The task: Perform an “inventory” of the organization from which to establish what is meaningful about the organization for a future threat/vulnerability/risk assessment.
Provide insight into the organization (“Establish the Context”). The context should inform the reader a bit about the organization, who they are, what they do, services they provide that are relevant to an information security risk assessment. They may have more than one. Amazon has multiple business lines, right? It provides cloud compute subscription services. It has it’s online commerce platform for independent retailers. It has an ordering fulfillment capability and the automation for that. It has logistical infrastructure of planes, semis, trucks. It has the IT that manages package tracking and delivery. Just be thoughtful on how you distinguish it. Making a deal that Wells Fargo provides online banking that is extremely distinct of the banking from online loan servicing is probably NOT what I am looking for. But, to indicate that they provide a platform for consumers to conduct multiple financial transactions online, such as banking, car loan management, and mortgage servicing is relevant.
Then you need to address and describe other aspects of the organization that are included in an inventory of an organization. This includes, but is not limited to, security organization, primary IT systems, third-parties, etc.
I have provided a sample in Module 2 for a fictitious company. I suspect some of the aspects of the inventory you will do will have to be fabricated as you won’t know those aspects.
Writing is to be submitted in APA format. Data that is extracted from external resources and used in your document must be referenced both inline and at the end. Double space. 5-8 page