Project #81415 - Cybersecurity Risk Profile

 

Corporate Profile Part 2: Cybersecurity Risk Profile

 

 

 

For this paper, you will construct a cybersecurity risk profile for the company that you wrote about in Part 1(ATTACHED) of the Corporate Profile project. Your risk profile, which includes an Executive Summary, Risk Register, and Risk Mitigation Recommendations (Approach & Security Controls by family), will be developed from information provided by the company in its Form 10-K filing (Annual Report to Investors) retrieved from the U.S. Securities and Exchange Commission (SEC) Edgar database.  You will also need to do additional research to identify security controls, products, and services which could be included in the company’s risk response (actions it will take to manage cybersecurity related risk).

 

 

 

Research

 

 

 

1.      Review the Risk section of the company’s SEC Form 10-K. Develop a list of 5 or more specific cyberspace or cybersecurity related risks which the company included in its report to investors. Your list should include the source(s) of the risks and the potential impacts as identified by the company.

 

2.      For each risk, identify the risk management or mitigation strategies which the company has implemented or plans to implement.

 

3.      Next, use the control families listed in the NIST Special Publication 800-53 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf to identify general categories of controls which could be used or added to the company’s risk management strategy for each risk in your list.

 

4.      For each control family, develop a description of how the company should implement these controls (“implementation approach”) as part of its risk management strategy.

 

 

 

Write

 

 

 

1.      Develop a 2 to 3 page Executive Summary from your Corporate Profile Part 1 (reuse and/or improve upon the business profile). Your Executive Summary should provide an overview of the company, summarize its business operations, and discuss the sources, potential impacts, and mitigation approach/strategy for cybersecurity related risks identified in the company’s annual report. The Executive Summary should appear at the beginning of your submission file.

 

2.      Copy the Risk Register & Security Control Recommendations table (see template at the end of this assignment) to the end of the file that contains your Executive Summary.

 

3.      Using the information you collected during your research, complete the table. Make sure that you include a name and description for each risk. For the security controls, make sure that you include the family name and a description of how each recommended control should be implemented (implementation approach). Include the control family only. Do not include individual security controls from NIST SP 800-53.

 

 

 

Your Risk Profile is to be prepared using basic APA formatting (including title page and reference list) and submitted as an MS Word attachment to the Corporate Profile Part 2 entry in your assignments folder. See the sample paper and paper template provided in Course Resources > APA Resources for formatting examples. Consult the grading rubric for specific content and formatting requirements for this assignment.

 

 

 

Table 1. Risk Register & Risk Mitigation Approach with Recommended Security Controls

 

 

 

Risk Identifier

Description of the Risk &
Current Risk Management Strategy

Risk Mitigation Approach with
Recommended Security Controls (by NIST SP 800-53 family)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Criteria

Provided an excellent introduction which identified the company being profiled and included a brief overview of the company (may reuse narrative from Part 1 of this assignment). Appropriately used information from 3 or more authoritative sources.

Provided an outstanding introduction which identified the company being profiled and included a brief overview of the company (may reuse narrative from Part 1 of this assignment). Appropriately used information from 2 or more authoritative sources.

Provided an introduction which identified the company being profiled and included a brief overview of the company (may reuse narrative from Part 1 of this assignment). Appropriately used information from authoritative sources.

Provided an introduction to the company but the section lacked some required details. Information from authoritative sources was cited and used in the overview.

Attempted to provide an introduction to the company but this section lacked detail and/or was not well supported by information drawn from authoritative sources. 

The introduction section was missing or did not clearly identify the company.

Provided an excellent summary of the sources, potential impacts, and planned mitigation approach/strategy for cyberspace and/or cybersecurity related risks as identified in the Risk Section of the company’s annual report.

Provided an outstanding summary of the sources, potential impacts, and planned mitigation approach/strategy for cyberspace and/or cybersecurity related risks as identified in the Risk Section of the company’s annual report. Appropriately used and cited information from 3 or more authoritative sources.

Provided an excellent summary of the sources, potential impacts, and planned mitigation approach/strategy for cyberspace and/or cybersecurity related risks as identified in the Risk Section of the company’s annual report. Appropriately used and cited information from 2 or more authoritative sources.

Provided a summary of the sources, potential impacts, and planned mitigation approach/strategy for cyberspace and/or cybersecurity related risks as identified in the Risk Section of the company’s annual report. Appropriately used and cited information from authoritative sources.

Provided a discussion of the cybersecurity risks that the company faces. The discussion lacked detail and/or was not well supported by information drawn from authoritative sources.

Risk discussion was missing or off topic.

Provided a complete, concise, and thorough Risk Register (columns 1 and 2 of table) for 10 or more cyberspace or cybersecurity related risks as identified in the company's annual report.

Provided a complete, concise, and thorough Risk Register (columns 1 and 2 of table) for 8 or more cyberspace or cybersecurity related risks as identified in the company's annual report.

Provided a completed Risk Register (columns 1 and 2 of table) for 5 or more cyberspace or cybersecurity related risks as identified in the company's annual report.

Provided a completed Risk Register (columns 1 and 2 of table) for at least three cyberspace or cybersecurity related risks which the company faces.

Attempted to complete the Risk Register (columns 1 and 2 of table) for 3 or more entries but information about the risks was lacking details.

Did not complete 3 or more entries in the Risk Register.

Provided a complete, concise, and thorough Risk Mitigation Approach with Recommendation Security Controls by family (column 3 of table) for 10 or more cyberspace or cybersecurity related risks as identified in the company's annual report.

Provided a complete, concise, and thoroughRisk Mitigation Approach with Recommendation Security Controls by family (column 3 of table) for 8 or more cyberspace or cybersecurity related risks as identified in the company's annual report.

Provided a completed Risk Mitigation Approach with Recommendation Security Controls by family (column 3 of table) for 5 or more cyberspace or cybersecurity related risks as identified in the company's annual report.

Provided a completed Risk Mitigation Approach with Recommendation Security Controls by family (column 3 of table) for at least three cyberspace or cybersecurity related risks which the company faces.

Attempted to complete the Risk Mitigation Approach with Recommendation Security Controls by family (column 3 of table) for 3 or more entries but information about risk mitigation was lacking details.

Did not complete 3 or more entries in the Risk Mitigation Approach column of the table.

Demonstrated excellence in the integration of standard cybersecurity terminology into the case study.

Provided an outstanding integration of standard cybersecurity terminology into the case study.

Integrated standard cybersecurity terminology into the into the case study

Used standard cybersecurity terminology but this usage was not well integrated with the discussion.

Misused standard cybersecurity terminology.

Did not integrate standard cybersecurity terminology into the discussion.

Work contains a reference list containing entries for all cited resources. Reference list entries and in-text citations are correctly formatted using the appropriate APA style for each type of resource.

Work contains a reference list containing entries for all cited resources. One or two minor errors in APA format for in-text citations and/or reference list entries.

Work contains a reference list containing entries for all cited resources. No more than 3 minor errors in APA format for in-text citations and/or reference list entries.

Work has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 5 minor errors in APA format for in-text citations and/or reference list entries.

Work attempts to credit sources but demonstrates a fundamental failure to understand and apply the APA formatting standard as defined in the Publication Manual of the American Psychological Association (6th ed.).

Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper.

Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.

Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings (per the assignment’s directions).

Organization and/or appearance of submitted work could be improved through better use of fonts, color, titles, headings, etc. OR Submitted work has multiple style or formatting errors. Professional appearance could be improved.

Submitted work has multiple style or formatting errors. Organization and professional appearance need substantial improvement.

Submitted work meets minimum requirements but has major style and formatting errors. Work is disorganized and needs to be rewritten for readability and professional appearance.

Submitted work is poorly organized and formatted. Writing and presentation are lacking in professional style and appearance. Work does not reflect college level writing skills.

No formatting, grammar, spelling, or punctuation errors.

Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance.

Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work.

Submitted work has numerous errors in formatting, spelling, grammar, or punctuation. Work is unprofessional in appearance.

Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage.

Submitted work is poorly executed OR does not reflect college level work.

Overall Score
             

 

Subject Computer
Due By (Pacific Time) 09/12/2015 12:00 am
Report DMCA
TutorRating
pallavi

Chat Now!

out of 1971 reviews
More..
amosmm

Chat Now!

out of 766 reviews
More..
PhyzKyd

Chat Now!

out of 1164 reviews
More..
rajdeep77

Chat Now!

out of 721 reviews
More..
sctys

Chat Now!

out of 1600 reviews
More..
sharadgreen

Chat Now!

out of 770 reviews
More..
topnotcher

Chat Now!

out of 766 reviews
More..
XXXIAO

Chat Now!

out of 680 reviews
More..
All Rights Reserved. Copyright by AceMyHW.com - Copyright Policy