For this project, you will develop a company profile for a Fortune 500, publicly traded company which uses Information Technology to conduct it business operations.

For this project, you will develop a company profile for a Fortune 500, publicly traded company which uses Information Technology to conduct it business operations. Fortune 500 companies almost always have a significant presence in cyberspace and therefore have a need to protect their information, information systems, and information infrastructures from threats and attacks which could originate from anywhere in the world.

 

You will use the same company for Projects #2, #3, and #4 so, it may be worth your time to review those project description files AND information about multiple companies before deciding which company you will focus on. Project #2 is an IT-focused Risk Assessment for your selected company. Project #3 is an IT-focused Risk Management Strategy for the company. Project #4 is a Privacy-focused Compliance Analysis.

 

A list of approved companies (those ranking 1-15 in the CY 2021 Fortune 500) appears at the end of this assignment description file (see Table 2). If you wish to use a company not on the approved list, you must first obtain the approval of your instructor. Alternate companies must be in the Fortune 500 and must be publicly traded on one or more of the US-based stock exchanges. The current Fortune 500 List is here: https://fortune.com/fortune500/

 

Research

 

Chose a company from the table provided at the end of this assignment file. Locate its public website and review how the company presents itself to customers and the general public.

Review the company’s Investor Relations website. Compare how it represents itself to investors and shareholders as compared to how it presents itself on its customer-facing website. The link to the Investor Relations website is provided in the table at the end of this file.

Review Section 1 of the company’s Form 10-K Annual Report to Investors to learn about how the company presents itself to investors and shareholders. The link to the Form 10-K is provided in the table at the end of this assignment file.

Enter the company name in the Search bar at the top of the window and then click the search icon.

Browse the company profile using the menu on the left.

Read and analyze the Company Summary, Company Description, and Company History as presented in the Hoovers profile. Browse through additional sections in the profile to develop an understanding of the company, its products and services, and the geo-political environments in which it operates. Who are its customers? What does it sell (or how does it make money)? What laws and regulatory bodies is it subject to?

Retrieve the Hoovers profile for your selected company. The base URL for Hoovers is http://ezproxy.umgc.edu/login?url=http://www.mergentonline.com/Hoovers You will need to login to the library using your UMGC SSO login credentials.

 

Analyze the Company’s Use of Information and IT

 

Note: You do not need to be precise or exacting in your analysis for this section. It will be sufficient that you identify general categories of information and IT that the company relies upon for its business operations.

 

Review Chapter 2 in (ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide. https://go.oreilly.com/umgc/https://learning.oreilly.com/library/view/isc-2-sscp-systems/9781119854982/

Read the following sections in CIPM Certified Information Privacy Manager All-in-One Exam Guide: Appendix A. https://go.oreilly.com/umgc/https://learning.oreilly.com/library/view/cipm-certified-information/9781260474107/

Factor Analysis of Information Risk

Asset Identification

Hardware Assets

Subsystem & Software Assets

Cloud-based Information Assets

Virtual Assets

Information Assets

Asset Classification

Data Classification

Identify 3 or more additional sources of information about the company and how it uses information and Information Technologies to conduct its business operations. These sources can be news articles, articles in industry or trade journals, data breach reports, etc.

Using your readings and research, develop an information usage profile for your company. Your goal is to identify categories of information that need to be protected against losses of confidentiality, integrity, and availability. Your profile should contain 10 (acceptable) – 15 (excellent) distinct categories of information. You may use the example table shown below or create one of your own design. Your profile should address the following:

What types of information does this company collect, process, transmit, and store as part of its business operations?

What types of Information Technologies does this company use to accomplish its business objectives? What types of information are required to operate these systems?

Does this company use Operational Technologies (e.g., robots and control systems used in manufacturing or for other types of device controls)? What types of information are required for these systems?

Summarize the company’s Information Use & Protection Requirements. What is the sensitivity level of the information? What would be the potential impacts of attacks causing loss of confidentiality, integrity, and/or availability both for single incidents and over time.

Table 1. Information Usage Profile (sample)

 

Category of Information

 

Description of the Information Asset(s)

 

Sensitivity of the Information

 

How is this information used or processed?

 

IT Assets using or storing this information

 

Customer Records

 

Name, address, order history (products or services purchased), payment information.

 

Confidential

 

Fulfill orders, pre & post-sales support.

 

Customer Relationship Management System; Ordering System.

 

Product Design Templates

 

Design templates used by 3-D printers to create products.

 

Trade Secrets

 

Used by operational technologies during manufacturing processes (3-D printers).

 

Manufacturing database servers; 3-D printers.

 

Employee Records

 

Employment records for the company’s employees.

 

Confidential (PII data; may contain HIPAA data).

 

Used by managers and HR for internal business processes.

 

HR Information System (database & reports generation).

 

Write

An introduction section which identifies the company being discussed and provides a brief introduction to the company. Your introduction should also provide the reader with an explanation of the purpose of this deliverable (the “Company Profile”) and the information that will be presented herein.

A separate analysis section which provides an overview of the company’s operations and establishes the context for the risk analysis and risk strategy which you will construct in Projects #2 and #3. You should synthesize information from the Hoovers profile, the company’s website, and additional information from your own research to generate your own profile of the company. At a minimum you should identify the company and cover the following basic information: when it was founded, by whom, major products or services provided by the company, significant events in the company’s history, and the geo-political environment in which it operates. Additional useful information could include headquarters location, additional operating locations, key personnel, primary types of business activities and locations, major competitors, stock information (including ticker symbol or NASDAQ code), recent financial performance, etc.

A separate analysis section in which you describe this company’s use of information and information technologies to conduct its business operations. What information and/or business operations need to be protected against losses of confidentiality, integrity, and/or availability? Include and explain the Information Usage Profile you constructed as part of your analysis of the company. (Include Table 1 at the end of this section. A blank template for Table 1 appears at the end of this file.)

A closing (summary) section which briefly summarizes your research and analysis regarding the company, its operations, and the information assets which it depends upon.

Submit Your Work for Grading and Feedback

Before you submit your work, check the rubric (displayed in the Assignment Folder entry) to make sure that you have covered all required content including citations and references.

 

Submit your work in MS Word format (.docx or .doc file) using the Project #1 Assignment in your assignment folder. (Attach the file.)

 

Additional Information

Your 5 to 8 page Company Profile should be professional in appearance with consistent use of fonts, font sizes, colors, margins, etc. You should use headings and sub-headings to organize your paper. Use headings which correspond to the content rows in the rubric – this will make it easier for your instructor to find required content elements and will help you ensure that you have covered all required sections and content in your paper.

The stated page length is a recommendation based upon the content requirements of the assignment. All pages submitted will be graded but, for the highest grades, your work must be clear, concise, and accurate. Exceeding the recommended length will not necessarily result in a higher grade. Shorter submissions may not fully meet the content requirements resulting in a lower grade.

The INFA program requires that graduate students follow standard APA style guidance for both formatting and citing/reference sources. Your file submission must be in MS Word format (.docx). PDF, ODF, and other types of files are not acceptable.

You must include a cover page with the course, the assignment title, your name, your instructor’s name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s minimum page count.

You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.

You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow APA Style guidance. Use of required readings from the course as sources is expected and encouraged. Where used, you must cite and provide references for these readings.

When using Security and Privacy controls from NIST SP 800-53, you must use the exact numbering and names (titles) when referring to those controls. This information does not need to be treated as quotations. You may paraphrase or quote from the descriptions of the controls provided that you appropriately mark copied text (if any) and attach a citation for both quoted and paraphrased information.

Consult the grading rubric for specific content and formatting requirements for this assignment.

All work submitted to the Assignment Folder will be scanned by the Turn It In service. We use this service to help identify areas for improvement in student writing.

 

 

Table 1. Information Usage Profile for [company]

 

Category of Information

 

Description of the Information Asset(s)

 

Sensitivity of the Information

 

How is this information used or processed?

 

IT Assets using or storing this information

 

Table 2. Approved Companies List.

 

Company

 

Investor Relations Website

 

Form 10K

 

1. Walmart

 

https://stock.walmart.com/investors/default.aspx

 

https://d18rn0p25nwr6d.cloudfront.net/CIK-00001041…

 

2. Amazon

 

https://ir.aboutamazon.com/overview/default.aspx

 

https://d18rn0p25nwr6d.cloudfront.net/CIK-00010187…

 

3. Apple

 

https://investor.apple.com/investor-relations/defa…

 

https://d18rn0p25nwr6d.cloudfront.net/CIK-00003201…

 

4. CVS Health

 

http://cvs2018ir.q4web.com/investors/default.aspx

 

http://d18rn0p25nwr6d.cloudfront.net/CIK-000006480…

 

5. UnitedHealth Group

 

https://www.unitedhealthgroup.com/investors.html

 

https://www.unitedhealthgroup.com/content/dam/UHG/…

 

6. Berkshire Hathaway

 

https://www.berkshirehathaway.com/

 

https://www.berkshirehathaway.com/2021ar/202110-k….

 

7. McKesson

 

https://investor.mckesson.com/overview/default.asp…

 

https://d18rn0p25nwr6d.cloudfront.net/CIK-00009276…

 

8. AmerisourceBergen

 

https://investor.amerisourcebergen.com/overview/de…

 

https://s27.q4cdn.com/189772748/files/doc_financia…

 

9. Alphabet

 

https://abc.xyz/investor/

 

https://abc.xyz/investor/static/pdf/20220202_alpha…

 

10. Exxon Mobil

 

https://corporate.exxonmobil.com/Investors/Investo…

 

https://ir.exxonmobil.com/static-files/73aca83c-e6…

 

11. AT&T

 

https://investors.att.com/

 

https://otp.tools.investis.com/clients/us/atnt2/se…

 

12. Costco Wholesale

 

https://investor.costco.com/

 

https://investor.costco.com/static-files/726b9fb1-…

 

13. Cigna

 

https://investors.cigna.com/home/default.aspx

 

https://d18rn0p25nwr6d.cloudfront.net/CIK-00017399…

 

14. Cardinal Health

 

https://ir.cardinalhealth.com/Home/

 

https://d18rn0p25nwr6d.cloudfront.net/CIK-00007213…

 

15. Microsoft

 

https://www.microsoft.com/en-us/investor

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.