Description
E-Commerce companies have become increasingly important in this era of global pandemics and resulting restrictions on businesses and individuals. Consumers are ordering products online in larger numbers than ever before due to business closures or restricted operating hours. Companies positioned in the e-Commerce industry are experiencing growth beyond previous predictions. But, at the same time, some E-commerce companies are seeing their business decline drastically due to travel restrictions and the reluctance of businesses and individuals to travel for any but the most critical of reasons. Added into the risk picture are risks from the actions of cybercriminals, hackers, and nation-state actors are taking advantage of these unsettled times resulting in increased risks for companies whose business models depend upon the Internet for financial transactions, orders, and communications both internal and external.
For this project, you will begin by researching a publicly traded company that engages in e-Commerce. Please make sure that you are using CURRENT information (2019 or later). You will then review the company’s risk statements as published each year in the company’s
Annual Report to Investors
(also published in the company’s annual filing of SEC Form 10-K). After analyzing the company’s e-Commerce operations and its risk statements about those activities, you will construct and document your own cybersecurity risk analysis which focuses upon the company’s e-Commerce activities (including all supporting business processes).
CSIA 350: Cybersecurity in Business & Industry
Project 2 – e-Commerce Risk Analysis
Description
E-Commerce companies have become increasingly important in this era of global pandemics and
resulting restrictions on businesses and individuals. Consumers are ordering products online in larger
numbers than ever before due to business closures or restricted operating hours. Companies positioned
in the e-Commerce industry are experiencing growth beyond previous predictions. But, at the same
time, some E-commerce companies are seeing their business decline drastically due to travel restrictions
and the reluctance of businesses and individuals to travel for any but the most critical of reasons. Added
into the risk picture are risks from the actions of cybercriminals, hackers, and nation-state actors are
taking advantage of these unsettled times resulting in increased risks for companies whose business
models depend upon the Internet for financial transactions, orders, and communications both internal
and external.
For this project, you will begin by researching a publicly traded company that engages in e-Commerce.
Please make sure that you are using CURRENT information (2019 or later). You will then review the
company’s risk statements as published each year in the company’s Annual Report to Investors (also
published in the company’s annual filing of SEC Form 10-K). After analyzing the company’s e-Commerce
operations and its risk statements about those activities, you will construct and document your own
cybersecurity risk analysis which focuses upon the company’s e-Commerce activities (including all
supporting business processes).
A list of approved companies appears at the end of this file (see Table 1). If you wish to use a company
not on the approved list you must first obtain the approval of your instructor.
Note: before beginning this assignment, you should review NIST SP 800-30 R1: Guide for Conducting Risk
Assessments. Pay special attention to Appendix D: “Threat Sources: Taxonomy of Threats Sources
Capable of Initiating Threat Events†and Appendix H: “Impact: Effects of Threat Events on Organizations,
Individuals, and the Nation.â€Â
Research Your Chosen Company
1. Review the company’s website to learn about the products and services which it sells via eCommerce.
2. Retrieve and review the Hoovers profile for the company. These profiles are written by
professional analysts; pay close attention to the types of questions the analysts ask and answer
in the company profile. Use this URL to access the database
http://ezproxy.umgc.edu/login?url=https://www.mergentonline.com/Hoovers
3. Use the search bar at the top of the “Search & Build a List†tab to find your chosen company.
Copyright © 2021 by University of Maryland Global Campus. All rights reserved.
CSIA 350: Cybersecurity in Business & Industry
4. The company profile web pages in the Hoovers database are interactive and have expanding
menus / options (see figure below). You may find it helpful to use the “OneStop Report†button
to generate a PDF version of the information. Select “Core†under categories (Available Fields:
Company Summary, Contacts, Corporate Family, Corporate Overview, SWOT, and News). Click
on the field names in the middle column to select them for your report.
5. After you have looked at the company website and the Hoovers report, Identify 3 or more
additional sources of information about the company and how it operates in cyberspace. These
can be news articles, data breach reports, etc. Focus on finding information that addresses how
the company is responding in the current economic environment (2019 or later) driven by the
COVID-19 global pandemic and other events.
6. Using the information obtained from your sources, identify the types of information and
business operations which drive this company’s need for cybersecurity products and services.
(What needs to be protected?)
Analyze the Company’s Risk Statements
1. Using the links from Table 1 (at the end of this file), download a copy of your selected
company’s most recent Annual Report to Investors from its Form 10-K filing with the United
States Securities and Exchange Commission. (Note: the company is the author of its Form 10-K.
Do not list the SEC as the author.)
2. Read and analyze the Risk Factors section in the company’s report to investors (Item 1.A). This
section is a professionally written risk analysis that has been written for a specific audience. Pay
close attention to what the company includes as risk factors and how the writers chose to
present this information.
3. Analyze the risk factors to determine which ones are related to e-Commerce / Internet
operations or are otherwise affected by the use of information in digital form and Information
Technology systems and infrastructures. Make a list that shows what information, digital assets,
Copyright © 2021 by University of Maryland Global Campus. All rights reserved.
CSIA 350: Cybersecurity in Business & Industry
and/or business operations (processes) need to be protected from cyberattacks and/or
cybercrime (including insiders and external threats) and the type of risk or threat that could
affect those assets and processes.
Write
1. An introduction section which identifies the company being discussed and provides a brief
introduction to the company including when it was founded and significant events in its history.
2. A business profile for the company. This information should include: headquarters location, key
personnel, primary types of business activities and locations, major products or services sold by
the company, major competitors, stock information (including ticker symbol or NASDAQ code),
recent financial performance, and additional relevant information from the business profiles.
(Use information from Hoovers and other authoritative sources)
3. An overview of the company’s e-Commerce operations which summarizes information obtained
from its annual report, the Hoovers profile for the company, and other sources which you found
in your research.
4. A separate section in which you describe this company’s needs or requirements for
cybersecurity. What information and/or business operations need to be protected? While your
focus should be upon the company’s e-Commerce activities, you should also address the backoffice or supporting information and business processes required to deliver those e-commerce
activities.
5. A separate section which provides a detailed summary of the identified risks and potential
impacts upon the company’s operations as a whole. What are the likely sources of threats or
attacks for each type of information or business operation? (E.g. protect customer information
from disclosure or theft during online purchase transactions.). What are the possible impacts
should these risks occur? You may present your summary in table format.
Submit for Grading
Submit your work in MS Word format (.docx or .doc file) using the Project #2 Assignment in your
assignment folder. (Attach the file.)
Additional Information
1. Your 5-8 page e-Commerce Risk Analysis should be professional in appearance with consistent
use of fonts, font sizes, margins, etc. You should use headings to organize your paper. The CSIA
program recommends that you follow standard APA formatting since this will give you a
document that meets the “professional appearance†requirements. APA formatting guidelines
and examples are found under Course Resources > APA Resources. An APA template file (MS
Word format) has also been provided for your use
CSIA_Basic_Paper_Template(APA_6ed,Dec2018).docx.
Copyright © 2021 by University of Maryland Global Campus. All rights reserved.
CSIA 350: Cybersecurity in Business & Industry
2. Your paper should use standard terms and definitions for cybersecurity.
3. You must include a cover page with the assignment title, your name, and the due date. Your
reference list must be on a separate page at the end of your file. These pages do not count
towards the assignment’s minimum page count. (An example and template file are available in
the LEO classroom.
4. You are expected to write grammatically correct English in every assignment that you submit for
grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c)
verifying that your punctuation is correct and (d) reviewing your work for correct word usage
and correctly structured sentences and paragraphs.
5. You are expected to credit your sources using in-text citations and reference list entries. Both
your citations and your reference list entries must follow a consistent citation style (APA, MLA,
etc.).
6. Consult the grading rubric for specific content and formatting requirements for this assignment.
See Table 1 at the end of this file for the list of approved e-Commerce companies which may be used for
this project.
Copyright © 2021 by University of Maryland Global Campus. All rights reserved.
CSIA 350: Cybersecurity in Business & Industry
Table 1. List of Approved Companies for Project #2: e-Commerce Risk Analysis
Company
Name
Alphabet,
Inc
(Google)
Amazon
Apple
Booking
Holdings
Facebook
Microsoft
Oracle
Corp.
PayPal
Holdings
Corporate Website / Investor Relations
Form 10-K from SEC Edgar Database
https://www.google.com/intl/en/about/company/
https://abc.xyz/investor
https://www.sec.gov/Archives/edgar/data/1652044/000165204420000008/goog10k2019.htm
http://www.amazon.com
https://ir.aboutamazon.com/overview/default.aspx
https://www.apple.com/newsroom/
http://investor.apple.com/
https://www.bookingholdings.com/
http://ir.bookingholdings.com/investor-relations
https://www.facebook.com/facebook
http://investor.fb.com/
http://www.microsoft.com
http://www.microsoft.com/investor/default.aspx
http://www.oracle.com/us/corporate/index.html
http://investor.oracle.com/overview/highlights/def
ault.aspx
https://www.paypal.com/us/webapps/mpp/about
https://investor.paypal-corp.com/
https://www.sec.gov/Archives/edgar/data/1018724/000101872420000004/amzn20191231x10k.htm
https://www.sec.gov/Archives/edgar/data/320193/000032019319000119/a10k20199282019.htm
https://www.sec.gov/Archives/edgar/data/1075531/000107553120000011/bkng12312
01910k.htm
https://www.sec.gov/Archives/edgar/data/1326801/000132680120000013/fb12312019x10k.htm
https://www.sec.gov/Archives/edgar/data/789019/000156459019027952/msft10k_20190630.htm
https://www.sec.gov/Archives/edgar/data/1341439/000156459019023119/orcl10k_20190531.htm
https://www.sec.gov/Archives/edgar/data/1633917/000163391720000028/pypl201910
-k.htm
Copyright © 2021 by University of Maryland Global Campus. All rights reserved.
Purchase answer to see full
attachment
