Project 1 – Company Overview
Project 1 – Company Overview
Description
For this project, you will develop a company profile for a Fortune 500, publicly traded company which uses Information Technology to conduct it business operations. Fortune 500 companies almost always have a significant presence in cyberspace and therefore have a need to protect their information, information systems, and information infrastructures from threats and attacks which could originate from anywhere in the world.
You will use the same company for Projects #2, #3, and #4 so, it may be worth your time to review those project description files AND information about multiple companies before deciding which company you will focus on. Project #2 is an IT-focused Risk Assessment for your selected company. Project #3 is an IT-focused Risk Management Strategy for the company. Project #4 is a Privacy-focused Compliance Analysis.
A list of approved companies (those ranking 1-15 in the CY 2021 Fortune 500) appears at the end of this assignment description file (see Table 2). If you wish to use a company not on the approved list, you must first obtain the approval of your instructor. Alternate companies must be in the Fortune 500 and must be publicly traded on one or more of the US-based stock exchanges. The current Fortune 500 List is here: https://fortune.com/fortune500/
Research
1. Chose a company from the table provided at the end of this assignment file. Locate its public website and review how the company presents itself to customers and the general public.
2. Review the company’s Investor Relations website. Compare how it represents itself to investors and shareholders as compared to how it presents itself on its customer-facing website. The link to the Investor Relations website is provided in the table at the end of this file.
3. Review Section 1 of the company’s Form 10-K Annual Report to Investors to learn about how the company presents itself to investors and shareholders. The link to the Form 10-K is provided in the table at the end of this assignment file.
Retrieve the Hoovers profile for your selected company. The base URL for Hoovers is http://ezproxy.umgc.edu/login?url=http://www.mergentonline.com/Hoovers You will need to login to the library using your UMGC SSO login credentials.
a. Enter the company name in the Search bar at the top of the window and then click the search icon.
b. Browse the company profile using the menu on the left.
4. Read and analyze the Company Summary, Company Description, and Company History as presented in the Hoovers profile. Browse through additional sections in the profile to develop an understanding of the company, its products and services, and the geo-political environments in which it operates. Who are its customers? What does it sell (or how does it make money)? What laws and regulatory bodies is it subject to?
Analyze the Company’s Use of Information and IT
Note: You do not need to be precise or exacting in your analysis for this section. It will be sufficient that you identify general categories of information and IT that the company relies upon for its business operations.
1. Review Chapter 2 in (ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide. https://go.oreilly.com/umgc/https://learning.oreilly.com/library/view/isc-2-sscp-systems/9781119854982/
2. Read the following sections in CIPM Certified Information Privacy Manager All-in-One Exam Guide: Appendix A. https://go.oreilly.com/umgc/https://learning.oreilly.com/library/view/cipm-certified-information/9781260474107/
a. Factor Analysis of Information Risk
b. Asset Identification
c. Hardware Assets
d. Subsystem & Software Assets
e. Cloud-based Information Assets
f. Virtual Assets
g. Information Assets
h. Asset Classification
i. Data Classification
3. Identify 3 or more additional sources of information about the company and how it uses information and Information Technologies to conduct its business operations. These sources can be news articles, articles in industry or trade journals, data breach reports, etc.
4. Using your readings and research, develop an information usage profile for your company. Your goal is to identify categories of information that need to be protected against losses of confidentiality, integrity, and availability. Your profile should contain 10 (acceptable) – 15 (excellent) distinct categories of information. You may use the example table shown below or create one of your own design. Your profile should address the following:
a. What types of information does this company collect, process, transmit, and store as part of its business operations?
b. What types of Information Technologies does this company use to accomplish its business objectives? What types of information are required to operate these systems?
c. Does this company use Operational Technologies (e.g., robots and control systems used in manufacturing or for other types of device controls)? What types of information are required for these systems?
d. Summarize the company’s Information Use & Protection Requirements. What is the sensitivity level of the information? What would be the potential impacts of attacks causing loss of confidentiality, integrity, and/or availability both for single incidents and over time.
Table 1. Information Usage Profile (sample)
Category of Information |
Description of the Information Asset(s) |
Sensitivity of the Information |
How is this information used or processed? |
IT Assets using or storing this information |
Customer Records |
Name, address, order history (products or services purchased), payment information. |
Confidential |
Fulfill orders, pre & post-sales support. |
Customer Relationship Management System; Ordering System. |
Product Design Templates |
Design templates used by 3-D printers to create products. |
Trade Secrets |
Used by operational technologies during manufacturing processes (3-D printers). |
Manufacturing database servers; 3-D printers. |
Employee Records |
Employment records for the company’s employees. |
Confidential (PII data; may contain HIPAA data). |
Used by managers and HR for internal business processes. |
HR Information System (database & reports generation). |
Write
1. An introduction section which identifies the company being discussed and provides a brief introduction to the company. Your introduction should also provide the reader with an explanation of the purpose of this deliverable (the “Company Profile”) and the information that will be presented herein.
2. A separate analysis section which provides an overview of the company’s operations and establishes the context for the risk analysis and risk strategy which you will construct in Projects #2 and #3. You should synthesize information from the Hoovers profile, the company’s website, and additional information from your own research to generate your own profile of the company. At a minimum you should identify the company and cover the following basic information: when it was founded, by whom, major products or services provided by the company, significant events in the company’s history, and the geo-political environment in which it operates. Additional useful information could include headquarters location, additional operating locations, key personnel, primary types of business activities and locations, major competitors, stock information (including ticker symbol or NASDAQ code), recent financial performance, etc.
3. A separate analysis section in which you describe this company’s use of information and information technologies to conduct its business operations. What information and/or business operations need to be protected against losses of confidentiality, integrity, and/or availability? Include and explain the Information Usage Profile you constructed as part of your analysis of the company. (Include Table 1 at the end of this section. A blank template for Table 1 appears at the end of this file.)
4. A closing (summary) section which briefly summarizes your research and analysis regarding the company, its operations, and the information assets which it depends upon.
Submit Your Work for Grading and Feedback
Before you submit your work, check the rubric (displayed in the Assignment Folder entry) to make sure that you have covered all required content including citations and references.
Submit your work in MS Word format (.docx or .doc file) using the Project #1 Assignment in your assignment folder. (Attach the file.)
Additional Information
1. Your 5 to 8 page Company Profile should be professional in appearance with consistent use of fonts, font sizes, colors, margins, etc. You should use headings and sub-headings to organize your paper. Use headings which correspond to the content rows in the rubric – this will make it easier for your instructor to find required content elements and will help you ensure that you have covered all required sections and content in your paper.
2. The stated page length is a recommendation based upon the content requirements of the assignment. All pages submitted will be graded but, for the highest grades, your work must be clear, concise, and accurate. Exceeding the recommended length will not necessarily result in a higher grade. Shorter submissions may not fully meet the content requirements resulting in a lower grade.
3. The INFA program requires that graduate students follow standard APA style guidance for both formatting and citing/reference sources. Your file submission must be in MS Word format (.docx). PDF, ODF, and other types of files are not acceptable.
4. You must include a cover page with the course, the assignment title, your name, your instructor’s name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s minimum page count.
5. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
6. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow APA Style guidance. Use of required readings from the course as sources is expected and encouraged. Where used, you must cite and provide references for these readings.
7. When using Security and Privacy controls from NIST SP 800-53, you must use the exact numbering and names (titles) when referring to those controls. This information does not need to be treated as quotations. You may paraphrase or quote from the descriptions of the controls provided that you appropriately mark copied text (if any) and attach a citation for both quoted and paraphrased information.
8. Consult the grading rubric for specific content and formatting requirements for this assignment.
9. All work submitted to the Assignment Folder will be scanned by the Turn It In service. We use this service to help identify areas for improvement in student writing.
Table 1. Information Usage Profile for [company]
Category of Information |
Description of the Information Asset(s) |
Sensitivity of the Information |
How is this information used or processed? |
IT Assets using or storing this information |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Table 2. Approved Companies List.
Company |
Investor Relations Website |
Form 10K |
1. Walmart |
https://stock.walmart.com/investors/default.aspx |
https://d18rn0p25nwr6d.cloudfront.net/CIK-0000104169/c68fb8be-2602-4f2a-aee0-261b4f04b970.pdf |
2. Amazon |
https://ir.aboutamazon.com/overview/default.aspx |
https://d18rn0p25nwr6d.cloudfront.net/CIK-0001018724/f965e5c3-fded-45d3-bbdb-f750f156dcc9.pdf |
3. Apple |
https://investor.apple.com/investor-relations/default.aspx |
https://d18rn0p25nwr6d.cloudfront.net/CIK-0000320193/42ede86f-6518-450f-bc88-60211bf39c6d.pdf |
4. CVS Health |
http://cvs2018ir.q4web.com/investors/default.aspx |
http://d18rn0p25nwr6d.cloudfront.net/CIK-0000064803/d06cfa07-b8f8-49c0-9f5c-552a41b68e5d.pdf |
5. UnitedHealth Group |
https://www.unitedhealthgroup.com/investors.html |
https://www.unitedhealthgroup.com/content/dam/UHG/PDF/investors/2021/UNH-Q4-2021-Form-10-K.pdf |
6. Berkshire Hathaway |
https://www.berkshirehathaway.com/ |
https://www.berkshirehathaway.com/2021ar/202110-k.pdf |
7. McKesson |
https://investor.mckesson.com/overview/default.aspx |
https://d18rn0p25nwr6d.cloudfront.net/CIK-0000927653/6ef22e31-cd85-48b6-a3f1-f5e49beea6e6.pdf |
8. AmerisourceBergen |
https://investor.amerisourcebergen.com/overview/default.aspx |
https://s27.q4cdn.com/189772748/files/doc_financials/2021/ar/b47c1896-508a-4d81-9922-ccbd19d08da6.pdf |
9. Alphabet |
https://abc.xyz/investor/ |
https://abc.xyz/investor/static/pdf/20220202_alphabet_10K.pdf?cache=fc81690 |
10. Exxon Mobil |
https://corporate.exxonmobil.com/Investors/Investor-relations |
https://ir.exxonmobil.com/static-files/73aca83c-e65f-42ec-9a13-a7b04a302b7f |
11. AT&T |
https://investors.att.com/ |
https://otp.tools.investis.com/clients/us/atnt2/sec/sec-show.aspx?FilingId=15576872&Cik=0000732717&Type=PDF&hasPdf=1 |
12. Costco Wholesale |
https://investor.costco.com/ |
https://investor.costco.com/static-files/726b9fb1-7933-46df-a6de-5b4eb95816c7 |
13. Cigna |
https://investors.cigna.com/home/default.aspx |
https://d18rn0p25nwr6d.cloudfront.net/CIK-0001739940/ccfa22e8-0ba7-4f44-b01e-0b441829769b.pdf |
14. Cardinal Health |
https://ir.cardinalhealth.com/Home/ |
https://d18rn0p25nwr6d.cloudfront.net/CIK-0000721371/7b1e4511-f728-4423-b557-a23766ff6ab1.pdf |
15. Microsoft |
https://www.microsoft.com/en-us/investor |
https://microsoft.gcs-web.com/static-files/0a2b8528-fb8b-4d11-8da2-fd9fa988a155 |
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.