For this paper, you will construct a cybersecurity risk profile for the company that you wrote about in Part 1 of the Corporate Profile project
If there are images in this attachment, they will not be displayed.
Corporate Profile Part 2: Cybersecurity Risk Profile
For this paper, you will construct a cybersecurityrisk profile for the
company that you wrote about in Part 1 of the Corporate Profile project.
Your risk profile, which includes an Executive Summary, Risk Register, and
Risk Mitigation Recommendations (Approach & Security Controls by family),
will be developed from information provided by the company in its Form 10-K
filing (Annual Report to Investors) retrieved from the U.S. Securities and
Exchange Commission (SEC) Edgar database. You will also need to do
additional research to identify security controls, products, and services
which could be included in the company’s risk response (actions it will
take to manage cybersecurity related risk).
1. Review the Risk section of the company’s SEC Form 10-K. Develop a
list of 5 or more specific cyberspace or cybersecurity related risks
which the company included in its report to investors. Your list should
include the source(s) of the risks and the potential impacts as identified
by the company.
2. For each risk, identify the risk management or mitigation strategies
which the company has implemented or plans to implement.
3. Next, use the control families listed in the NIST Special Publication
identify general categories of controls which could be used or added to the
company’s risk management strategy for each risk in your list.
4. For each control family, develop a description of how the company
should implement these controls (“implementation approach”) as part of
its risk management strategy.
1. Develop a 2 to 3 pageExecutive Summaryfrom your Corporate Profile
Part 1 (reuse and/or improve upon the business profile). Your Executive
Summary should provide an overview of the company, summarize its
business operations, and discuss the sources, potential impacts, and
mitigation approach/strategy for cybersecurity related risks identified
in the company’s annual report.The Executive Summary should appear at
the beginning of your submission file.
2. Copy the Risk Register &Security Control Recommendations table (see
template at the end of this assignment) to the end of the file that contains
your Executive Summary.
3. Using the information you collected during your research, complete
the table. Make sure that you include a name and description for each
risk. For the security controls, make sure that you include the family name
and a description of how each recommended control should be implemented
(implementation approach). Include the control family only. Do not
include individual security controls from NIST SP 800-53.
YourRisk Profile is to be prepared using basic APA formatting (including
title page and reference list) and submitted as an MS Word attachment to
the Corporate Profile Part 2 entry in your assignments folder. See the
sample paper and paper template provided in Course Resources > APA
Resources for formatting examples.Consult the grading rubric for specific
content and formatting requirements for this assignment.
Table 1.Risk Register &Risk Mitigation Approach with Recommended Security
Description of the Risk &
Current Risk Management Strategy
Risk Mitigation Approach with
Recommended Security Controls (by NIST SP 800-53 family)
Sequence # or Brief title (<50 characters)
Must be from Form 10-K. Split complex risk statements into multiple
Must list NIST Control Family (two character