User Account

All Pages

Risk management strategy for an e-commerce company

Assignment Help Computer Network Security
Reference no: EM132568735

CSIA 350 Cybersecurity in Business & Industry - University of Maryland Global Campus

Project -Risk Management Strategy for an e-Commerce Company

Description
For this project, you will build upon the e-Commerce Risk Analysis performed in Project #2. For this project, you will construct a risk management strategy for your selected company which includes specific cybersecurity activities (as defined in the NIST Cybersecurity Framework Core) which will help the company mitigate the identified risks. Your strategy will include an "acquisition forecast" in which you identify and discuss the technologies, products, and services required to implement your recommended risk management strategy. (Note: you must use the same company as used in Project #2. You may expand upon your risk analysis if necessary.)

Develop an Executive Summary
Since this is a separate deliverable, you will need to begin by identifying the selected company and providing an executive summary of the e-Commerce Risk Analysis that you presented in Project #2.

Develop and Document theRisk Mitigation Strategy
For this section of your project, you must identify and document a risk mitigation strategy for 10 separate risks. Your risk mitigation strategies must utilize at least three (3) of the five (5) NIST Cybersecurity Framework (CSF) Core Functions.

1. Begin by copying Table 1 from this file into a new file (for your assignment submission). This table will become your Risk Profile Table. (Delete the example text.)

2. Next, convert your list of risk factors (from Project #2) into a "Risk Profile" Each risk factor should be listed as a separate risk item with its own row in your Risk Profile.(Add a row to your table for each identified risk - one per row). For this step, you will fill in the information for the first two columns (Risk ID and Risk).

3. Next, consult the NIST Cybersecurity Framework (see Table 2: Framework Core) to identify the cybersecurity activities which can be used to control / mitigate the identified risks. Add this information to each row in your table. Note: you should paraphrase the information for the "Risk Mitigation Strategy (description)" column and the "Implementation: Required Technologies, Products, or Services" column.

4. Complete the final two columns of the table by entering the exact function, category, and sub-category identifiers and descriptions as listed in NIST CSF Table 2. See the example below.

Develop an "Acquisition Forecast"

To complete your work, summarize the technologies which you are recommending that the company acquire (purchase) in order to mitigate risks; these technologies MUST appear in your risk profile table. Your acquisition forecast should identify and fully discuss a minimum ofthree categories or types of cybersecurity products or services which this company will need to purchase in order to appropriately mitigate the identified risks.Remember to include information about potential vendors or suppliers including how you can identify and qualify appropriate sources of technologies, products, and services. This information provides the justification or rationale for your recommendations.

Note: "qualifying" a producer / manufacturer, vendor or seller refers to the due diligence processes required to investigate the supplier and ensure that the products, services, and technologies acquired from it will meet the company's needs and requirements. For cybersecurity related acquisitions, this many include testing the products and services to ensure that they can be trusted to deliver the required functionality and will not be a source of threats or harm.

Write

1. An executive summary which identifies the company being discussed and provides a brief introduction to the company including when it was founded and significant events in its history. This summary must also provide a high level overviewof the company's operations(reuse and adapt your narrative from Project #2) and the e-Commerce risks that the company must address and mitigate.

2. A separate section in which you present a Risk Management Profile. Begin with an introductory paragraph in which you summarize the risks and risk mitigation strategies. Your introduction should also explain the Risk Profile table (what is in it, how to use it).

3. Complete and then insert your Risk Profile Table at the end of this Risk Management Profile section. In-text citations are NOT required within the body of your Risk Profile Table but you must credit the sources of information used by listing / mentioning them in your introduction to this section.

4. A separate section in which you present your "Acquisition Forecast" in which you identify and discuss the products, services, and/or technologies which the company must purchase in the future to implement the recommended risk mitigation strategies. Remember to include information about potential vendors or suppliers including how you can identify and qualify appropriate sources of technologies, products, and services.

5. A closing section (Summary & Conclusions) which summarizes your risk management strategy and presents a compelling argument as to how your risk mitigation strategies (including the acquisition forecast) will reduce or control (mitigate) the identified "cyber" risks. Remember to address the five NIST Cybersecurity Framework Core Functions in your summation.

Attachment:- Risk Management Strategy.rar

Reference no: EM132568735

Questions Cloud

Write detailed examination of right to life : Write detailed examination of "right to life". Make sure that you consider certain aspects of the right such as rights-holder, duty-bearer and state obligations
Acquisition risk analysis assignment : Project Acquisition Risk Analysis - What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaser of cybersecurity
What amount should vaughn report as total income : What amount should Vaughn report as total 2018 income tax expense? At December 31, 2017, Vaughn Inc. had a deferred tax asset of $27,700.
Which health care laws are still in practice : Which health care laws are still in practice? Why? What are the functions of a hospital? How have these functions evolved over the past twenty years?
Risk management strategy for an e-commerce company : Risk Management Strategy for an e-Commerce Company - identifying the selected company and providing an executive summary of the e-Commerce Risk Analysis
What is public interest theory and interest group theory : What is public interest theory and interest group theory? What is contractual and market based incentives? What is sensitivity and precision?
Cultivate to enhance the number of millennial leaders : Examine the best practices that your team can cultivate to enhance the number of millennial leaders.
Project e-commerce risk analysis : Project e-Commerce Risk Analysis - identifies the company being discussed and provides a brief introduction to the company including when it was founded
What is positive accounting theory : What is positive accounting theory, game theory and power theory? What is information and measurement perspectives? What is Nash Equilibrium?

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd