Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

Project 2

 Follow the attached instructions  to complete this work.

CSIA 350: Cybersecurity in Business and Industry

Project #2 – e-Commerce Risk Analysis

Overview

E-Commerce companies have become increasingly important in this era of global pandemics and resulting restrictions on businesses and individuals. Consumers are ordering products online in larger numbers than ever before due to business closures or restricted operating hours. Companies positioned in the e-Commerce industry are experiencing growth beyond previous predictions. But, at the same time, some E-commerce companies are seeing their business decline drastically due to travel restrictions and the reluctance of businesses and individuals to travel for any but the most critical of reasons. Added into the risk picture are risks from the actions of cybercriminals, hackers, and nation-state actors are taking advantage of these unsettled times resulting in increased risks for companies whose business models depend upon the Internet for financial transactions, orders, and communications both internal and external. For a company considering an expansion into e-Commerce there can be an increased number of risks overall especially in the areas of information technology and online ordering.

For this project, you will prepare a Risk Analysis to be presented to the governance board (executives and senior managers) at Bay & Shore General Store. After their approval, the Risk Analysis will be sent to the company’s bankers as part of a loan application package for the planned e-Commerce expansion.

Note: before proceeding, you should review NIST SP 800-30 R1:
Guide for Conducting Risk Assessments.
Pay special attention to Appendix D: “Threat Sources: Taxonomy of Threats Sources Capable of Initiating Threat Events” and Appendix H: “Impact: Effects of Threat Events on Organizations, Individuals, and the Nation.”

1. Review the Case Study for Information about Bay & Shore General Store

For this project, you will begin by reviewing the Case Study description of Bay and Shore General Store (found in the course case study
Identifying & Managing Cybersecurity Risk >
The Clients > Bay & Shore General Store). Pay particular attention to the list of Use Cases which the company has provided. These are repeated below. Using your previous learning, brainstorm the types of security risks or threats could apply to each use case.

Table 1. Bay & Shore General Store Use Cases for e-Commerce Activities

Actor

Actions

Customer

Customer browses an online catalog of products

Customer

Customer makes a product purchase (email or phone now, using shopping cart in future)

Employee

Employee fills order and ships to customer

Company (Automated Process)

Company bills customer for items and shipping costs

Customer

Customer initiates return of a delivered product

Customer

Customer cancels purchase that has not been shipped

Employee

Employee enters a price change for an item in inventory

Employee

Employee initiates reorder for low-stock

Manager

Manager checks sales report

Manager

Manager authorizes refund

Manager

Manager authorizes payment to vendors for stock

2. Review the Security Requirements for Accepting Payments via Payment Cards

a. Read the Payment Card Industry Data Security Standards Council’s document
Maintaining payment security.

b. Brainstorm the types of cybersecurity risks which could affect Bay and Shore General Store’s payment transactions (review the Use Cases to identify which ones involve financial transactions).

3. Review the Risk Statements from Three Comparable e-Commerce Companies

Review the Risk statements prepared by three companies who operate similar e-Commerce infrastructures. These companies are shown in the table below along with links to public documents which contain their Risk statements.

Table 2. e-Commerce Companies Similar to Bay & Shore General Store

Company

Website

Annual Report to Investors (Form 10K)

1800Flowers

Amazon

Etsy

4. Research the Three Comparison Companies

a. Using the URLs listed in Table 2 and your own research, review each company’s website to learn about the products and services which it sells via e-Commerce.

b. After you have reviewed each company’s websites, identify 3 or more additional sources of information about each company and how it operates in cyberspace. These can be news articles, data breach reports, etc. Focus on finding information that addresses how the company is responding in the current cyberthreat and economic environment (2019 or later).

c. Using the information obtained from your sources, identify the types of information, information systems, and business operations which drive each company’s need to purchase (or build its own) cybersecurity products and services. Make certain that you clearly identify by company what assets, information, and operations need to be protected.

5. Analyze each Comparison Company’s Form 10-K Annual Report to Investors

a. Using the links from Table 2, download a copy of each company’s
Annual Report to Investors from its Form 10-K filing with the United States Securities and Exchange Commission. (Note: the company is the author of its Form 10-K. Do not list the SEC as the author.)

b. Review each company’s description of itself including history, current operations, etc.

c. Read and analyze the
Risk Factors section in each company’s report to investors (Item 1.A). This section is a professionally written risk analysis that has been written for a specific audience. Pay close attention to what the company includes as risk factors and how the writers chose to present this information.

d. Analyze the risk factors to determine which ones are related to e-Commerce / Internet operations or are otherwise affected by the use of information in digital form and Information Technology systems and infrastructures. Make a list that shows what information, digital assets, and/or business operations (processes) need to be protected from cyberattacks and/or cybercrime (including insiders and external threats) and the type of risk or threat that could affect those assets and processes.

e. Determine which of the identified risks are likely to also apply to Bay & Shore General Store as it expands into e-Commerce operations.

6. Construct Your Risk Analysis

After analyzing each company’s e-Commerce operations and risk statements about those activities, you will construct and document your own cybersecurity risk analysis which focuses upon identifying risks that other e-Commerce companies face that Bay & Shore General Store is also likely to encounter during its planned expansion into e-Commerce (including all supporting business processes). Use the provided Bay & Shore General Store Use Cases as a starting point to organize your analysis. Your risk analysis should address 8 or more of the Use Cases listed under Bay & Shore General Store.

Write

1.
An introduction section which identifies the company being discussed (Bay & Shore General Store) and provides a brief introduction to the company including when it was founded and significant events in its history. You should extract this information from the course case study.

2.
A section containing an introduction to the e-Commerce industry followed by a business profile (3 total) for each comparison company. Put your industry introduction (overview) at the top of this section. Include in your overview a discussion of the Payment Card Industry’s data security standards and how these apply to payment card transactions for e-commerce companies. Then, for each company, provide a separate sub-section in which you summarize their business activities and provide a brief business profile. The profile information should include: headquarters location, key personnel, primary types of business activities and locations, major products or services sold by the company, major competitors, recent financial performance, and additional relevant information from the annual report to investors. Describe this company’s needs or requirements for cybersecurity products and services. What information and/or business operations need to be protected? While your focus should be upon the company’s e-Commerce activities, you should also address the back-office or supporting information and business processes required to deliver those e-commerce activities.

3.
A section in which you identify and then discuss common risks, i.e. those affecting all three companies, which could also affect Bay & Shore General Store. Make sure that you consider risks associated with payment card transactions. Organize these risks using eight or more Use Cases from Table 1. For each of your selected Use Cases, explain how the identified risk could also impact Bay & Shore General Store (for example, a denial of service attack could prevent customers from placing orders). A separate section which provides a detailed summary of the identified risks and potential impacts upon the company’s operations as a whole. What are the likely sources of threats or attacks for each type of information or business operation? (E.g. protect customer information from disclosure or theft during online purchase transactions.). What are the possible impacts should these risks occur?

You may present your summary in table format or using a list format (bullet points).

ID

Use Case

Description of Risk

Potential Impacts to BSGS (Harm or Loss)

1

2

3

4

5

6

7

8

4.
A recommendations section in which you list recommended high level (overview) cybersecurity strategy for Bay & Shore General Store. Answer the question: what are their business needs for cybersecurity and how can these be met? This section should present an overall risk management strategy and include how the four major risk treatments (accept, avoid, mitigate, and transfer) can be applied to the identified risks. If there are risk treatments that you do not recommend using, state that and provide an explanation as to why such risk treatments should not be used in the store’s risk management strategy.

Submit for Grading

Submit your work in MS Word format (.docx or .doc file) using the Project #2 Assignment in your assignment folder. (Attach the file.)

Additional Information

1. Consult the rubric for additional information about the requirements for this project.

2. The recommended length for this project is 8-10 pages not including the required title page and list of references (also required).

3. Your
e-Commerce Risk Analysis should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings to organize your paper. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Paper_Template(TOC+TOF,2021).docx.

4. You are allowed to exceed the page count listed under item #2 but you should focus upon providing a clear and concise written analysis.

5. Your paper should use standard terms and definitions for cybersecurity.

6. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.

7. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.

8. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).

9. Consult the grading rubric for specific content and formatting requirements for this assignment.

Copyright © 2022 by University of Maryland Global Campus. All rights reserved.

image1.png

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

Asign 2 of CG

Follow the attached instructions to complete this work. Guidance to follow I encourage you to build your project format following the requirements established in each project’s final step. I am going to give you the key to success. I am a fan of headings/subheadings in the final project that directly

Assign 2 of CG

Follow the attach information to complete this work. Make sure it aligns with the Rubric. Unit 2 Assignment Directions: Risk-Assessment Strategy Purpose In this assignment, you will detail the risk-assessment plan and strategy for your organization that you described in your discussion post. You have demonstrated that you understand their

How to Bulk Open MBOX File Windows and Mac?

The best way to bulk open MBOX file Windows and Mac without using any email client is through an expert solution such as BitRecover MBOX Viewer. It runs on both OS and is completely free of cost. The best thing is it is easy to use, has multiple selection modes,

Data unit 2 assign

Follow the attach instructions to complete this work State State Bird State Motto Year of Admission Alaska Willow ptarmigan North to the Future 1959 Texas Northern mockingbird Friendship 1845 California California quail Eureka 1850 Montana Western meadowlark Oro y Plata 1889 New Mexico Greater roadrunner Crescit Eundo 1912 Arizona Cactus

Finding …. Theme

Follow the attached instructions to complete this work. Unit 2 Assignment: Finding themes using a Page 1 dashboard Milligan Chapters 7, 8, and 11 Unit 2 Assignment: Finding themes using a dashboard Milligan Chapters 7, 8, and 11 In this assignment, you will learn how to combine individual visualizations to

Data V of D3

Follow the attach instructions to complete this work Deconstruction of an Advanced Dashboard: Trends and Improvements   Discussion Prompts · Does the dashboard designer use any of the trends that are described in Milligan’s Chapter 9? · If they did use those trends, state which one(s), and describe what they

DV D2

Follow the attached instructions to complete this work also find the previous work attach to it.  Deconstructions of an Advanced Dashboard: Dashboard Approach and Storytelling   Task There is a discussion you will need to participate in this unit. Select the button that follows to access the discussion thread.  You

CG 5

Follow the attached instructions to complete this work. In Unit 1, you analyzed the NIST 2.0 Framework and then compared it to the administration’s approach to cybersecurity. In Unit 2, you will look more specifically at what it means to establish a risk-assessment approach for an organization and how that

Computer Science Digital Image Analysis Assignment

Can anyone create me any one from the assignment doc 1. Real-Time Image Super-Resolution for Video Streams · Description: Develop a system to enhance the resolution of low-quality video streams in real-time using Super-Resolution GANs (SRGAN) or ESRGAN. · Challenge: Ensure temporal consistency across frames, avoid artifacts, and maintain real-time

D1 of data

Follow the attached instructions to complete this work in an hour. Unit 1 Discussion: Deconstruction of an Advanced Dashboard: Identification of Purpose and Visualizations   Task 1. Go to  Viz of the Day 2. This website is hosted by Tableau Public, and new visualizations are posted daily. 3. Select one

D1 of Cg

Follow the attached instruction to complete this discussion Directions 1. Initial post: Respecting user privacy and ensuring data integrity are important ethical requirements of a CISO. They are requirements reflected in the internal governance approach to writing policies on how to manage access and control over data. You may add

Cyber 1

Follow the attach instructions to complete this work. Make sure it Aligns with Rubric. Unit 1 Assignment Directions: Administration Approach to Cybersecurity Purpose Write a 5-page paper analyzing 2023’s  National Cybersecurity Strategy Implementation Plan (NCSIP), which supports the NCS 2023, the Biden Administration’s approach to cybersecurity. Keep in mind that NIST

How to Convert OST files to PST?

Convert OST to PST using Shoviv OST to PST Converter (in steps): · Install and open OST to PST Converter tool · Add OST files you want to convert · Choose PST as the saving format · Select destination folder · Click Export to start conversion The tool converts OST

GainTools MBOX to PST Converter

GainTools MBOX to PST Converter is a powerful and easy-to-use program that can change MBOX files into PST files with 100% accuracy. It can convert several MBOX files at once, keeps the layout and attachments of the emails, and works with all major MBOX email clients. This makes it quick,

windowslivemailconverter

 <!–td {border: 1px solid #cccccc;}br {mso-data-placement:same-cell;}–> The best choice for the users is eSoftTools Windows Live Mail Converter software. It allows the users to convert their Live Mail profile emails into multiple formats as well as export Windows Live Mail emails to 8+ conversion and different cloud mail apps. It

Final CIS Project

 Scenario: A robot is sitting in a chair with its arms facing down. Write an algorithm, using pseudocode, to make the robot: 

What features define a successful AI Chatbot Development Company?

A successful AI Chatbot Development Company is defined by its ability to deliver intelligent, scalable, and user-friendly chatbot solutions powered by advanced AI and NLP. Key features include seamless integration, contextual conversation handling, real-time analytics, and enterprise-grade security—essential for enhancing customer support, boosting engagement, and automating workflows across diverse business

Instructions listed below

It’s an online assignment, I’ll give you the login and the names of the assignments, and you complete them.