you will build upon the e-Commerce Risk Analysis performed in Project #2.

Anonymous
timer Asked: Feb 7th, 2019
account_balance_wallet $10

Question Description

Project 3 –Risk Management Strategy for an e-Commerce Company

Description

For this project, you will build upon the e-Commerce Risk Analysis performed in Project #2. For this project, you will construct a risk management strategy for your selected company which includes specific cybersecurity activities (as defined in the NIST Cybersecurity Framework Core) which will help the company mitigate the identified risks. Your strategy will include an “acquisition forecast” in which you identify and discuss the technologies, products, and services required to implement your recommended risk management strategy. (Note: you must use the same company as used in Project #2. You may expand upon your risk analysis if necessary.)

Develop an Executive Summary

Since this is a separate deliverable, you will need to begin by identifying the selected company and providing an executive summary of the e-Commerce Risk Analysis that you presented in Project #1.

Develop and Document the Risk Mitigation Strategy

For this section of your project, you must identify and document a risk mitigation strategy for 10 separate risks. Your risk mitigation strategies must utilize at least three (3) of the five (5) NIST Cybersecurity Framework (CSF) Core Functions.

  • Begin by copying Table 1 from this file into a new file (for your assignment submission). This table will become your Risk Profile Table. (Delete the example text.)
  • Next, convert your list of risk factors (from Project #2) into a “Risk Profile” Each risk factor should be listed as a separate risk item with its own row in your Risk Profile. (Add a row to your table for each identified risk - one per row). For this step, you will fill in the information for the first two columns (Risk ID and Risk).
  • Next, consult the NIST Cybersecurity Framework (see Table 2: Framework Core) to identify the cybersecurity activities which can be used to control / mitigate the identified risks. Add this information to each row in your table. Note: you should paraphrase the information for the “Risk Mitigation Strategy (description)” column and the “Implementation: Required Technologies, Products, or Services” column.
  • Complete the final two columns of the table by entering the exact function, category, and sub-category identifiers and descriptions as listed in NIST CSF Table 2.) See the example below.

Table 1. Risk Profile Table (example)

Risk ID

Risk

Risk Mitigation Strategy (description)

Implementation: Required Technologies, Products, or Services

NIST Cybersecurity Framework Category and Sub Category Identifier (e.g. ID.AM-1)

Sub-Category Description

001

Theft of customer information from online transactions

Encrypt all communications between customers and the company’s online ordering system.

Implement Transport Layer Security; purchase and deploy digital certificates to use for encrypting communications.

PR.DS-2

Data-in-transit is protected.

002

003

004

005

006

007

008

009

010


Develop an “Acquisition Forecast”

To complete your work, summarize the technologies which you are recommending that the company acquire (purchase) in order to mitigate risks; these technologies MUST appear in your risk profile table. Your acquisition forecast should identify and fully discuss a minimum of three categories or types of cybersecurity products or services which this company will need to purchase in order to appropriately mitigate the identified risks. Remember to include information about potential vendors or suppliers including how you can identify and qualify appropriate sources of technologies, products, and services. This information provides the justification or rationale for your recommendations.

Note: “qualifying” a producer / manufacturer, vendor or seller refers to the due diligence processes required to investigate the supplier and ensure that the products, services, and technologies acquired from it will meet the company’s needs and requirements. For cybersecurity related acquisitions, this many include testing the products and services to ensure that they can be trusted to deliver the required functionality and will not be a source of threats or harm.

Write

  • An executive summary which identifies the company being discussed and provides a brief introduction to the company including when it was founded and significant events in its history. This summary must also provide a high level overview of the company’s operations (reuse and adapt your narrative from Project #2) and the e-Commerce risks that the company must address and mitigate.
  • A separate section in which you present a Risk Management Profile. Begin with an introductory paragraph in which you summarize the risks and risk mitigation strategies. Your introduction should also explain the Risk Profile table (what is in it, how to use it).
  • Complete and then insert your Risk Profile Table at the end of this Risk Management Profile section. In-text citations are NOT required within the body of your Risk Profile Table but you must credit the sources of information used by listing / mentioning them in your introduction to this section.
  • A separate section in which you present your “Acquisition Forecast” in which you identify and discuss the products, services, and/or technologies which the company must purchase in the future to implement the recommended risk mitigation strategies. Remember to include information about potential vendors or suppliers including how you can identify and qualify appropriate sources of technologies, products, and services.
  • A closing section (Summary & Conclusions) which summarizes your risk management strategy and presents a compelling argument as to how your risk mitigation strategies (including the acquisition forecast) will reduce or control (mitigate) the identified “cyber” risks. Remember to address the five NIST Cybersecurity Framework Core Functions in your summation.

Submit for Grading

Submit your work in MS Word format (.docx or .doc file) using the Project #3 Assignment in your assignment folder. (Attach the file.)

Additional Information

  • Your 5-8 page Risk Management Strategy for an e-Commerce Company should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings to organize your paper. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx.
  • Your paper should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts for recommended resources.
  • You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s minimum page count. (An example and template file are available in the LEO classroom.
  • You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
  • You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.). See direction under “Write” for how to cite sources used in your Risk Profile Table.
Consult the grading rubric for specific conte

Tutor Answer

JonTheProfessor
School: Duke University

Hello attached is the final task.thank you so much for the. If you find my service to be good ,remember to leave a positive comment. All the best

Running Head: RISK MANAGEMENT STRATEGY

Risk Management Strategy
Name
Institution Affiliation

1

RISK MANAGEMENT STRATEGY

2

Introduction
Risk management strategy is a process developed in an organization in order to regularly update
and review of actions taken in an organization. E-commerce is an electronic internet platform
that enables buying and selling of products and transfer money as well as data through other
platform transactions. A cyber security framework core refers to the activities organized in
categories and are designed to act as translation layers that enable good communication in a
company. For instance, in PayPal. Been the leading platform in versatile payment all around the
world. The company has various strategies to fight against cybercrime and has invested heavily
to see that the site and its services are safe as well as protected. The cyber security core keeps the
system secure by analyzing data to understand and help verify identity. The company has
successfully conquered monetary standards all over the world. This report entails the executive
summary, the risk mitigation strategies of the company with the use of Cyber security
Framework Core Functions. As well it has an Acquisition Forecast which identifies various
services offered by PayPal Company.
Executive Summary
PayPal is an online platform across borders that allow the exchange of different currencies across
the globe. It was established in 1998, with its headquarters in San Jose California. The company
subsidiaries are Xoom Corporation, Venmo, and Tradera. Majorly all the cross border
transactions are made on the computer. The company is able to process more than two billion
transactions in a year. Recently, PayPal Company has taken a step to venture in the world and
hence has become the best mobile banking. It has set up targets of saving money and credit
administration. An individual have exploited most of its objectives and have given an

RISK MANAGEMENT STRATEGY

3

applications trial in regards to its security. One of the greatest are the company has really
conquered is gathering information from the user in order to identify its weaknesses and
strengths to invest more in.
Cyber Security Framework
This consists of standards set as a guideline that protect and promote critical infrastructure. The
cost-effective of the framework operator help to manage cyber security-related risks. One of the
ways of approaching the company's profiles is to map the cyber security mission objectives and
operating methodologies. The analysis gives an organization the opportunity to create an
implementation of a plan (Laudon, 2016).
Risk Mitigation Strategy
This section identifies risk mitigation strategies for several risks that are likely to occur. The
strategies make use of the five NIST Cyber Securities Framework (CSF) Core Functions that will
be used to mitigate the identified risks. The risks identified, their risks mitigation strategies,
implementation strategies, and NIST Cyber securities Framework to be applied are presented in
tabular form as shown in the table below.

Risk
ID

001

Risk

Carding

Risk
Strategy

Mitigation Implementation:
Required Technologies,
Products, or Services

Installation
of
a
reliable anti-spyware
so as to avoid that is
used for identity theft.
Participate in Verified

NIST Cyber security
Framework
Category and Sub
Category Identifier

Use
of
licensed PR.IP
MasterCard’s brand to Information
protection
members
of
the processes and procedures
company.

RISK MANAGEMENT STRATEGY

by
Visa
MasterCard
Code

002

Control access
risks

003

chargebacks

004

Data errors

005

4

and
Secure

Enable
Two-Factor
Authentication
processes to be used
by all users to
ascertain their true
identity.
Chargebacks source
identification.
This
will enhance solving a
specific problem

Ensure that input data
entered by users does
not
conflict
with
Database data integrity
Stealing customer Data
encryption
data from online between the company
transactions
and customers to keep
off hackers

006

Atomicity risks

007

Isolation Failure

008

Phishing risks

Certify that transaction
activities between the
company and the
customers are atomic.
If
failure
occurs
during transaction, the
activities should start
afresh.
Ensure
that
all
tractions are go to
completion
independent if each
other
Design
a
unique
system that will ensure
that customers are not
tricked by Jung mails
and systems

Use Twillio Authy Dou
Mobile and LastPass
Authenticator.
These
technologies will certify
the true identity of the
users/customers.
Full configuration of
online
of
payment
organization E.g. PayPal
skirls with the ecommerce.
Enforce data integrity
constraints in the data
bases used e.g. Oracle
databases.
Implementation
of
transport layer of the
TCP/IP model. This
entail
purchase
and
deployment of digital
certifies to for data
encryption
Implement of atomic
recovery units in the
databases. If a single
transaction goes through
without being noticed it
will be traced and
corrected.

PR.AC
Access control and identity
Management

PR.IP
Information
protection
processes and procedures

PR.PT
Protective Technology

PR.DS-2
Protect data-in-transit

PR.DS
Data security

Directly use the hardware DE.DP-1
MMU.
Detection process
A memory Management
unit
Come up with security PR.AT
policy that
includes Awa...

flag Report DMCA
Review

Anonymous
Top quality work from this guy! I'll be back!

Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors