Expert answer:Corporate profile

Solved by verified expert:Write Develop a 2 to 3 page Executive Summary from your Corporate Profile Part 1 (reuse and/or improve upon the business profile). Your Executive Summary should:Provide an overview of the company and summarize its business operations.Discuss the sources, potential impacts, and mitigation approach/strategy for cybersecurity related risks identified in the company’s annual report. End with a separate summation paragraph that provides a summary of your research and findings about the company and its cybersecurity risks. Copy the Risk Register & Security Control Recommendations table (see template at the end of this assignment) to the end of the file that contains your Executive Summary.Using the information you collected during your research, complete the table. Make sure that you include a name and description for each risk. For the security controls, make sure that you include the family name and a description of how each recommended control should be implemented (implementation approach). Include the control family only. Do not include individual security controls from NIST SP 800-53. Additional Information The Executive Summary should appear at the beginning of your submission file. The Risk Register table should appear AFTER the Executive Summary and be placed in the SAME file.The Risk Identifiers in the Risk Table are numbers that uniquely identify each risk and can be used for cross-referencing into other documents. Examples of acceptable identifiers are: 001, 002, 003 …
corporate_profile_part_2.docx

rubric.docx

Unformatted Attachment Preview

Corporate Profile Part 2: Cybersecurity Risk Profile
For this paper, you will construct a cybersecurity risk profile for the company that you
wrote about in Part 1 of the Corporate Profile project. Your risk profile, which includes an
Executive Summary, Risk Register, and Risk Mitigation Recommendations (Approach &
Security Controls by family), will be developed from information provided by the company in its
Form 10-K filing (Annual Report to Investors) retrieved from the U.S. Securities and Exchange
Commission (SEC) Edgar database. You will also need to do additional research to identify
security controls, products, and services which could be included in the company’s risk response
(actions it will take to manage cybersecurity related risk).
Research
1. Review the Risk section of the company’s SEC Form 10-K. Develop a list of 5 or more
specific cyberspace or cybersecurity related risks which the company included in its
report to investors. Your list should include the source(s) of the risks and the potential
impacts as identified by the company.
2. For each risk, identify the risk management or mitigation strategies which the company
has implemented or plans to implement.
3. Next, use the control families listed in the NIST Special Publication 800-53
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf to identify
general categories of controls which could be used or added to the company’s risk
management strategy for each risk in your list.
4. For each control family, develop a description of how the company should implement
these controls (“implementation approach”) as part of its risk management strategy.
Write
1. Develop a 2 to 3 page Executive Summary from your Corporate Profile Part 1 (reuse
and/or improve upon the business profile). Your Executive Summary should:
a. Provide an overview of the company and summarize its business operations.
b. Discuss the sources, potential impacts, and mitigation approach/strategy for
cybersecurity related risks identified in the company’s annual report.
c. End with a separate summation paragraph that provides a summary of your
research and findings about the company and its cybersecurity risks.
2. Copy the Risk Register & Security Control Recommendations table (see template at the
end of this assignment) to the end of the file that contains your Executive Summary.
3. Using the information you collected during your research, complete the table. Make sure
that you include a name and description for each risk. For the security controls, make
sure that you include the family name and a description of how each recommended
control should be implemented (implementation approach). Include the control family
only. Do not include individual security controls from NIST SP 800-53.
Additional Information
1. The Executive Summary should appear at the beginning of your submission file.
2. The Risk Register table should appear AFTER the Executive Summary and be placed in
the SAME file.
3. The Risk Identifiers in the Risk Table are numbers that uniquely identify each risk and
can be used for cross-referencing into other documents. Examples of acceptable
identifiers are: 001, 002, 003 …
Your Risk Profile is to be prepared using basic APA formatting (including title page and
reference list) and submitted as an MS Word attachment to the Corporate Profile Part 2 entry in
your assignments folder. See the sample paper and paper template provided in Course Resources
> APA Resources for formatting examples. Consult the grading rubric for specific content and
formatting requirements for this assignment.
Note: for this assignment you will be preparing a very high level risk register. Preparing
a fully developed risk register and risk profile is beyond the scope of this course.
— Copy from the next line to the end of this file and paste into your deliverable -Table 1. Risk Register & Risk Mitigation Approach with Recommended Security Controls
Risk
Identifier
Sequence #
Description of the Risk &
Current Risk Management
Strategy
Must be from Form 10-K. Split
complex risk statements into multiple
individual risk statements.
Risk Mitigation Approach with
Recommended Security Controls
(by NIST SP 800-53 family)
Must explicitly include NIST Control
Family (two character ID) as part of
recommended mitigation.
Corporate Profile Part 2: Cybersecurity Risk Profile
Criteria
Needs
Excelle Outstand Acceptab
Needs Significant
Missing or
Improveme
nt
ing
le
Improvement
Unacceptable
nt
15 points
12 points
Executiv
e
Summary
:
Introduct
ion to the
Company
Executiv
e
Summary
: Sources
of
Cybersec
urity
Risk
Provided
an
excellent
introducti
on which
identified
the
company
being
profiled
and
included a
brief
overview
of the
company
(may
reuse
narrative
from Part
1 of this
assignmen
t).
Appropriat
ely used
informatio
n from 3
or more
authoritati
ve
sources.
11 points
Provided an
outstanding
introduction
which
identified
the
company
being
profiled and
included a
brief
overview of
the
company
(may reuse
narrative
from Part 1
of this
assignment)
.
Appropriate
ly used
information
from 2 or
more
authoritativ
e sources.
Provided an
introduction
which
identified
the
company
being
profiled and
included a
brief
overview of
the
company
(may reuse
narrative
from Part 1
of this
assignment)
.
Appropriate
ly used
information
from
authoritativ
e sources.
10 points
Provided an
introduction to
the company
but the section
lacked some
required
details.
Information
from
authoritative
sources was
cited and used
in the
overview.
6 points
0 points
Attempted to provide
an introduction to the
company but this
section lacked detail
and/or was not well
supported by
information drawn
from authoritative
sources.
The introduction
section was
missing or did not
clearly identify
the company.
15 points 12 points 11 points 10 points
6 points
Provided
an
excellent
summary
of the
sources,
potential
impacts,
Provided a discussion
of the cybersecurity
risks that the company
Risk discussion
faces. The
was missing or off
discussionlacked detail
topic.
and/or was not well
supported by
information drawn
Provided an
outstanding
summary of
the sources,
potential
impacts,
and planned
mitigation
Provided a
summary of
the sources,
potential
impacts,
and planned
mitigation
approach/st
Provided a
summary of
the sources,
potential
impacts, and
planned
mitigation
approach/strat
0 points
and
planned
mitigation
approach/
strategy
for
cyberspac
e and/or
cybersecur
ity related
risks as
identified
in the Risk
Section of
the
company’s
annual
report.
approach/st
rategy for
cyberspace
and/or
cybersecurit
y related
risks as
identified in
the Risk
Section of
the
company’s
annual
report. Appr
opriately
used and
cited
information
from 3 or
more
authoritativ
e sources.
rategy for
cyberspace
and/or
cybersecurit
y related
risks as
identified in
the Risk
Section of
the
company’s
annual
report. Appr
opriately
used and
cited
information
from 2 or
more
authoritativ
e sources.
egy for
from authoritative
cyberspace
sources.
and/or
cybersecurity
related risks as
identified in
the Risk
Section of the
company’s
annual
report. Approp
riately used
and cited
information
from
authoritative
sources.
10 points
8.5 points
Provided
an
excellent
summati
on to
close the
risk
profile
Executiv
executiv
e
e
Summary
summar
: Closing
y. This
Section
section
was
clear,
concise,
and
accurate.
Appropri
ately
used
informat
ion from
6 points
Provided
an
outstandin
g
summatio
n to close
the risk
profile
executive
summary.
This
section
was clear
and
accurate.
Appropria
tely used
informatio
n from
authoritati
ve sources
7 points
Provided
an
acceptable
summatio
n to close
the risk
profile
executive
summary.
Appropria
tely used
informatio
n from
authoritati
ve sources
Provided
closing
section for
the risk
profile
executive
summary.
This section
was
disorganized
or lacking in
relevant
information.
Mentioned
information
from
authoritative
sources
4 points
Attempted to
provide a closing
for the executive
summary. But, this
section was off
topic or lacking in
relevant
information. Or,
this section was not
well supported by
information from
authoritative
sources
0 points
Summation for
the executive
summary was
missing.
authorita
tive
sources
15 points
14 points
Table:
Risk
Register
Provided a
complete,
concise,
and
thorough
Risk
Register
(columns
1 and 2 of
table) for
10 or
more
cyberspac
e or
cybersecur
ity related
risks as
identified
in the
company’s
annual
report.
(Risk ID
was
numeric
sequence
# or short
title
suitable
for crossreferencin
g.)
13 points
Provided a
complete,
concise, and
thorough
Risk
Register
(columns 1
and 2 of
table) for 8
or more
cyberspace
or
cybersecurit
y related
risks as
identified in
the
company’s
annual
report. (Risk
ID was
numeric
sequence #
or short title
suitable for
crossreferencing.
)
Provided a
completed
Risk
Register
(columns 1
and 2 of
table) for 5
or more
cyberspace
or
cybersecurit
y related
risks as
identified in
the
company’s
annual
report. (Risk
ID was
numeric
sequence #
or short title
suitable for
crossreferencing.
)
11 points
Provided a
completed
Risk Register
(columns 1
and 2 of table)
for at least
three
cyberspace or
cybersecurity
related risks
which the
company
faces.
15 points 14 points 13 points 11 points
9 points
Attempted to complete
the Risk Register
(columns 1 and 2 of
table) for 3 or more
entries but information
about the risks was
lacking details and/or
the risk register
contained an in
appropriate or
excessive amount of
“copied” information.
0 points
Did not complete
3 or more entries
in the Risk
Register.
9 points
0 points
Table:
Risk
Mitigatio
n
Approac
h
Provided a
complete,
concise,
and
thorough
Risk
Mitigation
Approach
with
Provided a
complete,
concise, and
thoroughRis
k Mitigation
Approach
with
Recommen
dation
Provided a
completed
Risk
Mitigation
Approach
with
Recommen
dation
Security
Provided a
completed Ris
k Mitigation
Approach with
Recommendati
on Security
Controls by
family (column
3 of table) for
Attempted to complete
the Risk Mitigation
Approach with
Recommendation
Security Controls by
family (column 3 of
table) for 3 or more
entries but information
about risk mitigation
Did not complete
3 or more entries
in the Risk
Mitigation
Approach column
of the table.
Recomme
ndation
Security
Controls
by family
(column 3
of table)
for 10 or
more
cyberspac
e or
cybersecur
ity related
risks as
identified
in the
company’s
annual
report.
Security
Controls by
family
(column 3
of table) for
8 or more
cyberspace
or
cybersecurit
y related
risks as
identified in
the
company’s
annual
report.
Controls by
family
(column 3
of table) for
5 or more
cyberspace
or
cybersecurit
y related
risks as
identified in
the
company’s
annual
report.
at least three
cyberspace or
cybersecurity
related risks
which the
company
faces.
3 points
2 points
was lacking details
and/or was not well
supported by
information drawn
from authoritative
sources.
5 points
Professio
nalism:
Addresse
d security
issues
using
standard
cybersec
urity
terminolo
gy
4 points
Demonstr
ated
excellence
in the
integratio
n of
standard
cybersecur
ity
terminolo
gy into the
case
study.
0 points
Provided an
outstanding
integration
of standard
cybersecurit
y
terminology
into the
case study.
5 points 4 points
Professio
nalism:
APA
Formatti
ng for
Citations
and
Referenc
e List
Work
contains a
reference
list
containing
entries for
all cited
resources.
Reference
list entries
and in-text
citations
Work
contains a
reference
list
containing
entries for
all cited
resources.
One or two
minor
errors in
APA format
1 point
Integrated
standard
cybersecurit
y
terminology
into the into
the case
study
Used standard
cybersecurity
terminology
Misused standard
but this usage
cybersecurity
was not well
terminology.
integrated
with the
discussion.
3 points
2 points
Work
contains a
reference
list
containing
entries for
all cited
resources.
No more
than 3
minor
errors in
Work has no
more than
three
paragraphs
with omissions
of citations
crediting
sources for
facts and
information.
Work contains
a reference list
1 point
Work attempts to
credit sources but
demonstrates a
fundamental failure to
understand and apply
the APA formatting
standard as defined in
the Publication Manual
of the American
Psychological
Association (6th ed.).
Did not integrate
standard
cybersecurity
terminology into
the discussion.
0 points
Reference list is
missing. Work
demonstrates an
overall failure to
incorporate
and/or credit
authoritative
sources for
information used
in the paper.
are
correctly
formatted
using the
appropriat
e APA
style for
each type
of
resource.
for in-text
citations
and/or
reference
list entries.
4 points
5 points
Professio
nalism:
Organiza
tion &
Appearan
ce
Submitted
work
shows
outstandin
g
organizati
on and the
use of
color,
fonts,
titles,
headings
and subheadings,
etc. is
appropriat
e to the
assignmen
t type.
15 points
Professio
nalism:
Executio
n
No
formatting
, grammar,
spelling, or
punctuatio
n errors.
Submitted
work has
minor style
or
formatting
flaws but
still
presents a
professional
appearance.
Submitted
work is well
organized
and
appropriatel
y uses color,
fonts, and
section
headings
(per the
assignment’
s
directions).
APA format
for in-text
citations
and/or
reference
list entries.
containing
entries for
cited
resources.
Work contains
no more than
5 minor errors
in APA format
for in-text
citations
and/or
reference list
entries.
3 points
Organizatio
n and/or
appearance
of
submitted
work could
be
improved
through
better use
of fonts,
color, titles,
headings,
etc. OR
Submitted
work has
multiple
style or
formatting
errors.
Professional
appearance
could be
improved.
2 points
Submitted
work has
multiple style
or formatting
errors.
Organization
and
professional
appearance
need
substantial
improvement.
14 points 13 points 11 points
1 point
0 points
Submitted work meets
minimum
requirements but has
major style and
formatting errors.
Work is disorganized
and needs to be
rewritten for
readability and
professional
appearance.
Submitted work is
poorly organized
and formatted.
Writing and
presentation are
lacking in
professional style
and appearance.
Work does not
reflect college
level writing skills.
4 points
0 points
Work
contains
minor
errors in
formatting,
grammar,
spelling or
Errors in
formatting,
spelling,
grammar, or
punctuation
which
detract
Submitted
work has
numerous
errors in
formatting,
spelling,
grammar, or
Submitted work is
difficult to read /
understand and has
significant errors in
formatting, spelling,
grammar, punctuation,
or word usage.
Submitted work is
poorly executed
OR does not
reflect college
level work.
punctuation
which do
not
significantly
impact
professional
appearance.
Overall
Score
from
professional
appearance
of the
submitted
work.
punctuation.
Work is
unprofessional
in appearance.
Excelle Outstand Acceptab
Needs
Needs Significant
Missing or
nt
ing
le
Improveme
Improvement
Unacceptable
90 or
80 or
70 or
nt
36 or more
0 or more
more
more
more
56 or more
…
Purchase answer to see full
attachment

How it works

1. Paste your instructions in the instructions box. You can also attach an instructions file
2. Select the writer category, deadline, education level and review the instructions 
3. Make a payment for the order to be assignment to a writer
4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades