will then explore the problem of product liability and/or risk transference from supplier to purchaser as products or services are delivered, installed, and used. You will also need to examine the role that IT governance frameworks and standards can play in helping purchasers develop and implement risk mitigation strategies to compensate for potential risk transfer by suppliers.

Once you have completed your research and analysis, you will summarize your findings in an acquisition risk analysis for cybersecurity products and services. This analysis should be suitable for use by the company's senior managers in developing a company-wide risk management strategy for acquisition and procurement activities which could impact the company's cybersecurity posture.

Research
1. Review your work for projects 1, 2, and 3.

2. Review your previous work as to the role of IT Governance standards in helping businesses identify and manage risks arising from the purchase of IT related products and services.

3. Review the course readings relating to the Cybersecurity industry and sources of products and services.

4. If you have not previously done so, identify three or more categories of cybersecurity products or services which your selected company is likely to purchase. Investigate the characteristics of these products / services. You should also identify possible vendors or sources from whom these can be purchased or acquired (e.g. open source software is acquired rather than bought or "purchased"). You should focus on products which can help reduce risks associated with e-Commerce and protection of customer information, protection of online ordering systems, etc.

5. Research risks and/or vulnerabilities which could be introduced into a buyer's organization and/or IT operations through acquisition or purchase of cybersecurity products or services.

6. Identify five or more specific sources of operational risks, in a supplier's organization, which could adversely affect the security of cybersecurity products or services delivered to its customers. In addition to using information you relied onin your previous projects, consult the Software Engineering Institute's publication A Taxonomy of Operational Cyber Security Risks

7. Research the issue of product liability with respect to cybersecurity products and services. What is the current legal environment?

Write

1. An introduction section which provides a brief overview of your selected company, its e-Commerce operations, and the acquisition forecast for the company's likely future needs and purchases for cybersecurity products and services. You should reuse information / narrative from projects 2 and 3. Your introduction section for this project should be no more than 1 page in length.

2. A governance frameworks & standards section in which you discuss the role that standards and governance processes should play in reducing risk by ensuring that acquisitions or purchases of cybersecurity products and services meet the buyer's organization's security requirements (risk mitigation).

3. A Cybersecurity Industry &Supplier Overviewsection which provides a discussion of the likely sources (companies, vendors, consortiums, open source repositories, etc.) from which cybersecurity products and services can be acquired, licensed, or purchased. Your overview should briefly discuss thecybersecurity industry as a whole. Why does this industry exist? (Hint: buyers want to procure or acquire cybersecurity related products and services). How does this industry benefit society?

4. An operationalrisks overview section in which you provide an overview of sources of operational risks which could affect suppliers of cybersecurity related products and services and, potentially, compromise the security of those products or services. Discuss the potential impact of such compromises upon buyers and the security of their organizations (risk transfer).

5. A product liability section in which you provide a summary of the current legal environment as it pertains to product liability in the cybersecurity industry. Discuss the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services.

6. A summary and conclusions section in which you present a summary of your findings including the reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services.

Attachment:- Cybersecurity in Business & Industry.rar

Reference no: EM132568721

Questions Cloud

Look at what the lecture slides about dramatic structure : Give three specific examples of the use of 'spectacle' in A Doll's House and explain why they are examples of spectacle
HIT Service Management-HIT Architecture and Infrastructure : Discuss the two major components of an HIT service management. Provide examples of what is included in them. Discuss the recent trends in HIT infrastructure.
What are depreciation expense and accumulated depreciation : What are Depreciation Expense and Accumulated Depreciation classified as, respectively? What is the type of account and normal balance
Good public speaker can help individuals : Research suggests that being a good public speaker can help individuals grow their business, advance their career, and form strong collaborations
CSIA 350 Cybersecurity in Business & Industry Assignment : CSIA 350 Cybersecurity in Business & Industry Assignment Help and Solution, University of Maryland Global Campus - Assessment Writing Service
Solve the corruption of police conduct happening : It will also allow us as a community to become more involved and solve the corruption of police conduct happening now in our country.
Which domains of the it infrastructure were involved : Company M designs, manufactures, and sells electronic door locks for commercial buildings. The company has approximately 1,500 employees in three locations.
Described movements on the equation basic accounting : Indicates the effect of the described movements on the equation basic accounting . He bought a place to set up his office, paying with a $200,000 check.
Servant leadership can improve communities and society : Explain how servant leadership can improve communities and society. Why is leadership courage important to realize these changes?

Reviews

Write a Review

Computer Network Security Questions & Answers

  Evaluate software solutions to security problems

Security is a major concern for many mission-critical applications.  The focus of the assignment is specifically on protocols that contain known vulnerabilities.

  Role of planning when developing a cybersecurity strategy

Describe the role of planning when developing a cybersecurity strategy and what key deliverables would ensure an effective implementation and transition.

  Hashing and bst

Hashing and BST

  Design and maintain a defensible computer host

Find an exploit for this vulnerability and demonstrate how a successful attack can be launched in a virtual environment and Investigate how this particular

  Project - enterprise network security

You need to identify what streaming the companies are doing and the specific technology they are leveraging - What are the technical vulnerabilities

  Discusses methods for systems and application security

Write a 1-2 -paragraph summary that discusses methods for systems and application security. Use the completed Pluralsight lesson as your source including key points taken from the lesson.

  Federal government regulates labels

The federal government regulates labels, warranties, and consumer products. Without government regulation, what abuses are likely to occur?

  Ids and ips overview

IDS and IPS Overview

  Write down a 350- to 700-word article review addressing the

write a 350- to 700-word article review addressing the sequential process the article discusses that highlights a

  Ideas for energizing a project team

Assume you are introduced to a assignment manager, who does not have authority to give a pay raise or promote a project team member.

  Identify threats to private and public organizations

Define "cyber security," and identify threats to private and public organizations. Identify the pillars of personal security that assist in personal protection.

  Evaluate the effect of this ruling on forensic investigation

Evaluate the effect of this ruling on forensic investigations from a forensics standpoint and determine whether or not you would consider this an "open door" for criminal activity. Justify your answer

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd