Risk Management Strategy for an e-Commerce Company
Description
E-Commerce companies have become increasingly important in this era of global pandemics and resulting restrictions on businesses and individuals. Consumers are ordering products online in larger numbers than ever before due to business closures or restricted operating hours. Companies positioned in the e-Commerce industry are experiencing growth beyond previous predictions. But, at the same time, some E-commerce companies are seeing their business decline drastically due to travel restrictions and the reluctance of businesses and individuals to travel for any but the most critical of reasons. Added into the risk picture are risks from the actions of cybercriminals, hackers, and nation-state actors are taking advantage of these unsettled times resulting in increased risks for companies whose business models depend upon the Internet for financial transactions, orders, and communications both internal and external.
For this project, you will begin by researching a publicly traded company that engages in e-Commerce. Please make sure that you are using CURRENT information (2019 or later). You will then review the company’s risk statements as published each year in the company’s Annual Report to Investors (also published in the company’s annual filing of SEC Form 10-K). After analyzing the company’s e-Commerce operations and its risk statements about those activities, you will construct and document your own cybersecurity risk analysis which focuses upon the company’s e-Commerce activities (including all supporting business processes).
A list of approved companies appears at the end of this file (see Table 1). If you wish to use a company not on the approved list you must first obtain the approval of your instructor.
Note: before beginning this assignment, you should review NIST SP 800-30 R1: Guide for Conducting Risk Assessments. Pay special attention to Appendix D: “Threat Sources: Taxonomy of Threats Sources Capable of Initiating Threat Events” and Appendix H: “Impact: Effects of Threat Events on Organizations, Individuals, and the Nation.”
Research Your Chosen Company
⦁ Review the company’s website to learn about the products and services which it sells via e-Commerce.
⦁ Retrieve and review the Hoovers profile for the company. These profiles are written by professional analysts; pay close attention to the types of questions the analysts ask and answer in the company profile. Use this URL to access the database http://ezproxy.umgc.edu/login?url=https://www.mergentonline.com/Hoovers
⦁ Use the search bar at the top of the “Search & Build a List” tab to find your chosen company.
⦁ The company profile web pages in the Hoovers database are interactive and have expanding menus / options (see figure below). You may find it helpful to use the “OneStop Report” button to generate a PDF version of the information. Select “Core” under categories (Available Fields: Company Summary, Contacts, Corporate Family, Corporate Overview, SWOT, and News). Click on the field names in the middle column to select them for your report.
⦁ After you have looked at the company website and the Hoovers report, Identify 3 or more additional sources of information about the company and how it operates in cyberspace. These can be news articles, data breach reports, etc. Focus on finding information that addresses how the company is responding in the current economic environment (2019 or later).
⦁ Using the information obtained from your sources, identify the types of information and business operations which drive this company’s need for cybersecurity products and services. (What needs to be protected?)
Analyze the Company’s Risk Statements
⦁ Using the links from Table 1 (at the end of this file), download a copy of your selected company’s most recent Annual Report to Investors from its Form 10-K filing with the United States Securities and Exchange Commission. (Note: the company is the author of its Form 10-K. Do not list the SEC as the author.)
⦁ Read and analyze the Risk Factors section in the company’s report to investors (Item 1.A). This section is a professionally written risk analysis that has been written for a specific audience. Pay close attention to what the company includes as risk factors and how the writers chose to present this information.
⦁ Analyze the risk factors to determine which ones are related to e-Commerce / Internet operations or are otherwise affected by the use of information in digital form and Information Technology systems and infrastructures. Make a list that shows what information, digital assets, and/or business operations (processes) need to be protected from cyberattacks and/or cybercrime (including insiders and external threats) and the type of risk or threat that could affect those assets and processes.