Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

Project 2

 Follow the attached instructions  to complete this work.

CSIA 350: Cybersecurity in Business and Industry

Project #2 – e-Commerce Risk Analysis

Overview

E-Commerce companies have become increasingly important in this era of global pandemics and resulting restrictions on businesses and individuals. Consumers are ordering products online in larger numbers than ever before due to business closures or restricted operating hours. Companies positioned in the e-Commerce industry are experiencing growth beyond previous predictions. But, at the same time, some E-commerce companies are seeing their business decline drastically due to travel restrictions and the reluctance of businesses and individuals to travel for any but the most critical of reasons. Added into the risk picture are risks from the actions of cybercriminals, hackers, and nation-state actors are taking advantage of these unsettled times resulting in increased risks for companies whose business models depend upon the Internet for financial transactions, orders, and communications both internal and external. For a company considering an expansion into e-Commerce there can be an increased number of risks overall especially in the areas of information technology and online ordering.

For this project, you will prepare a Risk Analysis to be presented to the governance board (executives and senior managers) at Bay & Shore General Store. After their approval, the Risk Analysis will be sent to the company’s bankers as part of a loan application package for the planned e-Commerce expansion.

Note: before proceeding, you should review NIST SP 800-30 R1:
Guide for Conducting Risk Assessments.
Pay special attention to Appendix D: “Threat Sources: Taxonomy of Threats Sources Capable of Initiating Threat Events” and Appendix H: “Impact: Effects of Threat Events on Organizations, Individuals, and the Nation.”

1. Review the Case Study for Information about Bay & Shore General Store

For this project, you will begin by reviewing the Case Study description of Bay and Shore General Store (found in the course case study
Identifying & Managing Cybersecurity Risk >
The Clients > Bay & Shore General Store). Pay particular attention to the list of Use Cases which the company has provided. These are repeated below. Using your previous learning, brainstorm the types of security risks or threats could apply to each use case.

Table 1. Bay & Shore General Store Use Cases for e-Commerce Activities

Actor

Actions

Customer

Customer browses an online catalog of products

Customer

Customer makes a product purchase (email or phone now, using shopping cart in future)

Employee

Employee fills order and ships to customer

Company (Automated Process)

Company bills customer for items and shipping costs

Customer

Customer initiates return of a delivered product

Customer

Customer cancels purchase that has not been shipped

Employee

Employee enters a price change for an item in inventory

Employee

Employee initiates reorder for low-stock

Manager

Manager checks sales report

Manager

Manager authorizes refund

Manager

Manager authorizes payment to vendors for stock

2. Review the Security Requirements for Accepting Payments via Payment Cards

a. Read the Payment Card Industry Data Security Standards Council’s document
Maintaining payment security.

b. Brainstorm the types of cybersecurity risks which could affect Bay and Shore General Store’s payment transactions (review the Use Cases to identify which ones involve financial transactions).

3. Review the Risk Statements from Three Comparable e-Commerce Companies

Review the Risk statements prepared by three companies who operate similar e-Commerce infrastructures. These companies are shown in the table below along with links to public documents which contain their Risk statements.

Table 2. e-Commerce Companies Similar to Bay & Shore General Store

Company

Website

Annual Report to Investors (Form 10K)

1800Flowers

Amazon

Etsy

4. Research the Three Comparison Companies

a. Using the URLs listed in Table 2 and your own research, review each company’s website to learn about the products and services which it sells via e-Commerce.

b. After you have reviewed each company’s websites, identify 3 or more additional sources of information about each company and how it operates in cyberspace. These can be news articles, data breach reports, etc. Focus on finding information that addresses how the company is responding in the current cyberthreat and economic environment (2019 or later).

c. Using the information obtained from your sources, identify the types of information, information systems, and business operations which drive each company’s need to purchase (or build its own) cybersecurity products and services. Make certain that you clearly identify by company what assets, information, and operations need to be protected.

5. Analyze each Comparison Company’s Form 10-K Annual Report to Investors

a. Using the links from Table 2, download a copy of each company’s
Annual Report to Investors from its Form 10-K filing with the United States Securities and Exchange Commission. (Note: the company is the author of its Form 10-K. Do not list the SEC as the author.)

b. Review each company’s description of itself including history, current operations, etc.

c. Read and analyze the
Risk Factors section in each company’s report to investors (Item 1.A). This section is a professionally written risk analysis that has been written for a specific audience. Pay close attention to what the company includes as risk factors and how the writers chose to present this information.

d. Analyze the risk factors to determine which ones are related to e-Commerce / Internet operations or are otherwise affected by the use of information in digital form and Information Technology systems and infrastructures. Make a list that shows what information, digital assets, and/or business operations (processes) need to be protected from cyberattacks and/or cybercrime (including insiders and external threats) and the type of risk or threat that could affect those assets and processes.

e. Determine which of the identified risks are likely to also apply to Bay & Shore General Store as it expands into e-Commerce operations.

6. Construct Your Risk Analysis

After analyzing each company’s e-Commerce operations and risk statements about those activities, you will construct and document your own cybersecurity risk analysis which focuses upon identifying risks that other e-Commerce companies face that Bay & Shore General Store is also likely to encounter during its planned expansion into e-Commerce (including all supporting business processes). Use the provided Bay & Shore General Store Use Cases as a starting point to organize your analysis. Your risk analysis should address 8 or more of the Use Cases listed under Bay & Shore General Store.

Write

1.
An introduction section which identifies the company being discussed (Bay & Shore General Store) and provides a brief introduction to the company including when it was founded and significant events in its history. You should extract this information from the course case study.

2.
A section containing an introduction to the e-Commerce industry followed by a business profile (3 total) for each comparison company. Put your industry introduction (overview) at the top of this section. Include in your overview a discussion of the Payment Card Industry’s data security standards and how these apply to payment card transactions for e-commerce companies. Then, for each company, provide a separate sub-section in which you summarize their business activities and provide a brief business profile. The profile information should include: headquarters location, key personnel, primary types of business activities and locations, major products or services sold by the company, major competitors, recent financial performance, and additional relevant information from the annual report to investors. Describe this company’s needs or requirements for cybersecurity products and services. What information and/or business operations need to be protected? While your focus should be upon the company’s e-Commerce activities, you should also address the back-office or supporting information and business processes required to deliver those e-commerce activities.

3.
A section in which you identify and then discuss common risks, i.e. those affecting all three companies, which could also affect Bay & Shore General Store. Make sure that you consider risks associated with payment card transactions. Organize these risks using eight or more Use Cases from Table 1. For each of your selected Use Cases, explain how the identified risk could also impact Bay & Shore General Store (for example, a denial of service attack could prevent customers from placing orders). A separate section which provides a detailed summary of the identified risks and potential impacts upon the company’s operations as a whole. What are the likely sources of threats or attacks for each type of information or business operation? (E.g. protect customer information from disclosure or theft during online purchase transactions.). What are the possible impacts should these risks occur?

You may present your summary in table format or using a list format (bullet points).

ID

Use Case

Description of Risk

Potential Impacts to BSGS (Harm or Loss)

1

2

3

4

5

6

7

8

4.
A recommendations section in which you list recommended high level (overview) cybersecurity strategy for Bay & Shore General Store. Answer the question: what are their business needs for cybersecurity and how can these be met? This section should present an overall risk management strategy and include how the four major risk treatments (accept, avoid, mitigate, and transfer) can be applied to the identified risks. If there are risk treatments that you do not recommend using, state that and provide an explanation as to why such risk treatments should not be used in the store’s risk management strategy.

Submit for Grading

Submit your work in MS Word format (.docx or .doc file) using the Project #2 Assignment in your assignment folder. (Attach the file.)

Additional Information

1. Consult the rubric for additional information about the requirements for this project.

2. The recommended length for this project is 8-10 pages not including the required title page and list of references (also required).

3. Your
e-Commerce Risk Analysis should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings to organize your paper. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Paper_Template(TOC+TOF,2021).docx.

4. You are allowed to exceed the page count listed under item #2 but you should focus upon providing a clear and concise written analysis.

5. Your paper should use standard terms and definitions for cybersecurity.

6. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.

7. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.

8. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).

9. Consult the grading rubric for specific content and formatting requirements for this assignment.

Copyright © 2022 by University of Maryland Global Campus. All rights reserved.

image1.png

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

Data management

MKN1 — MKN1 TASK 2: NON-RELATIONAL DATABASE DESIGN AND IMPLEMENTATION DATA MANAGEMENT — D597 PRFA — MKN1 COMPETENCIES 4157.1.1 : Recommends an Appropriate Data Architecture The learner recommends an appropriate data architecture. 4157.1.2 : Examines the Data Available for Analysis The learner examines the data available for analysis to determine

D 8 of 485

Follow the attached instructions to complete this work.   Strategies for Addressing Global Threats You will start by writing a short paper as described in the discussion question. You will be using information from this week’s readings and from your own research to address the information needs expressed in the

D 7 of 485

Follow the attached instructions to complete this work. Leadership Update: Cyber Crime   You will start by writing a short paper as described in the discussion question. You will be using information from this week’s readings and from your own research to address the information needs expressed in the question.

D 8 of 413

 Follow the attach instructions to complete this work. Budgeting for Cybersecurity   You will start by writing a short paper as described in the discussion question. You will be using information from this week’s readings and from your own research to address the information needs expressed in the question. Create an

Computer Science written assignment 3

Written Essay Assignment 3-1: · Identify common risks, threats, and vulnerabilities found in the LAN-to-WAN Domain that require proper security controls for mitigation · Identify network and security policies needed to properly secure the LAN-to-WAN portion of the network infrastructure · Write a 2-3 page APA-formatted essay that identifies network

project 3 of 485

Follow the attach instructions to complete the work. Make sure it aligns with the Rubric Project #3: Presentation for Board of Directors Your Task: Padgett-Beale’s Chief Information Security Officer (CISO) has tasked you to continue supporting the Merger & Acquisition team’s efforts to bring Island Banking Services’ security program into

project 2 of 485

Fellow the attach instructions to complete this work. Make sure it aligns with the Rubric Project #2: Cybersecurity Implementation Plan Your Task: The Acquisition of Island Banking Services has moved from the strategy development phase to the integration phase. In this phase, the M&A team will develop transition and implementation

PROJECT 1 of 485

Fellow the attach instructions to complete this work. Make sure it aligns with the rubric Project #1: Cybersecurity Strategy & Plan of Action Your Task: You have been assigned to support the Padgett-Beale Merger & Acquisition (M&A) team working under the direct supervision of Padgett-Beale’s Chief Information Security Officer (CISO).

proj3-Final

Project 3: Cloud Portfolio Report  Step 1: Review BallotOnline’s Cloud Services Offerings  You’ve now had a lot of experience working on many aspects of the cloud at BallotOnline, and you will take a look at what you’ve done in the past. In this step, you will write up how you

AWS Simple Monthly Calculator

Discussion: AWS Simple Monthly Calculator Contains unread posts Now that you have discussed BallotOnline’s cloud services offerings, you will discuss the AWS Simple Monthly Calculator. You should cover the following areas: · What are some of the general use cases that are covered? · What are the requirements to use

D 5 0F 485

Follow the attach instructions to complete this work. Assessing Maturity for Cybersecurity Program Before you begin read:  Our class focuses on integrating many different aspects of cybersecurity, information security, and information assurance.  Recent developments in the field of cybersecurity have resulted in a number of “maturity models” which can be

Discussion 4 of 413

Follow the attach instructions to complete the work Data Breach Reporting Policy Review the Red Clay Renovations company profile and the weekly readings. Provide specific information about “the company” in your response. Due to changes in state and federal laws, Red Clay leadership decided the CISO will be the sole

discussion 4 of 485

Follow the attach instructions to complete this work. Cultural Differences as Barriers to Success The Merger & Acquisition team hired a team of external consultants to assist with identification of cultural issues which could result in barriers to the successful acquisition of Island Banking Services by Padgett-Beale. The consultants conducted

project 3 of 413

Follow the attached instructions to complete this work Download the attached detailed assignment description for this project. You should also review the rubric shown below for additional information about the requirements for the project and how your work will be graded. Please make sure that you use both the assignment description file

Project 2 of 413

Follow the attach instructions to complete this work. Make sure it aligns with the rubric Project #2: Manager’s Deskbook Company Background & Operating Environment Red Clay Renovations is an internationally recognized, awarding winning firm that specializes in the renovation and rehabilitation of residential buildings and dwellings. The company specializes in

Project 1 of 413

Follow the attach instructions to complete this work. Make sure it aligns with rubric Project #1: Employee Handbook Company Background & Operating Environment Red Clay Renovations is an internationally recognized, awarding winning firm that specializes in the renovation and rehabilitation of residential buildings and dwellings. The company specializes in updating