Corporate Profile Part 2: Cybersecurity Risk Profile

computer science

Description

Corporate Profile Part 2: Cybersecurity Risk Profile


For this paper, you will construct a cybersecurity risk profile for the company that you

wrote about in Part 1 of the Corporate Profile project. Your risk profile, which includes an

Executive Summary, Risk Register, and Risk Mitigation Recommendations (Approach &

Security Controls by family), will be developed from information provided by the company in its

Form 10-K filing (Annual Report to Investors) retrieved from the U.S. Securities and Exchange

Commission (SEC) Edgar database. You will also need to do additional research to identify

security controls, products, and services which could be included in the company’s risk response

(actions it will take to manage cybersecurity related risk).

Research

1. Review the Risk section of the company’s SEC Form 10-K. Develop a list of 5 or more

specific cyberspace or cybersecurity related risks which the company included in its

report to investors. Your list should include the source(s) of the risks and the potential

impacts as identified by the company.

2. For each risk, identify the risk management or mitigation strategies which the company

has implemented or plans to implement.

3. Next, use the control families listed in the NIST Special Publication 800-53

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf to identify

general categories of controls which could be used or added to the company’s risk

management strategy for each risk in your list.

4. For each control family, develop a description of how the company should implement

these controls (“implementation approach”) as part of its risk management strategy.

Write

1. Develop a 2 to 3 page Executive Summary from your Corporate Profile Part 1 (reuse

and/or improve upon the business profile). Your Executive Summary should provide an

overview of the company, summarize its business operations, and discuss the sources,

potential impacts, and mitigation approach/strategy for cybersecurity related risks

identified in the company’s annual report. The Executive Summary should appear at the

beginning of your submission file.

2. Copy the Risk Register & Security Control Recommendations table (see template at the

end of this assignment) to the end of the file that contains your Executive Summary.

3. Using the information you collected during your research, complete the table. Make sure

that you include a name and description for each risk. For the security controls, make

sure that you include the family name and a description of how each recommended

control should be implemented (implementation approach). Include the control family

only. Do not include individual security controls from NIST SP 800-53.

Your Risk Profile is to be prepared using basic APA formatting (including title page and

reference list) and submitted as an MS Word attachment to the Corporate Profile Part 2 entry in

your assignments folder. See the sample paper and paper template provided in Course Resources


> APA Resources for formatting examples. Consult the grading rubric for specific content and

formatting requirements for this assignment.

Instruction Files

Related Questions in computer science category


Disclaimer
The ready solutions purchased from Library are already used solutions. Please do not submit them directly as it may lead to plagiarism. Once paid, the solution file download link will be sent to your provided email. Please either use them for learning purpose or re-write them in your own language. In case if you haven't get the email, do let us know via chat support.