Course Hero Logo

CSIA 350 Project 4 - Acquisition Risk Analysis - Copy.docx...

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 1 - 4 out of 7 pages.

Running head:ACQUISITION RISK ANALYSISProject 4 – Acquisition Risk AnalysisJune 23, 2019
ACQUISITION RISK ANALYSIS2IntroductionFounded in 1994, Amazon was a startup company that began out of a garage.Jeff Bezossold his first book in July of 1995.While the company got off of its feet by selling books, in1998, the company launched their online music store, gifts, and pharmacy markets[ CITATIONhtt \l 1033 ].Shortly after launching their new additions, Amazon began partnering with retailersto sell clothing.In 2018, Amazon cleared $285.22 billion in US retail sales which amounts to49.1% of all online retail spent in America, and 5% of all retail sales[ CITATION Lun18 \l1033 ].Amazon’s online store is the core of their business.This provides a solid foundation forAmazon’s other businesses and gives them the freedom to experiment with other services such asadvertising, Amazon prime, and Amazon Web ServicesFor any business that is solely based online, the need for security, compliance, and riskmanagement needs to be paramount. All three of the items listed require lots of time, training,and money to ensure these plans are in place. Amazon falls directly into the middle of all threeitems and is susceptible to risks and attacks.As outlined in the SEC Form 10-K, Amazonacknowledges several risks that could either cripple their business, or result in severe financialpenalties that would present irreparable harm to the company and its image.To combat these risks, Amazon will need to invest in several solutions to further enhancetheir security.The first solution to discuss is Carbon Black Endpoint Detection and Response(EDR).An EDR provides real-time response to combat malware and viruses.Endpoint andnetwork events are stored in a central database where further analysis, detection, investigation,reporting, and alerting take place[ CITATION ADE19 \l 1033 ].The next solution to discuss willbe IBM’s Identity and Access Management (IAM).An IAM defines and manages the roles and
ACQUISITION RISK ANALYSIS3access privileges of individual network users and the circumstances in which users are granted(or denied) those privileges[ CITATION Mar18 \l 1033 ].The last solution is Digital Guardian’sData Loss Prevention (DLP) which will address data leaks.This tool gives the fine-grainedcontrol to all company data by stopping all sensitive data from leaving the organization from thegreatest point of risk, the endpoint[ CITATION End \l 1033 ].Governance Frameworks & StandardsAll companies, including Amazon should implement policies and procedures.proceduresneed to make sure that the products and services acquired meet the company’s needs andrequirements and that they are not a waste and burden on the company’s budget. Just like any

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 7 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
N/A
Tags
PCI DSS, Payment Card Industry Data Security Standard

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture