Cyber security risk profile

Anonymous
timer Asked: Feb 7th, 2016

Question description

For this paper, you will construct a cybersecurity risk profile for the company that you wrote about in Part 1 of the Corporate Profile project

If there are images in this attachment, they will not be displayed.

Corporate Profile Part 2: Cybersecurity Risk Profile

For this paper, you will construct a cybersecurityrisk profile for the

company that you wrote about in Part 1 of the Corporate Profile project.

Your risk profile, which includes an Executive Summary, Risk Register, and

Risk Mitigation Recommendations (Approach & Security Controls by family),

will be developed from information provided by the company in its Form 10-K

filing (Annual Report to Investors) retrieved from the U.S. Securities and

Exchange Commission (SEC) Edgar database. You will also need to do

additional research to identify security controls, products, and services

which could be included in the company’s risk response (actions it will

take to manage cybersecurity related risk).

Research

1. Review the Risk section of the company’s SEC Form 10-K. Develop a

list of 5 or more specific cyberspace or cybersecurity related risks

which the company included in its report to investors. Your list should

include the source(s) of the risks and the potential impacts as identified

by the company.

2. For each risk, identify the risk management or mitigation strategies

which the company has implemented or plans to implement.

3. Next, use the control families listed in the NIST Special Publication

800-53

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdfto

identify general categories of controls which could be used or added to the

company’s risk management strategy for each risk in your list.

4. For each control family, develop a description of how the company

should implement these controls (“implementation approach”) as part of

its risk management strategy.

Write

1. Develop a 2 to 3 pageExecutive Summaryfrom your Corporate Profile

Part 1 (reuse and/or improve upon the business profile). Your Executive

Summary should provide an overview of the company, summarize its

business operations, and discuss the sources, potential impacts, and

mitigation approach/strategy for cybersecurity related risks identified

in the company’s annual report.The Executive Summary should appear at

the beginning of your submission file.

2. Copy the Risk Register &Security Control Recommendations table (see

template at the end of this assignment) to the end of the file that contains

your Executive Summary.

3. Using the information you collected during your research, complete

the table. Make sure that you include a name and description for each

risk. For the security controls, make sure that you include the family name

and a description of how each recommended control should be implemented

(implementation approach). Include the control family only. Do not

include individual security controls from NIST SP 800-53.

YourRisk Profile is to be prepared using basic APA formatting (including

title page and reference list) and submitted as an MS Word attachment to

the Corporate Profile Part 2 entry in your assignments folder. See the

sample paper and paper template provided in Course Resources > APA

Resources for formatting examples.Consult the grading rubric for specific

content and formatting requirements for this assignment.

Table 1.Risk Register &Risk Mitigation Approach with Recommended Security

Controls

Risk Identifier

Description of the Risk &

Current Risk Management Strategy

Risk Mitigation Approach with

Recommended Security Controls (by NIST SP 800-53 family)

Sequence # or Brief title (<50 characters)

Must be from Form 10-K. Split complex risk statements into multiple

individual risks.

Must list NIST Control Family (two character

EXAMPLE


Tutor Answer

(Top Tutor) Studypool Tutor
School: UIUC
Studypool has helped 1,244,100 students
flag Report DMCA
Similar Questions
Hot Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors