Credible Attack Surfaces Of Enterprise

Using the internet, search for an enterprise company (i.e Amazon) that you feel follows this enterprise architecture and consider the implications of each function represented. For each function in this diagram, define the purpose and interaction with other function, give examples. Define and discuss credible attack surfaces for each function, if any. Does the function include interactions with third party systems? If so, should they be trusted at the same level as the internal systems. Discuss threat agents and what targets may be of interest.

Conceptual Sample Enterprise Architecture(attached Picture): Representations of the business functions and their interrelationships.

Project Report Instructions:

•Report should be no less than 10 pages of content.

•You need to include outside sources and properly cite and reference your sources.

•You must have at least 10 references, 5 of which must be scholarly peer-reviewed articles.

•In addition to the 10 pages of content, you will want a title page and a reference sheet.

•This report needs to be in proper APA format.

•All written reports should be submitted in MS Word.

•The paper submission will use SafeAssign.

•Please ensure to use the proper APA citations.

Report Format:

1) Title Page

2) Introduction of Company and brief background (Establish date, Location, what makes this company an enterprise, etc.) (Minimum 1 Page)

3) Company Architecture (What exactly does this company do…)

>Company Functions (define each function that relates to the company)

>Function Integration (how/if the functions integrate with other functions)

>Discuss Credible Attack Surfaces for the functions

>Discuss interactions with 3rd party systems and trust levels

>Discuss Threat agents and targets

4) Your thoughts/improvements/gaps, etc. (1 Page)

5) Conclusion (At least half Page)

6) References

Document must answer the following questions too:

1.Do presentation layers add an attack surface to the enterprise?

2.How about an eCommerce presence?

3.The supply chain will interact with an entire business ecosystem of many other organizations. Interactions will probably include both people and automated flows. Are these third parties to be trusted at the same level as the internal systems, such as content management or data analysis?

4.Going a step further, are there threat agents whose goals include the business data of the organization? If so, does that make the business analysis function or the content management systems targets of possible interest? Why?