P11a1 Apple E-Commerce Risk Management Strategy PDF

Preview

Summary

Download P11a1 Apple E-Commerce Risk Management Strategy PDF

Description

IT Risk Management Advisory Part III: e-Commerce Risk Management Strategy for Apple Inc. Executive Summary Risk Management Profile Risk Profile Table Acquisition Forecast

Prepared for: University of Maryland Global Campus Prepared by: Jamie Moretz I. Executive Summary A. Summary

2 Apple, Inc. is a multinational company, headquartered in Cupertino, California, that, since 1977, designs and develops consumer electronics, personal computers, as well as computer software. Over the last four decades of the company’s existence, Apple has made several revolutions to personal computing and electronics in general, much due to the visions of (late) CEO Steve Jobbs. Such iconic gadgets, software, and services include: Apple II, Lucy, Macintosh, iPod, Nano, iPad, Apple Watch, Aperture, iTunes, iStudio, and iBooks Author. These products cannot compete with the best-seller, the iPhone. Apple’s iPhone generates over 60% of its sales worldwide. A 12-member Board of Directors oversees Apple’s investments and strategies. Notable members include Al Gore and current CEO, Tim Cook. Apple’s revenue generated in 2019 exceeds $260 billion, and its market capitalization is $1.2 trillion (Craft). According to the Securities and Exchange Report, as of October 26, 2018, Apple Inc. had 4.74 billion shares of common stock issued to its shareholders

B. Detailed Historical Overview In 1977, a year after founding Apple Computer, Inc.[now Apple Inc.], Steve Jobs and Steve Wozniak revolutionized personal computing with their invention of the Apple II. In the course of a three-year time span after Apple II’s creation, the company boomed. According to Richardson and Terrell (2008), sales surged from $7.8 million to $117 million, largely due to the first-ever colored-graphics in computing. Amidst the successful rise of the company in the early 1980s, Apple Inc. had a very turbulent history over a fifteen-year period, with plank holders and key personnel leaving, competition, and decline in sales. In 2000, Steve Jobs was re-hired as Apple Inc.’s CEO, beginning a new era for the company. Versifying her portfolio into portable media players, tablets, television, and cellular phones, the once-booming company in Silicon Valley returned to stardom with the invention of the iPod and iTunes in 2001(Stern, 2013). Even after founder Steve Jobs’ passing, the company continues to revolutionize products, namely the iPad, iPhone, and Apple Watch.

C. Detailed Business Profile Headquartered in Cupertino, California, forty miles south of San Francisco, Apple Inc. the company is advised by a 12-member Board of Directors. Such prominent individuals currently serving on the board include Al Gore, Ronald Sugar, Robert Iger, Tim Cook, and Aniket Singh, having formerly served as Vice President of the US, CEO of Northrop Grumman, CEO of Walt Disney Company, and industrial engineers at Apple Inc. respectively. Cook now serves as the company’s CEO; Singh serves as the Chief Industrial Engineer. Apple Inc. is a global corporation specializing in tablets, TV, electronic payment, but its primary business activities are in mobile devices with its best-seller, the iPhone, generating tens of billions of dollars annually since 2007. 60% of all the company’s sales are iPhone purchases. It boasts 14

3 satellite offices in 14 separate countries in Europe, Australia, and Asia, the majority of which are located in East Asia (Craft, 2019). Since the late 1980s Apple Inc.’s chief rival has been Microsoft. Newer competitors include Samsung, Dell, Sony, and Hewlett Packard (HP). Stock information: NASDAQ AAPL. Over the last year (2019), Apple Inc.’s stocks have soared to over 260 points and have fallen sharply to 142. Despite dropping over 100 points, the company shows no sign of collapse (NASDAQ, 2019). Revenue generated in 2019 exceeds $260 billion; its market capitalization is $1.2 trillion (Craft). According to the Securities and Exchange Report, as of October 26, 2018, Apple Inc. had 4.74 billion shares of common stock issued to its shareholders.

D. Detailed Summary of Annual Report Apple Inc.’s hardware and services specialize in innovation and simplicity. The iPhone, as mentioned before, is the company’s moneymaker, making up 60% of the total sales. Other products and services hover around 10-15%, with the Apple Watch and Home Pod achieving only 5% of total sales (D&B Hoovers, 2019).

Apple Sales in 2018

15.00% 3.00% 2.00%

10.00% 60.00%

Iphone iPad Mac Desktop & notebook Services (App Store, iCloud, Apple Music, Apple Pay) Apple Watch Home Pod

10.00%

With mobile devices, computers and notebooks, Apple Watches, and TVs each requiring both a specific Apple operating system (iOS) and routine updates, the company limits its full potential on the market, limiting access and interoperability to third-party products. This limitation, however, is Apple Inc.’s business strategy: to bring the best user experience to its customers

4 through its innovative hardware, software, and services (Zepeda, 2019).In order to meet this strategy, Zepeda writes, investing in research and development and sleek marketing and advertising campaigns are crucial elements (2019). Nearly half of Apple Inc.’s sales are made in the US, while a quarter is made in China, and 20% is made in Europe. In addition to its online stores, direct sales force, third-party cellular network carriers, the company boasts 500 Apple retail stores, located across 24 countries worldwide as reported by the Securities and Exchange Commission (2018). Serving a wide range of customers, Apple Inc. sells its products to average consumers, small and mid-sized companies, elementary, college, and university-level schools, as well as enterprise and government organizations.

E. Sources of Risk Although Apple is an IT company, that does not preclude her from being invincible to attack or threat. From Apple’s choice of location, there are natural hazards that could impact her business operations. Likewise, the threat of having intellectual property and consumer records compromised will also cause disruption. Defects in equipment, viruses, trojans, and other malware, too, can affect a large enterprise like Apple. A complete Risk Management profile, complete with identified risks and mitigation strategies are found in parts II and III of this assessment. Each risk must be addressed to avoid interruption of day-to-day business.

II. Risk Management Profile A. Identified Risks

5

Global Economic Decline: Should economic conditions worsen or collapse in regions where her satellite corporations are located, Apple’s customer base will also. Disruption of Third Parties. Decline or disruption of third parties, especially cellular carriers, is a major concern as 60% of the corporation’s sales are iPhones. Defects: Should Apple Inc. produce defective products or software and affect a large population of customers, loyalty and consumer base could decline (SEC, 2018). Theft or Loss of Intellectual Property: Apple Inc.’s investment in research and development keeps her ahead of the technological curve (SEC, 2018). Should any of her competitors compromise Apple’s IP (including designs, software, codes, etc.), production and deployment schedules could be pushed off course, costing the company huge profit margins. Legal Disputes: Legal proceedings and disputes could be detrimental for Apple Inc., especially should defective parts cause fatalities or bodily harm. Compromise of Confidential Information. Should a consumer’s or client’s personal or financial information become compromised due to unauthorized access, the potential for loss in sales and increased expenses for legal cases, equipment, and for cybersecurity “cleanup crews.” Natural Hazards. Ensuring Apple’s corporate headquarters, manufacturing centers, as well as stores are placed in areas where few natural hazards exist, if unable, constructed safely to withstand a natural hazard should they occur. Loss or Unauthorized Access of Data: Security breaches occur every day from all corners of the globe. Cybercriminals do not have to have distinguished degrees to be able to hack into one’s network. Outdated Security Policies. Ensuring security policies are legit, up-to-date, and rehearsed is essential for Apple’s success and response to breaches and cyberthreats. Virus and Malware Protection. A large enterprise like Apple must ensure her endpoints are protected. Virus updates should be regularly downloaded and deployed across all devices.

B. Mitigated Strategies

6 Global Economic Decline: Observing economic changes worldwide, especially satellite offices will better prepare logistics and operations. Disruption of Third Parties. Regular meetings with stakeholders to determine which (if any) contracts for external businesses should be discussed based on their [Third Party] profits and business history. Defects: Robust Quality Control and Quality Assurance programs will mitigate defective products and services. Theft or Loss of Intellectual Property: Initiating disclosure statements for all employees to protect IP will take place at time of hiring, termination for employees and at the time of signing for contracts. Legal Disputes: Ensuring Apple stores are equipped to provide large-volume technical support. Corporate stores should have a plan for mass-recalls and spare parts. Compromise of Confidential Information. Access of information should require Two-Factor Authentication, and all employees will be trained on record handling procedures. Natural Hazards. Surveys regarding geologic and natural hazards, critical infrastructure, and assessments should be completed at least annually to ensure people and structures are wellequipped to deal with any disasters should they occur Loss or Unauthorized Access of Data: Encryption software and equipment provide protection against data access by unauthorized personnel. Outdated Security Policies. Security policies will be reviewed and rehearsals should be conducted regularly to ensure staff and key personnel understand their responsibilities. Virus and Malware Protection. Up-to-date virus protection is the best protection.

III. Risk Profile Table A. Introduction

7

The Risk Profile Table (RPT) is a matrix that contains the following: Risk identifier, usually a number to separate it from other risks Risk Mitigation strategy Logistics to implement (products and services) NIST Cybersecurity Framework Category Sub Category identifier and a description. The RPT is crucial in not only identifying risks and mitigating them, as well as prioritizing the risk, but also serves as a checklist for designated employees to correct or coordinate implementation. Some of the logistics required to implement the risk mitigation strategy includes websites, tools, and software. The World Bank and IHS International are great websites to monitor global and domestic economic trends. DuraTool and Fluke lead the industry in tools and testing and diagnostics equipment. There are basic tools that should be in any electronic technician’s kit. Adobe Acrobat is a must-to-have tool to scan documents and lock them from being edited. Duo Security allows for two factor authentication (2FA), as well as multifactor authentication. NIST’s Cybersecurity Framework, specifically COBIT 5.0 is the most recent framework serving to protect critical infrastructure. An anti-virus application, such as Symantec, is essential for securing the endpoints of a small medium business or a large enterprise.

B. Risk Profile Table Risk ID

Risk

Risk Mitigation Strategy

Implementation: Required

NIST Cybersecurity

Sub-Category Description

8 (description)

Technologies, Products, or Services

Framework Category and Sub Category Identifier (e.g. ID.AM-1) ID.RM-3

001

Global Economic Decline will also cause a reduction in the amount of products and services sold

Observing economic changes worldwide, especially satellite offices will better prepare logistics and operations

Subscribe to (1-2) World Bank Fiscal Space Data and Space Commodity websites & (3) IHS Market Global Economic Data websites

002

Disruption in third-party businesses could affect Apple products and services

Risk management processes are established, managed, and agreed to by organizational stakeholders

Defective products or software could affect consumer base, decreasing profits

Subscribe to (1-2) World Bank Fiscal Space Data (2) Space Commodity (3) Microeconomic Data websites (1) Micro repair kits by Duratool (2) Fluke CIQ testing and diagnostics equipment

ID.RM-1

003

Regular meetings with stakeholders to determine which (if any) contracts for external businesses should be kept Robust Quality Control and Quality Assurance programs will mitigate defective products and services

PR.MA-1

Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools

004

Theft or loss of intellectual property could disrupt development & production costing the company huge profit margins

Initiating disclosure statements for all employees to protect IP will take place at time of hiring, termination for employees and at the time of signing for contracts

All documents will be scanned and filed for a period of 10 years using Adobe Acrobat Professional

PR.AT.1

All users are informed and trained

005

Legal

Ensuring Apple

All Apple stores

PR.MA-1

Maintenance and repair of

The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis

9 proceedings and disputes could be detrimental should defective parts cause bodily harm

stores are equipped to provide largevolume technical support. Corporate stores should have a plan for massrecalls Access of information will require TwoFactor Authentication. Employees will be trained on record handling Surveys regarding geologic and natural disasters, critical infrastructure, and assessments should be completed at least annually Encryption software and equipment provide protection

006

Compromise of customer personal and financial information

007

Damaging natural disasters to corporate locations

008

Security breaches in network

009

Out-of-date or unfamiliar security policy

Security policies will be reviewed and rehearsals will be conducted regularly

010

Malware infection

Up-to-date virus protection

will have (1) Micro repair kits by Duratool (2) Fluke CIQ testing and diagnostics equipment

organizational assets is performed and logged in a timely manner, with approved and controlled tools

Purchase Duo Security multifactor authentication software or subscriptions

PR.DS-1

Data-at-rest is protected

Each Apple office will contract a geologic, critical infrastructure, vulnerability assessor and identify all hazards & risk mitigation strategies Implement security at the Transport Layer & ensure all endpoints have encryption and security Research and implement a security framework based on the COBIT 5 framework Automatic updates to antivirus deployed daily

RS.AN-4

Incidents are categorized consistent with response plans

PR.DS-1

Data-at-rest is protected

PR.IP-7

Protection processes are continuously improved

DE.CM-4

Malicious code is detected

10

IV. Acquisition Forecast A. Products, Services, and Technologies to Mitigate Identified Risks Global Economic Decline: Subscribe to World Bank’s Fiscal Space Data and Space Commodity websites, as well as IHS International Market Global Economic Data websites. They each allow for up-to-the minute reports on global economy, as well as major businesses. Disruption of Third Parties. Subscribe to World Bank’s Fiscal Space Data and Space Commodity websites, as well as IHS International Market Global Economic Data websites. They each allow for up-to-the minute reports on global economy, as well as major businesses

WEB OWNER World Bank

WEBSITE

FEATURES

http://www.worldbank.org/en/research/brief/fiscal-space https://www.worldbank.org/en/research/commoditymarkets

IHS, Int’l

https://ihsmarkit.com/products/global-economic-data.html

COST

$0 -up-to-the minute reports on global economy as well as major businesses

Defects: Purchasing Micro repair kits and testing and diagnostics equipment is essential for technicians troubleshooting electronics. Legal Disputes: Legal proceedings and disputes could be detrimental for Apple Inc., especially should defective parts cause fatalities or bodily harm.

MANUFACTURER Duratool

DEVICE D00197 Tool Kit-Mini 26 piece set

FEATURES -assortment of small and medium-sized screwdrivers -plyers -tweezers

COST $9

Fluke

CIQ-Kit Testing & Diagnostic Kit

-tone generator -cable finder -AC/DC power tester

$2000

11 Virus and Malware Protection. Automatic updates to anti-virus deployed daily MANUFACTURER Symantec

SOFTWARE Endpoint Protection Platform

FEATURES -anti-malware software, -automatically blocks malicious traffic from the browser or corporate networks -the application collects data of suspicious activity, shares with a centralized database, and is shared with other users via a daily database update -graphical User Interface (GUI) allows ease of access, giving IT administrators the ability to create/modify policies. -incorporates AI to minimize wrongful assumptions of compromise -offers Data Protection and Backup -can be managed by Symantec Staff via Cloud Management

COST $4,000 annually

Theft or Loss of Intellectual Property: All documents will be scanned and filed for a period of 10 years using Adobe Acrobat Professional. MANUFACTURER Adobe

SOFTWARE Acrobat Professional

FEATURES -allows pdf documents to be locked, prohibiting edits -recognizes text in pdfs -converts files into word, images, etc.

COST $50/eac h license (2,000 required)

Total $100,000

Compromise of Confidential Information. Purchase Duo Security multi-factor authentication software or subscriptions. Loss or Unauthorized Access of Data: Security breaches occur every day from all corners of the globe. Cybercriminals do not have to have distinguished degrees to be able to hack into one’s network.

12 MANUFACTURER Duo

SOFTWARE Multi-Factor Authentication

FEATURES -allows 2FA or MFA

COST $8/each license per year (3,000 required)

Total $ 24,000

Natural Hazards. Each Apple office, manufacturing center, and store will contract a geologic, critical infrastructure, vulnerability assessor and identify all hazards & risk mitigation strategies Outdated Security Policies. Each Corporate and Satellite office will research and implement a security framework based on the COBIT 5 framework. Grand Total $ 126,009

13

V. Summary Apple is a large multinational company. Recently a Risk Management Survey was undertaken to assess the cyber threat. From geologic hazards to security breaches, several areas were highlighted as a concern. Ten mitigation strategies, complying with the National Institute of Standards and Technology’s Cybersecurity Framew...