Foundations of Information Security and Assurance

Description

Project 1 – Company Overview
Description

For this project, you will develop a company profile for a Fortune 500, publicly traded company which uses Information Technology to conduct it business operations. Fortune 500 companies almost always have a significant presence in cyberspace and therefore have a need to protect their information, information systems, and information infrastructures from threats and attacks which could originate from anywhere in the world.

You will use the same company for Projects #2, #3, and #4 so, it may be worth your time to review those project description files AND information about multiple companies before deciding which company you will focus on. Project #2 is an IT-focused Risk Assessment for your selected company. Project #3 is an IT-focused Risk Management Strategy for the company. Project #4 is a Privacy-focused Compliance Analysis.

A list of approved companies (those ranking 1-15 in the CY 2021 Fortune 500) appears at the end of this assignment description file (see Table 2). If you wish to use a company not on the approved list, you must first obtain the approval of your instructor. Alternate companies must be in the Fortune 500 and must be publicly traded on one or more of the US-based stock exchanges. The current Fortune 500 List is here: https://fortune.com/fortune500/

Research

Chose a company from the table provided at the end of this assignment file. Locate its public website and review how the company presents itself to customers and the general public.
Review the company’s Investor Relations website. Compare how it represents itself to investors and shareholders as compared to how it presents itself on its customer-facing website. The link to the Investor Relations website is provided in the table at the end of this file.
Review Section 1 of the company’s Form 10-K Annual Report to Investors to learn about how the company presents itself to investors and shareholders. The link to the Form 10-K is provided in the table at the end of this assignment file.
Enter the company name in the Search bar at the top of the window and then click the search icon.
Browse the company profile using the menu on the left.
Read and analyze the Company Summary, Company Description, and Company History as presented in the Hoovers profile. Browse through additional sections in the profile to develop an understanding of the company, its products and services, and the geo-political environments in which it operates. Who are its customers? What does it sell (or how does it make money)? What laws and regulatory bodies is it subject to?

Retrieve the Hoovers profile for your selected company. The base URL for Hoovers is http://ezproxy.umgc.edu/login?url=http://www.mergentonline.com/Hoovers You will need to login to the library using your UMGC SSO login credentials.

Analyze the Company’s Use of Information and IT

Note: You do not need to be precise or exacting in your analysis for this section. It will be sufficient that you identify general categories of information and IT that the company relies upon for its business operations.

Review Chapter 2 in (ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide. https://go.oreilly.com/umgc/https://learning.oreilly.com/library/view/isc-2-sscp-systems/9781119854982/
Read the following sections in CIPM Certified Information Privacy Manager All-in-One Exam Guide: Appendix A. https://go.oreilly.com/umgc/https://learning.oreilly.com/library/view/cipm-certified-information/9781260474107/
Factor Analysis of Information Risk
Asset Identification
Hardware Assets
Subsystem & Software Assets
Cloud-based Information Assets
Virtual Assets
Information Assets
Asset Classification
Data Classification
Identify 3 or more additional sources of information about the company and how it uses information and Information Technologies to conduct its business operations. These sources can be news articles, articles in industry or trade journals, data breach reports, etc.
Using your readings and research, develop an information usage profile for your company. Your goal is to identify categories of information that need to be protected against losses of confidentiality, integrity, and availability. Your profile should contain 10 (acceptable) – 15 (excellent) distinct categories of information. You may use the example table shown below or create one of your own design. Your profile should address the following:
What types of information does this company collect, process, transmit, and store as part of its business operations?
What types of Information Technologies does this company use to accomplish its business objectives? What types of information are required to operate these systems?
Does this company use Operational Technologies (e.g., robots and control systems used in manufacturing or for other types of device controls)? What types of information are required for these systems?
Summarize the company’s Information Use & Protection Requirements. What is the sensitivity level of the information? What would be the potential impacts of attacks causing loss of confidentiality, integrity, and/or availability both for single incidents and over time.

Table 1. Information Usage Profile (sample)

Category of Information

Description of the Information Asset(s)

Sensitivity of the Information

How is this information used or processed?

IT Assets using or storing this information

Customer Records

Name, address, order history (products or services purchased), payment information.

Confidential

Fulfill orders, pre & post-sales support.

Customer Relationship Management System; Ordering System.

Product Design Templates

Design templates used by 3-D printers to create products.

Trade Secrets

Used by operational technologies during manufacturing processes (3-D printers).

Manufacturing database servers; 3-D printers.

Employee Records

Employment records for the company’s employees.

Confidential (PII data; may contain HIPAA data).

Used by managers and HR for internal business processes.

HR Information System (database & reports generation).

Write
An introduction section which identifies the company being discussed and provides a brief introduction to the company. Your introduction should also provide the reader with an explanation of the purpose of this deliverable (the “Company Profile”) and the information that will be presented herein.
A separate analysis section which provides an overview of the company’s operations and establishes the context for the risk analysis and risk strategy which you will construct in Projects #2 and #3. You should synthesize information from the Hoovers profile, the company’s website, and additional information from your own research to generate your own profile of the company. At a minimum you should identify the company and cover the following basic information: when it was founded, by whom, major products or services provided by the company, significant events in the company’s history, and the geo-political environment in which it operates. Additional useful information could include headquarters location, additional operating locations, key personnel, primary types of business activities and locations, major competitors, stock information (including ticker symbol or NASDAQ code), recent financial performance, etc.
A separate analysis section in which you describe this company’s use of information and information technologies to conduct its business operations. What information and/or business operations need to be protected against losses of confidentiality, integrity, and/or availability? Include and explain the Information Usage Profile you constructed as part of your analysis of the company. (Include Table 1 at the end of this section. A blank template for Table 1 appears at the end of this file.)
A closing (summary) section which briefly summarizes your research and analysis regarding the company, its operations, and the information assets which it depends upon.
Submit Your Work for Grading and Feedback

Before you submit your work, check the rubric (displayed in the Assignment Folder entry) to make sure that you have covered all required content including citations and references.

Submit your work in MS Word format (.docx or .doc file) using the Project #1 Assignment in your assignment folder. (Attach the file.)

Additional Information
Your 5 to 8 page Company Profile should be professional in appearance with consistent use of fonts, font sizes, colors, margins, etc. You should use headings and sub-headings to organize your paper. Use headings which correspond to the content rows in the rubric – this will make it easier for your instructor to find required content elements and will help you ensure that you have covered all required sections and content in your paper.
The stated page length is a recommendation based upon the content requirements of the assignment. All pages submitted will be graded but, for the highest grades, your work must be clear, concise, and accurate. Exceeding the recommended length will not necessarily result in a higher grade. Shorter submissions may not fully meet the content requirements resulting in a lower grade.
The INFA program requires that graduate students follow standard APA style guidance for both formatting and citing/reference sources. Your file submission must be in MS Word format (.docx). PDF, ODF, and other types of files are not acceptable.
You must include a cover page with the course, the assignment title, your name, your instructor’s name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s minimum page count.
You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow APA Style guidance. Use of required readings from the course as sources is expected and encouraged. Where used, you must cite and provide references for these readings.
When using Security and Privacy controls from NIST SP 800-53, you must use the exact numbering and names (titles) when referring to those controls. This information does not need to be treated as quotations. You may paraphrase or quote from the descriptions of the controls provided that you appropriately mark copied text (if any) and attach a citation for both quoted and paraphrased information.
Consult the grading rubric for specific content and formatting requirements for this assignment.
All work submitted to the Assignment Folder will be scanned by the Turn It In service. We use this service to help identify areas for improvement in student writing.

Table 1. Information Usage Profile for [company]

Category of Information

Description of the Information Asset(s)

Sensitivity of the Information

How is this information used or processed?

IT Assets using or storing this information

Table 2. Approved Companies List.

Company

Investor Relations Website

Form 10K

1. Walmart

https://stock.walmart.com/investors/default.aspx

https://d18rn0p25nwr6d.cloudfront.net/CIK-00001041…

2. Amazon

https://ir.aboutamazon.com/overview/default.aspx

https://d18rn0p25nwr6d.cloudfront.net/CIK-00010187…

3. Apple

https://investor.apple.com/investor-relations/defa…

https://d18rn0p25nwr6d.cloudfront.net/CIK-00003201…

4. CVS Health

http://cvs2018ir.q4web.com/investors/default.aspx

http://d18rn0p25nwr6d.cloudfront.net/CIK-000006480…

5. UnitedHealth Group

https://www.unitedhealthgroup.com/investors.html

https://www.unitedhealthgroup.com/content/dam/UHG/…

6. Berkshire Hathaway

https://www.berkshirehathaway.com/

https://www.berkshirehathaway.com/2021ar/202110-k….

7. McKesson

https://investor.mckesson.com/overview/default.asp…

https://d18rn0p25nwr6d.cloudfront.net/CIK-00009276…

8. AmerisourceBergen

https://investor.amerisourcebergen.com/overview/de…

https://s27.q4cdn.com/189772748/files/doc_financia…

9. Alphabet

https://abc.xyz/investor/

https://abc.xyz/investor/static/pdf/20220202_alpha…

10. Exxon Mobil

https://corporate.exxonmobil.com/Investors/Investo…

https://ir.exxonmobil.com/static-files/73aca83c-e6…

11. AT&T

https://investors.att.com/

https://otp.tools.investis.com/clients/us/atnt2/se…

12. Costco Wholesale

https://investor.costco.com/

https://investor.costco.com/static-files/726b9fb1-…

13. Cigna

https://investors.cigna.com/home/default.aspx

https://d18rn0p25nwr6d.cloudfront.net/CIK-00017399…

14. Cardinal Health

https://ir.cardinalhealth.com/Home/

https://d18rn0p25nwr6d.cloudfront.net/CIK-00007213…

15. Microsoft

https://www.microsoft.com/en-us/investor

https://microsoft.gcs-web.com/static-files/0a2b852…

---

Unformatted Attachment Preview

INFA 610 Foundations of Information Security and Assurance
Project 1 – Company Overview
Description
For this project, you will develop a company profile for a Fortune 500, publicly traded company which
uses Information Technology to conduct it business operations. Fortune 500 companies almost always
have a significant presence in cyberspace and therefore have a need to protect their information,
information systems, and information infrastructures from threats and attacks which could originate
from anywhere in the world.
You will use the same company for Projects #2, #3, and #4 so, it may be worth your time to
review those project description files AND information about multiple companies before
deciding which company you will focus on. Project #2 is an IT-focused Risk Assessment for your
selected company. Project #3 is an IT-focused Risk Management Strategy for the company.
Project #4 is a Privacy-focused Compliance Analysis.
A list of approved companies (those ranking 1-15 in the CY 2021 Fortune 500) appears at the end of this
assignment description file (see Table 2). If you wish to use a company not on the approved list, you
must first obtain the approval of your instructor. Alternate companies must be in the Fortune 500 and
must be publicly traded on one or more of the US-based stock exchanges. The current Fortune 500 List is
here: https://fortune.com/fortune500/
Research
1. Chose a company from the table provided at the end of this assignment file. Locate its public
website and review how the company presents itself to customers and the general public.
2. Review the company’s Investor Relations website. Compare how it represents itself to investors
and shareholders as compared to how it presents itself on its customer-facing website. The link
to the Investor Relations website is provided in the table at the end of this file.
3. Review Section 1 of the company’s Form 10-K Annual Report to Investors to learn about how the
company presents itself to investors and shareholders. The link to the Form 10-K is provided in
the table at the end of this assignment file.
Retrieve the Hoovers profile for your selected company. The base URL for Hoovers is
http://ezproxy.umgc.edu/login?url=http://www.mergentonline.com/Hoovers You will need to
login to the library using your UMGC SSO login credentials.
a. Enter the company name in the Search bar at the top of the window and then click the
search icon.
Copyright © 2022 by University of Maryland Global Campus. All rights reserved.
INFA 610 Foundations of Information Security and Assurance
b. Browse the company profile using the menu on the left.
4. Read and analyze the Company Summary, Company Description, and Company History as
presented in the Hoovers profile. Browse through additional sections in the profile to develop
an understanding of the company, its products and services, and the geo-political environments
in which it operates. Who are its customers? What does it sell (or how does it make money)?
What laws and regulatory bodies is it subject to?
Analyze the Company’s Use of Information and IT
Note: You do not need to be precise or exacting in your analysis for this section. It will be sufficient that
you identify general categories of information and IT that the company relies upon for its business
operations.
1. Review Chapter 2 in (ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide.
https://go.oreilly.com/umgc/https://learning.oreilly.com/library/view/isc-2-sscpsystems/9781119854982/
2. Read the following sections in CIPM Certified Information Privacy Manager All-in-One Exam
Guide: Appendix A. https://go.oreilly.com/umgc/https://learning.oreilly.com/library/view/cipmcertified-information/9781260474107/
Copyright © 2022 by University of Maryland Global Campus. All rights reserved.
INFA 610 Foundations of Information Security and Assurance
a. Factor Analysis of Information Risk
b. Asset Identification
c. Hardware Assets
d. Subsystem & Software Assets
e. Cloud-based Information Assets
f. Virtual Assets
g. Information Assets
h. Asset Classification
i. Data Classification
3. Identify 3 or more additional sources of information about the company and how it uses
information and Information Technologies to conduct its business operations. These sources can
be news articles, articles in industry or trade journals, data breach reports, etc.
4. Using your readings and research, develop an information usage profile for your company. Your
goal is to identify categories of information that need to be protected against losses of
confidentiality, integrity, and availability. Your profile should contain 10 (acceptable) – 15
(excellent) distinct categories of information. You may use the example table shown below or
create one of your own design. Your profile should address the following:
a. What types of information does this company collect, process, transmit, and store as
part of its business operations?
b. What types of Information Technologies does this company use to accomplish its
business objectives? What types of information are required to operate these systems?
c. Does this company use Operational Technologies (e.g., robots and control systems used
in manufacturing or for other types of device controls)? What types of information are
required for these systems?
d. Summarize the company’s Information Use & Protection Requirements. What is the
sensitivity level of the information? What would be the potential impacts of attacks
causing loss of confidentiality, integrity, and/or availability both for single incidents and
over time.
Table 1. Information Usage Profile (sample)
Category of
Information
Description of the
Information Asset(s)
Sensitivity of the
Information
How is this
information used or
processed?
IT Assets using
or storing this
information
Customer
Records
Name, address, order
history (products or
services purchased),
payment information.
Confidential
Fulfill orders, pre &
post-sales support.
Customer
Relationship
Management
System;
Copyright © 2022 by University of Maryland Global Campus. All rights reserved.
INFA 610 Foundations of Information Security and Assurance
Ordering
System.
Product
Design
Templates
Design templates used
by 3-D printers to
create products.
Trade Secrets
Used by operational
technologies during
manufacturing
processes (3-D
printers).
Manufacturing
database
servers; 3-D
printers.
Employee
Records
Employment records
for the company’s
employees.
Confidential (PII
data; may contain
HIPAA data).
Used by managers
and HR for internal
business processes.
HR
Information
System
(database &
reports
generation).
Write
1. An introduction section which identifies the company being discussed and provides a brief
introduction to the company. Your introduction should also provide the reader with an
explanation of the purpose of this deliverable (the “Company Profile”) and the information that
will be presented herein.
2. A separate analysis section which provides an overview of the company’s operations and
establishes the context for the risk analysis and risk strategy which you will construct in Projects
#2 and #3. You should synthesize information from the Hoovers profile, the company’s website,
and additional information from your own research to generate your own profile of the
company. At a minimum you should identify the company and cover the following basic
information: when it was founded, by whom, major products or services provided by the
company, significant events in the company’s history, and the geo-political environment in
which it operates. Additional useful information could include headquarters location, additional
operating locations, key personnel, primary types of business activities and locations, major
competitors, stock information (including ticker symbol or NASDAQ code), recent financial
performance, etc.
3. A separate analysis section in which you describe this company’s use of information and
information technologies to conduct its business operations. What information and/or business
operations need to be protected against losses of confidentiality, integrity, and/or availability?
Include and explain the Information Usage Profile you constructed as part of your analysis of the
company. (Include Table 1 at the end of this section. A blank template for Table 1 appears at the
end of this file.)
Copyright © 2022 by University of Maryland Global Campus. All rights reserved.
INFA 610 Foundations of Information Security and Assurance
4. A closing (summary) section which briefly summarizes your research and analysis regarding the
company, its operations, and the information assets which it depends upon.
Submit Your Work for Grading and Feedback
Before you submit your work, check the rubric (displayed in the Assignment Folder entry) to make sure
that you have covered all required content including citations and references.
Submit your work in MS Word format (.docx or .doc file) using the Project #1 Assignment in your
assignment folder. (Attach the file.)
Additional Information
1. Your 5 to 8 page Company Profile should be professional in appearance with consistent use of
fonts, font sizes, colors, margins, etc. You should use headings and sub-headings to organize
your paper. Use headings which correspond to the content rows in the rubric – this will make it
easier for your instructor to find required content elements and will help you ensure that you
have covered all required sections and content in your paper.
2. The stated page length is a recommendation based upon the content requirements of the
assignment. All pages submitted will be graded but, for the highest grades, your work must be
clear, concise, and accurate. Exceeding the recommended length will not necessarily result in a
higher grade. Shorter submissions may not fully meet the content requirements resulting in a
lower grade.
3. The INFA program requires that graduate students follow standard APA style guidance for both
formatting and citing/reference sources. Your file submission must be in MS Word format
(.docx). PDF, ODF, and other types of files are not acceptable.
4. You must include a cover page with the course, the assignment title, your name, your
instructor’s name, and the due date. Your reference list must be on a separate page at the end
of your file. These pages do not count towards the assignment’s minimum page count.
5. You are expected to write grammatically correct English in every assignment that you submit for
grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c)
verifying that your punctuation is correct and (d) reviewing your work for correct word usage
and correctly structured sentences and paragraphs.
6. You are expected to credit your sources using in-text citations and reference list entries. Both
your citations and your reference list entries must follow APA Style guidance. Use of required
readings from the course as sources is expected and encouraged. Where used, you must cite
and provide references for these readings.
Copyright © 2022 by University of Maryland Global Campus. All rights reserved.
INFA 610 Foundations of Information Security and Assurance
7. When using Security and Privacy controls from NIST SP 800-53, you must use the exact
numbering and names (titles) when referring to those controls. This information does not need
to be treated as quotations. You may paraphrase or quote from the descriptions of the controls
provided that you appropriately mark copied text (if any) and attach a citation for both quoted
and paraphrased information.
8. Consult the grading rubric for specific content and formatting requirements for this assignment.
9. All work submitted to the Assignment Folder will be scanned by the Turn It In service. We use
this service to help identify areas for improvement in student writing.
Copyright © 2022 by University of Maryland Global Campus. All rights reserved.
INFA 610 Foundations of Information Security and Assurance
Table 1. Information Usage Profile for [company]
Category of
Information
Description of the
Information Asset(s)
Sensitivity of the
Information
How is this
information used or
processed?
IT Assets using
or storing this
information
Table 2. Approved Companies List.
Company
Investor Relations
Website
Form 10K
1. Walmart
https://stock.walmart.co
m/investors/default.aspx
https://d18rn0p25nwr6d.cloudfront.net/CIK0000104169/c68fb8be-2602-4f2a-aee0-261b4f04b970.pdf
2. Amazon
https://ir.aboutamazon.c
om/overview/default.asp
x
https://d18rn0p25nwr6d.cloudfront.net/CIK0001018724/f965e5c3-fded-45d3-bbdb-f750f156dcc9.pdf
3. Apple
https://investor.apple.co
m/investorrelations/default.aspx
https://d18rn0p25nwr6d.cloudfront.net/CIK0000320193/42ede86f-6518-450f-bc88-60211bf39c6d.pdf
Copyright © 2022 by University of Maryland Global Campus. All rights reserved.
INFA 610 Foundations of Information Security and Assurance
4. CVS Health
http://cvs2018ir.q4web.c
om/investors/default.asp
x
http://d18rn0p25nwr6d.cloudfront.net/CIK0000064803/d06cfa07-b8f8-49c0-9f5c-552a41b68e5d.pdf
5. UnitedHealth
Group
https://www.unitedhealt
hgroup.com/investors.ht
ml
https://www.unitedhealthgroup.com/content/dam/UHG/P
DF/investors/2021/UNH-Q4-2021-Form-10-K.pdf
6. Berkshire
Hathaway
https://www.berkshireha
thaway.com/
https://www.berkshirehathaway.com/2021ar/202110-k.pdf
7. McKesson
https://investor.mckesso
n.com/overview/default.
aspx
https://d18rn0p25nwr6d.cloudfront.net/CIK0000927653/6ef22e31-cd85-48b6-a3f1-f5e49beea6e6.pdf
8.
AmerisourceBergen
https://investor.amerisou
rcebergen.com/overview
/default.aspx
https://s27.q4cdn.com/189772748/files/doc_financials/202
1/ar/b47c1896-508a-4d81-9922-ccbd19d08da6.pdf
9. Alphabet
https://abc.xyz/investor/
https://abc.xyz/investor/static/pdf/20220202_alphabet_10
K.pdf?cache=fc81690
10. Exxon Mobil
https://corporate.exxon
mobil.com/Investors/Inve
stor-relations
https://ir.exxonmobil.com/static-files/73aca83c-e65f-42ec9a13-a7b04a302b7f
11. AT&T
https://investors.att.com
/
https://otp.tools.investis.com/clients/us/atnt2/sec/secshow.aspx?FilingId=15576872&Cik=0000732717&Type=PDF
&hasPdf=1
12. Costco
Wholesale
https://investor.costco.co
m/
https://investor.costco.com/static-files/726b9fb1-793346df-a6de-5b4eb95816c7
13. Cigna
https://investors.cigna.co
m/home/default.aspx
https://d18rn0p25nwr6d.cloudfront.net/CIK0001739940/ccfa22e8-0ba7-4f44-b01e-0b441829769b.pdf
14. Cardinal Health
https://ir.cardinalhealth.c
om/Home/
https://d18rn0p25nwr6d.cloudfront.net/CIK0000721371/7b1e4511-f728-4423-b557-a23766ff6ab1.pdf
15. Microsoft
https://www.microsoft.c
om/en-us/investor
https://microsoft.gcs-web.com/static-files/0a2b8528-fb8b4d11-8da2-fd9fa988a155
Copyright © 2022 by University of Maryland Global Campus. All rights reserved.

Purchase answer to see full
attachment