Paper for information security and risk management


After reviewing the slides for the final paper and / or listening to the lecture, compile your final paper.

Be sure to apply what you have learned to the scenario

Using APA format, write the final Risk Management Paper for CarVend Sales

Please pay attention to the SafeAssign score. If the items highlighted are not just the references, make sure you cite your sources!

The paper must contain

· Executive Summary

· Overview of the company

· Explanation of the IT network (refer to the diagram in PPT)

· Risk Assessment

· Identify assets and Activities to be protected

· Identity threats, vulnerabilities and exploits

· Risk Mitigation



· DRP and CIRT

· How your plan protects the company overall


•Write paper in sections

•Understand the company

•Find similar situations

•Research and apply possible solutions

•Research and find other issues

Based on this information you have to do paper:

•You are an Information Technology (IT) intern

•CarVend Sales Inc. 

•Specializes in online and vending machine sales of new and used cars

•Headquartered in Seattle, Washington

•Three other locations

•Portland Oregon

•Phoenix, Arizona

•Los Angeles, California

•Over 1000 employees

•$750 million USD annual revenue

•Each location is near a data center

•Managed by a third party vendor

•Production centers located at the data centers.

•CarVend Sales

•Handles customer purchases, trades and returns

•Online sales

•Small car lots

•CarVend Finance

•Web Portal to qualify customers for purchases 

•Accepts various payment methods including debit, credit cards and loan financing

•CarVend Delivery

•Vendors who deliver cars to buyers homes

•Vendors that deliver to vending machines

•Four corporate data centers

•Over 1000 data severs

•700 corporate laptops

•Mobile devices such as tablets in vendor delivery trucks

•Networked vending machines

•Current risk assessment was done quickly when the company was founded

•Your assignment is to create a new one

•Additional threats may be found during re-evaluation

•No budget has been set on the project.

•Loss of company data due to hardware being removed from production systems

•Loss of company information on lost or stolen company-owned or vendor assets, such as mobile devices and laptops

•Loss of customers due to production outages caused by various events, such as natural disasters, change management, unstable software, and so on

•Internet threats due to company products being accessible on the Internet

•Insider threats

•Changes in regulatory landscape that may impact operations