INFA PROJECT 4 PRIVACY COMPLIANCE

For this project, you will leverage your research from Projects #1, #2, and #3 to develop a privacy compliance strategy for your chosen company. The deliverable for this project will be a Privacy Compliance Strategy that includes a legal and regulatory analysis for privacy laws and regulations. The scope for this project will be laws and regulations from the United States (federal and state) and the European Union.

IT Risk Analysis of Walmart: Cybersecurity Challenges and Mitigation Strategies

Name

Instructor

School

Date

IT Risk Analysis of Walmart: Cybersecurity Challenges and Mitigation Strategies

1. Introduction

Information about the company / Walmart Inc. is a global retail store that is established in Bentonville, Arkansas, and it has more than 10,500 stores in 19 countries (Mandiant, 2023). The Wal-Mart retail includes both offline and online purchasing facilities. fitted with an elaborate supply system and comprehensive support. Walmart leverages cloud, artificial intelligence, automated supply chain systems, POS, and customer relation management systems in order to create efficiency and an effective shopper experience. Such a large firm working in the technological field with a lot of reliance on IT definitely requires a comprehensive risk assessment of their network systems (Mandiant, 2023).

As the global giant goes through a digital evolution, the risks associated with cyberattacks are likely to affect Walmart in several ways, such as disrupting its operations, affecting its financial health, and harming its corporate image. The retail sector is especially vulnerable to hackers, virus attacks, internal threats, and fraudulent activities that can negatively affect the delivery of services while being financially and legally costly. Therefore, in order for Walmart to sustain loyalty and business, they have to safeguard customer information, payment methods, supply chain networks, and company information.

This paper aims at considering the key IT risks for Walmart and evaluating the effects of these threats as well as coming up with solutions to the threats. Risks resulting from the evaluation based on NIST SP 800-30 R1 guidelines are to be grouped according to external, internal, regulatory, and technological sources impacting Walmart’s business processes and its IT environment (NIST, 2

012

).

2. Additional Research on Walmart’s IT Operations

Company Business Overview

Walmart is one of the largest retail business organizations in the global market that has both physical stores and an online presence. Its business strategy is based on low costs, speed, and technology in its supply chain. It supplies various products for procurements: foods and groceries, electronics and appliances, fashion and clothing, and home and furniture, among other products, to millions of its clients on a daily basis.

For its massive operation the business uses various IT facilities, which are as follows:

Cloud Computing: Utilizes Microsoft Azure and its affiliated proprietary cloud solutions for the customer as well as the operation data storage and processing.

Artificial Intelligence (AI) & Machine Learning: Enhances inventory forecasting, customer personalization, and fraud detection.

Customer Relationship Management (CRM) Systems: Details of the customers’ communications with the firm, their purchases within the firm and their marketing choices.

Point-of-Sale (POS) Systems: Facilitates secure transactions across all retail locations and online. platforms.

Supply Chain Automation and IoT: Embodies technologies coined robotics integration, automated storage systems, and smart logistic monitoring (Walmart Inc., 2023).

Sources of Information

In this regard, the following sources were used in order to carry out the analysis:

Company’s Website: Give the needed understanding on the extent that Walmart has embraced technology in its operations (Walmart Inc., 2023).

Hoovers Profile:

Technology

in use, strengths and weaknesses, opportunities and threats: It contains all the information about Walmart, including a SWOT analysis—technologies in use (Hoovers, 2023).

Provide Walmart has officially declared IT risks, regulatory issues, and business exposures as outlined in the Information Form 10-K Report—Item 1.A Risk Factors (Walmart Inc., 2023).

Additional Sources:

The data-breached records document cybercrimes against Walmart or similarly positioned retailers.

News Articles: Covers emerging cyber threats and Walmart’s response strategies.

Retail IT Security: Offers an understanding of current challenges facing IT departments and systems administrators in the retail business (De Villiers Minnaar, et al 2023).

Key Information and Business Operations Needing Protection

1. Customer Data: It is well known that Walmart treats a vast number of customers’ personal payment and purchasing history info, making the company a sweet meat for hackers. This simply means that the loss of delicate information could result in identity theft, fraud, and loss of customer base (PCI Security Standards Council, 2023).

2. Supply Chain and Vendor Data: There was sensitive information such as pricing information and inventory. database of Walmart linked with its third-party suppliers and logistics network. A compromise of these systems could possibly affect its ability to provide products to its clients and carry out its financial transactions (Walmart Inc., 2023).

3. Employee Data: Payroll records, health information about employees, and records of employees at HR. The department should be protected from leakage, phishing, etc (Walmart Inc., 2023).

4. Recognitions Relating to Financial Matters: Credit card fraud, fraudulent transactions, and digital payment theft must be prevented through secure protection of the e-commerce platform as well as the POS system (Mandiant, 2023).

5. Data ownership—information concerning Walmart’s pricing structure, sales forecast, business intelligence models, and others is sensitive to industrial espionage and internal threats (Mandiant, 2023).

3. IT Security Analysis and Risk Assessment

Walmart’s Cybersecurity Needs

Since Walmart works all around the world and uses digital technologies extensively. The company needs to ensure that all customers’ transactions, supply chains, and internal information are secure. Key security requirements include:

E-commerce Security: Preventing fraud, identity theft, and unauthorized transactions.

Supply Chain Protection: Embracing and securing automated logistics and the Internet of Things devices and vendors.

Data Privacy Compliance: Managing and safeguarding the personal information of individuals as per the GDPR, PCI-DSS, and CCPA regulations to prevent the organization from fines and reputation loss.

The aim of
cloud security at Walmart is to avoid unauthorized access, data leaks, node, or service misconfigurations within the company’s cloud platforms.

Analysis of Cyber Threats

External Cyber Threats

Malware/Ransomware: This may involve attackers infecting the network and encrypted systems belonging to Walmart with a ransom note for decryption.

Phishing attacks: the members of staff may be tricked into clicking web links, which in turn leads to malware and login details compromise.

DDoS Attack

s: Selected botnet attacks may result in high traffic and attacks on Walmart’s online store, thus amounting to downtime and null revenue.

Insider Threat

Leman’s employees who have been granted privileges may also misuse their access or sneak out information from the company.

Laxity from workers can lead to risk introduction without the knowledge of the employees.

Supply Chain Risks

From this problem, it is clear that compromised vendors could compromise the company’s firewall and bring in backdoor vulnerabilities to Walmart’s IT system.

Writers also highlighted the risks of using IoT-connected warehouses and robotic automation. systems: Based on the second threat, it can be concluded that IoT-connected warehouses and robotic automation systems can be used to disrupt operations.

Regulatory and Compliance Risks

Breaches of these laws lead to lawsuits and, in some cases, possible government fines for non-compliance with GDPR, PCI-DSS, or CCPA (PCI Security Standards Council, 2023).

Vulnerabilities in Walmart’s Technologies

Cloud Computing—Microsoft Azure: Some risks associated with data include misconfigurations, data exposure, and insider threats.

AI and Machine Learning: Takes time, is biased, is vulnerable to data poisoning attacks, adversarial AI exploits, etc.

E-commerce platforms: Payment fraud, the most common risk that affects customers, SQL injections, and other attacks such as credential stuffing.

Point-of-Sale (mPOS) Systems: mPOS malware can steal payments from the customers in the shops.

IoT and Automation: One of the possibilities of hacking smart warehouse systems lay in disruption. of the track and trace of inventories and deliveries.

Recent Cyber Incidents Affecting Walmart or the Retail Industry

Walmart

Data Breach

(2021): Cybercriminals managed to infiltrate the company’s internal networks, posing a great threat to customers personal details (Walmart Inc., 2023).

Target Data Breach (2

013

): Learn from this case when hackers used the outlets of third parties to infiltrate the retail store and cart away millions of credit card details (Walmart Inc., 2023).

Cyber-hacking: Magecart used vulnerabilities in various checkout pages to steal consumers’ card information.

On the basis of these real-life incidents, Walmart needs to act adequately in order to protect itself from such assaults.

4. Risk Profile Table: Below you can find the risk profile table, which includes 700 words, including an explanation as well as the risk profile table itself.

Introduction to the Risk Profile

Walmart Being one of the largest companies with operations worldwide, it is imperative that it has various risks involved in its cybersecurity, which include the following: Every risk found is then categorized into its impact level, which ranges from low, medium, and high levels of impact.

Risk Profile Table (15+ Identified Risks)

High

Technology

High

Technology

High

People

Medium

Technology

Medium

Process

High

Process

High

Technology

Medium

Technology

Medium

People

Medium

Process

High

Technology

High

Risk ID

Risk Title

Description

Category

Impact Level

001

Data Breach

Unauthorized access to customer payment information.

Technology

High

002

Insider Threat

Employees exploiting access to steal company data.

People

003

Supply Chain Attack

Third-party vendors being compromised.

Process

004

Cloud Security Misconfiguration

Unsecured cloud storage leading to data exposure.

Medium

005

DDoS Attack

Cybercriminals overloading Walmart’s servers, causing downtime.

006

Ransomware Infection

Encryption of Walmart’s POS and financial systems.

007

Phishing Attacks

Employees tricked into revealing login credentials.

008

IoT Device Exploits

Automated warehouse systems compromised by attackers.

009

PCI-DSS Non-Compliance

Failure to meet payment security regulations.

010

E-commerce Fraud

Fake transactions and chargebacks harming revenue.

011

AI & Algorithm Bias

Walmart’s AI making discriminatory product recommendations.

012

Mobile App Vulnerabilities

Security flaws in Walmart’s digital payment system.

013

Data Center Intrusion

Physical security risks to Walmart’s IT infrastructure.

014

Incident Response Gaps

Delayed response to cybersecurity incidents.

015

Software Vulnerabilities

Unpatched software leading to security exploits.

Explanation of Key Risks

There are many IT security risks relevant to Walmart, which can be classified according to their exposure level and impact that can follow them. Being familiar with these risks will be helpful in designing the appropriate cybersecurity approach that will help in reducing the impact and meeting the compliance standards of the organization.

High-Priority Risks

Data Breaches—Walmart can deem itself lucky, though it is one of the largest retailers in the world. dealing with various customers, vendors, and financial information. Consecutively, if such information falls into the hands of attackers, then the company may suffer identity theft, financial fraud, regulatory fines, and, most importantly, the customer’s trust. Experiences of retail companies, such as the Target Corporation in the year 2013, also show the very disastrous effect of such an attack. Therefore, the solutions that are recommended for Walmart include the need for stronger encryption, improvement of the multi-factor authentication, and the implementation of the intrusion detection system.

Ransomware Attacks— Cybercrime, and more specifically ransomware, will be harmful to the Walmart POS. systems, databases, clouds, and their supply chain logistics. Hackers can gain access to important information and lock that information, thus paralyzing Walmart’s retail business by threatening to release sensitive information unless they are paid money. The attacks on Colonial Pipeline and Kaseya in particular show that such an incident is not only possible but highly disruptive. Some of the measures that need to be undertaken by Walmart include backup recovery solutions, endpoint security, and/or quick responses to this danger.

Insider Threats—Many individuals with privileged access to Walmart’s IT assets are bound to be a security threat because of their actions or lack of careful, responsible behavior. These are the insider threats that result from insiders’ intent in either extracting valuable information or, due to negligence, spilling a security breach. Among the protection methods, Walmart has to maintain access control. monitor the activities, and train employees on cybersecurity threats.

Supply Chain Attacks—Walmart is a company that acquires materials and services from third-party vendors, has logistics partners, and uses technology services providers. Many of which have access to or store data. Hacking into the third-party vendor can offer the attackers access to Walmart’s systems. Such an attack was the case in the SolarWinds cyber espionage attack. To minimize supply chain attacks, Walmart has to perform a security check on the vendors and ensure that they follow cybersecurity measures outlined in the approved frameworks.

Medium-Impact Risks Requiring Proactive Monitoring

Cloud Misconfigurations—In this era, Walmart deploys cloud computing more and more, and it is crucial. for Walmart to screen that data storage configurations are safe. There are losses associated with exposure to Personally Identifiable Information or specific customer data due to misconfiguration of cloud storage services. There is also a need for Walmart to consider conducting the security assessment regularly and implementing the IAM solutions based on identity.

AI and Algorithm Bias—Walmart employs the use of AI in inventory replenishment, promotions, and identifying fake reviews or sellers. Nevertheless, there can be two issues. Concerning AI and deep learning, namely, some systems are built based on certain biases or can be influenced by other biases from adversarial attacks. Pricing with a calculation based on the use of AI is one of the holy grails of markets; however, if the algorithm were to target undesired customer profiles, it would not only lead to a loss in income, but it would also be a legal problem that may damage the company’s reputation. AI in Walmart must have frequent checks for bias as well as the system for security breaches.

IoT and Warehouse Automation Risks—Walmart: These firm features IoT-enabled smart warehouses and self-service delivery. systems and robot consignment. This is because most IoT devices have poorly developed security measures and are easy to penetrate by hackers. This means that Walmart will have to patch firmware, implement capabilities of network segmentation, and regulate admissions of devices.

Using the Risk Profile for Cybersecurity Strategy

This tool can be helpful for Walmart in its risk management as it allows for setting priorities on the high-risk threats while at the same time having expertise in monitoring the identified risks. With People, Processes, and Technology, Walmart’s security team wants to offer different strategies that will mitigate the risk that is in each of these categories. Furthermore, this risk profile can be used to prioritize investment in cybersecurity technology and compliance as well as train personnel within the company.

5. Conclusion

Summary of Key Findings

The IT security threat at Walmart is immense since the company is a massive retailer, has fully implemented e-commerce, had sophisticated supply chain logistics, and accepted digital forms of payment. Huge outlets are the primary victims of cybercrimes through attacks in the payment segment, cloud systems, and supply chain management. The biggest threats that concern Walmart are data breaches, ransomware attacks, insider threats, and supply chain threats, which can lead to the loss of funds, the degradation of its reputation, and disruptions of business operations.

Walmart also has to keep track of the medium risks, like the improper configuration of cloud services, AI algorithm prejudice, cyber-security missed vulnerabilities in IoT, etc., to mitigate future threats. Concerning compliance, the GDPR, the PCI-DSS, and the CCPA continue to present a challenge to Walmart because the company must protect both data and transactions.

Impact of Risks on Business Operations

Financial repercussions—Such incidents cost thousands and millions of dollars in litigation and fines. and to correct the damages caused. For example, Target’s data breach in the year 2013 cost them 162 million US dollars in settlements. Walmart needs to spend more efforts so that such financial consequences can be averted in the future.

Reputational Damage—Arguably, violation of customer and vendor data will lead to reputational damage to Walmart in terms of lost sales, low stock price, and publicity. Ad hoc reporting of security incidents and transparency in security measures taken are important factors for any organization’s vision, particularly for the overall branding.

Operational Disruptions—refer to IT failures that affect the ability of Walmart to provide services and products to its consumers through its logistics, inventory, and online units. For instance, a ransomware attack on Walmart’s POS or e-commerce system could freeze its operation and cut transactions for millions of its customers, incurring proverbial multi-billion-dollar losses. To this end, Walmart has to undertake proper incident response and disaster recovery plans as a measure of protection.

Mitigation Strategies

Basing on the identified challenges in addressing the IT security risks in Walmart, the following mitigation strategies can and should be adopted:

Cybersecurity Investments—Walmart needs to invest in firewalls, intrusion detection and prevention, endpoint protection, and network monitoring to avoid cyber threats. AI technologies applied to threat intelligence can generate resolutions for real-time alerts on the existence of certain activities.

Employee Training & Awareness – In most cases, the employee tends to be the greatest vulnerability in the security structure of an organization. That is why Walmart should start using phishing awareness programs and strong passwords, then constantly monitor privileged access risks.

Third-Party Risk Management—Given supply chain risk, Walmart needs to demand a security assessment for its vendors. and insist on compliance with the set cybersecurity measures to minimize risks from third parties.

Incident Response & Disaster Recovery—Walmart should create an incident response program to enable proper handling. of cyber threats by a dedicated team. The actions, such as the automation of the backups of the data, the storage solutions immune to ransomware, and constant penetration tests, will ensure that Walmart is in a position to address such security breaches with efficiency and minimize the time it would take to restore the organization.

Future Considerations for Cybersecurity

Implementing Zero Trust Architecture—Every user request must be verified irrespective of them being internal or external in Walmart’s instance. This will minimize the incidence of inside attacks and unauthorized persons’ access.

Threat Identification through Artificial Intelligence—AI can be used by Walmart to identify threats such as abnormal network traffic, user behavior, and any peculiarities in the transaction activities. The use of artificial intelligence in combating fraud can help to minimize payment fraud before its occurrence (Walmart Inc., 2023).

Blockchain for Supply Chain Security – can help Walmart to promote the high level of security in the supply chain where the role of blockchain technology is to ensure the record of each transaction for supply chain supply and to have the proper verification methods for suppliers.

Final Thoughts

This paper is fundamentally important for Walmart, as it is one of the global retail giants and bears an increased risk to its numerous customers, supply chain, and IT systems security threats. The threats outlined in this report point to the fact that there should be constant enhancement of security measures, raising awareness among employees, and reporting of incidences of non-compliance more. Walmart should also pay attention to other relatively new solutions like AI for cybersecurity and the use of blockchain, as well as the zero-trust models.

The presented risk analysis offers Walmart a perfect plan on the actions that it needs to take in order to manage risks effectively and continue making its name as the ultimate retail powerhouse. It is important for Walmart to recognize its growing needs and effectively handle them for organizational credibility, legal requirements, and permanently effective cybersecurity for the organization as the world continues to shift towards digital environments.

References

De Villiers Minnaar, A. (2023). The scourge of ransomware: the cybercrime growth industry of the early 2020s. In
Cybercrime and Challenges in South Africa (pp. 107-136). Singapore: Springer Nature Singapore.

https://link.springer.com/chapter/10.1007/978-981-99-3057-9_5

Hoovers. (2023).
Walmart Inc. SWOT Analysis & Technologies in Use Report. Mergent Online.

http://www.mergentonline.com/Hoovers

Mandiant. (2023).
2023 M-Trends Report: Cybersecurity insights on evolving threats.

https://www.mandiant.com/resources/m-trends

National Institute of Standards and Technology (NIST). (2012).
Guide for conducting risk assessments (NIST Special Publication 800-30 Rev. 1). U.S. Department of Commerce.

https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final

PCI Security Standards Council. (2023).
Payment Card Industry Data Security Standard (PCI DSS) v4.0.

Official PCI Security Standards Council Site

Walmart Inc. (2023).
Annual Report 2023 (Form 10-K). U.S. Securities and Exchange Commission.

https://www.sec.gov/Archives/edgar/data/104169/000010416923000020/wmt-20230131.htm

Walmart Inc. (2023).
Investor Relations & Financial Reports. Walmart Corporate.

https://corporate.walmart.com/

Walmart: A Comprehensive Profile of Operations, Strategies, and Information Use

Nkengazong Sharon Tung

Jonathon Henderson

University of Maryland Global Campus

17 January 2025

Walmart: A Comprehensive Profile of Operations, Strategies, and Information Use

1. Introduction

Sam Walton set up Walmart Inc. in 1962, one of the world’s largest multinational retail corporations, headquartered in Bentonville, Arkansas. Walmart operates under the mission of “saving people money so they can live better,” a concept it has grown into a global leader through a variety of retail formats, including hypermarkets, discount department stores, and grocery stores. The company’s vision is to be a customer destination, focused on providing its wide array of affordable products and services to save them money and help them live better lives.

This document gives some information about how Walmart represents itself with customers and investors. In addition, it discusses how Walmart communicates with its diverse audience, what it uses IT for to communicate with its diverse audience, and how it safeguards sensitive data. Moreover, the analysis sets the foundation for further risk assessment and management strategies as it examines the way Walmart conducts its business and uses its technology and how none of it is likely to go away in a competitive global marketplace.

2. Company Overview and Context

Foundational Details

It was founded in Rogers, Arkansas, by Sam Walton in 1962, July 2, where his vision was to serve quality goods at low prices. In 1970, Walmart was a publicly traded company and could now grow nationally and internationally (Walmart Inc., 2023). Walmart, over the decades, has hit some milestones, including the introduction of its Supercentres in 1988, the introduction of e-commerce in the 2000s, and its continued push into global markets.

Business Operations

Walmart’s business relies on providing a wide supply of products and services, including groceries, electronic products, products for apparel, and home goods. Its retail operations are divided into three main segments:

Walmart U.S.: It is the largest segment dealing in domestic retail operations.

Walmart International: Their services are catered to customers in 19 different countries.

Sam’s Club: A membership only warehouse format.

Cultivated by the company, the market covers a geographic reach to countries like Canada, Mexico, China, South Africa, and more, and the company has exited certain markets (i.e., Germany and South Korea) due to operational challenges (Walmart Inc., 2023). Geopolitical factors like trade regulation, currency fluctuations, and international labor law make up such a large part of Walmart’s operations.

Market Position

The largest company in terms of number of stores managed is Walmart, headquartered in Bentonville, Arkansas, and with more than 10,500 stores all over the world (Walmart Inc., 2023). Walmart’s scale also brings it a competitive advantage by enabling a robust supply chain and advanced technology to negotiate to get better prices from suppliers and keep costs low for customers. Competitors include Amazon, Target, Costco, and others in relevant markets.

Walmart is still a Fortune 500 leader (ranked #1 in 2021), and financially, their numbers speak for themselves as well. It registered about $611 billion in annual revenue in 2023, making it one of the front runners in the retail world. WMT is the ticker symbol of the company whose stock trades on the New York Stock Exchange (Walmart Inc., 2023).

Significant Events

Walmart’s history is marked by significant events:

Acquisitions: In 2018, it strengthened its e-commerce position in emerging markets via its purchase of Flipkart in India (Walmart Inc., 2023).

Technological Innovations: Walmart+ (subscription service) introduction and automation in the supply chain operations.

Challenges: Corporate social responsibility issues, and more specifically labor practices and environmental impact, forced Walmart to do more robust corporate social responsibility initiatives, leaving them legally and reputationally at risk.

As it redefines retail through its resilience and adaptability. Walmart is responding to global challenges and customer needs.

3. Public vs. Investor Representations: Analysis

Public Website Analysis

Walmart’s public website provides a shopping platform that attracts customers through the presentation of its myriad product offers, promotions, and value-serving services. Slogans alluded toward their commitment to affordability—”Save Money. Live Better.” This includes the ability to seamlessly shop, personalized recommendations, and access to Walmart+, its subscription service that gives you free shipping and more member-exclusive deals. Sustainability initiatives and community contributions are called out, emphasizing Walmart’s environmental stewardship and corporate social responsibility values.

The style of the public site is approachable, customer-focused, and inclusive in tone. To instill trust and loyalty, we create vivid visuals and a user-friendly interface, based on their focus to serve the needs of their customers cost-effectively and in a timely focus.

Investor Relations Website Analysis

The Investor Relations (IR) website’s written tone is written for shareholders, analysts, and potential investors. Key aspects are financial and stock. performance data, corporate governance, and strategic updates. Walmart’s philosophy is very focused on long-term value creation, robust financial performance, and risk management strategy. Quarterly earnings, dividends, and investor meetings are always updated and form a base of transparency and credibility.

Key Contrasts

The public website is focused on customer satisfaction and brand loyalty, whereas the IR site is focused on Walmart’s financial stability and strategic growth plans and its market resilience. Emotionally engaging content is used from customers. sites; the IR site provides metrics, analytics, and forward-looking statements. But the dual platforms speak to Walmart’s ability to simultaneously push shareholder value while being customer-centric.

4. Insights from Form 10-K Annual Report

Corporate Representation

Walmart’s annual form 10-K offers insight into what its strategic goals are, its risk factors and its operational focus areas. It notes the company’s commitment to making quality items at low prices while still keeping operations great (Walmart Inc., 2023). The strategic initiatives are to expand e-commerce capabilities, improve supply chain efficiency and adopt sustainable practices. The risk factors such as global competition, regulatory compliance, and market volatility are described to alert stakeholders to the competition they may face.

Walmart’s investment is focused on the operational focus areas of technology and workforce developments and international markets, the hope being to maintain its number one position.

Investor Concerns

While Form 10-K deals with revenue growth, operating expenses, and profit margins. allow the investors to take a clear picture of the financial health of the company. Online sales growth in attention and attempts to cut costs by automating are also notable trends. Stated otherwise, forward-looking statements discuss future prospects in new markets and strategic acquisitions. Just like the other private companies, Walmart too provides companies the means to mitigate legal as well as financial risks by complying with the environmental, labor, and data privacy regulations (Walmart Inc., 2023).

Key Findings

Walmart, it argues, is a resilient and forward-looking enterprise well placed to maintain confidence from investors through transparency and strategic flexibility. Walmart says it is a proactive response to emerging risks in a highly competitive environment.

5. Walmart’s Use of Information and IT

Information Technology Usage

Advanced IT systems are used by Walmart to exploit its supply chain and continue improvement in e-commerce functionality and customer service. Automation and robotics-based supply chains and real-time tracking have been implemented to stay efficient and effective. Artificial intelligence (AI) and machine learning (ML) are also integrated by e-commerce platforms for such things as personalization in the shopping experience, inventory management, and demand forecasting.

Through cloud computing, Walmart has the ability to handle large-scale storage and analytics of data that enhance the scaling of decision-making and operations. With blockchain and mobile applications, storing a complete record of merchandise flow so that it can be viewed by anyone is enabled, and it also allows customers to follow their products through the web of manufacturers, distributors, retailers, and consumers.

Information Protection Needs

Key categories of sensitive information include:

Customer Records: Purchase history, payment detail, and personal data.

Vendor Data: Supplier agreements, pricing models, and performance metrics.

Employee Information: Payroll, Benefits, and Records HR.

IT Systems in Place

And Walmart uses secure cloud platforms, encrypted payment gateways, and strong cybersecurity. Its Customer Relationship Management (CRM) platform and the company’s own supply chain software are systems that are built to guarantee data integrity, confidentiality, and availability.

Information Usage Profile

Category of Information

Description of the Information Asset(s)

Sensitivity of the Information

How is this information used or processed?

IT Assets using or storing this information

Customer Records

Name, contact details, order history, payment information.

Confidential

Fulfilling orders, marketing, and customer support.

CRM system, ordering system, mobile apps.

Vendor Data

Supplier agreements, pricing details.

Trade Secret

Supply chain management, procurement.

Supply chain software, cloud databases.

Employee Records

Payroll, benefits, and HR details.

Confidential

HR processes, compliance, and performance tracking.

HRIS, payroll systems.

6. Summary and Conclusion

Walmart’s dual representation strategies work well for both customers and investors. For purposes of fostering customer trust through affordability, sustainability, and user engagement, the public website and the investor relations platform aim to raise performance and strategic planning. Form 10-K insights depict that Walmart has always promised to be transparent with all the stakeholders, the risk management, and growth opportunities.

It is IT that makes inventory costing as easy as clicking one drop-down window, which in turn is the driving force behind Walmart’s operational efficiency and market leadership. On the other hand, advanced technologies in supply chain management, e-commerce, and data analytics are playing their part in fulfilling expectations of customers, data security, and compliance with regulatory standards as well.

Finally, I conclude that Walmart secures its ongoing success by using information and IT. assets to meet globalization challenges. Sustainable growth and reduction of risks of confidentiality, integrity, and availability of its information assets depend on securing its information assets. The strategy is to make Walmart a resilient and innovative leader in the retail sector.

References

Walmart Inc. (2023).
2023 Annual Report.

https://corporate.walmart.com/content/dam/corporate/documents/newsroom/2023/04/20/walmart-releases-2023-annual-report-and-proxy-statement/walmart-inc-2023-annual-report

Walmart Inc. (2023).
Form 10-K Annual Report for the Fiscal Year Ended January 31, 2023.

https://www.sec.gov/Archives/edgar/data/104169/000010416923000020/wmt-20230131.htm

Walmart Inc. (2023).
Investor Relations.

https://stock.walmart.com/Home/default.aspx

Walmart Inc. (2023).
Stock Information.

https://stock.walmart.com/stock-information/default.aspx

Walmart Inc. (2023).
Walmart Releases 2023 Annual Report and Proxy Statement.

https://corporate.walmart.com/news/2023/04/20/walmart-releases-2023-annual-report-and-proxy-statement?cid=1wm-rep

Walmart Inc. (2023).
Financials – SEC Filings.

https://stock.walmart.com/financials/sec-filings/default.aspx

Walmart Inc. (2023).
Walmart Leadership To Participate in Upcoming Investor Events.

https://corporate.walmart.com/news/2023/08/23/walmart-leadership-to-participate-in-upcoming-investor-events

INFA 610 Foundations of Information Security and Assurance

Project 4 – Privacy Compliance Strategy

Description

Research

1. Begin your research by reviewing the privacy concepts and requirements presented in the (ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide (the course textbook).

2. Review your selected company’s Form 10-K to identify privacy related risks which the company disclosed to investors and shareholders. You will use these and additional privacy-related risks, identified through your readings and research, to construct a privacy compliance profile.

3. Read Chapters 1 and 2 of the NIST Privacy Framework: A tool for improving privacy through enterprise risk management.

https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.01162020

4. Review the Audit and Compliance control family in NIST SP 800-53 (section 3.3).

5. Review one or more reports written by privacy analysts about privacy issues affecting global businesses:

a. 2010 Ponemon Report:
How Global Organizations Approach the Challenge of Protecting Personal Data

https://www.ponemon.org/local/upload/file/ATC_DPP%20report_FINAL

b. 2019 Thomson Reuters GDPR Report
Business’ struggle with data privacy: Regulatory environment continues to evolve rapidly

https://legalsolutions.thomsonreuters.co.uk/blog/wp-content/uploads/sites/14/2019/12/Thomson-Reuters-GDPR-Report

c. 2021 blog from PrivacyPolicies.com
Global Privacy Laws Explained

https://www.privacypolicies.com/blog/global-privacy-laws-explained/

6. Review existing and proposed privacy legislation for U.S. jurisdictions (states): Association of Privacy Professionals (IAPP)

https://iapp.org/resources/article/us-state-privacy-legislation-tracker/

7. Review the privacy guidance for the European Union’s General Data Protection Regulation

https://gdpr.eu/

8. Review the Fact Sheet for the Trans-Atlantic Data Privacy Framework

https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/25/fact-sheet-united-states-and-european-commission-announce-trans-atlantic-data-privacy-framework/

9. Find and review additional authoritative sources which discuss (a) specific privacy-related legal or regulatory non-compliance events (lawsuits, fines, etc.) impacting large, global companies and (b) the business and financial impacts arising from compliance failures (violations) for privacy laws and regulations.

Analyze Privacy Compliance Issues, Risks, and Mitigations

1. Identify the five most important privacy issues which your chosen company must address as part of its enterprise risk management program. You should focus on strategic issues, e.g. lack of management support, lack of resources, rapidly changing external politico-legal privacy environment, lawsuits and fines arising from non-compliance, etc. For each issue, identify the legal and regulatory drivers from both the U.S. (federal and state) and the European Union.

2. Identify 10 or more privacy-related legal or regulatory compliance risks arising from your identified privacy issues. For each risk, identify the specific law or regulation that imposes privacy requirements upon your selected company. You may reuse privacy-related risks from your previous projects. Present your risks using the Table 1 template found at the end of this file.

3. For each identified compliance risk, identify one or more security controls (from NIST SP 800-53) which could be implemented to reduce or mitigate the compliance risk. Audit and Compliance Controls should be included in your mitigation profile. Remember that you need one or more controls that will be the audit targets. You may reuse work from your previous projects but you should make sure that the selected controls actually address mitigations for PRIVACY COMPLIANCE risks. If they do not, you must select controls which do address compliance. Enter this information into Table 2 found at the end of this file.

Write

1. An introduction section which identifies the company being discussed and provides a brief introduction to the company (you may reuse some of your narrative from Project #1 and/or Project #2). Your introduction should include a brief overview of the company’s business operations and include a description of the purpose and contents of this Privacy Compliance Strategy deliverable.

2. A separate analysis section (
Privacy Issues Impacting [company]) in which you present 10 or more Privacy Issues which you identified from your reading and research. For each issue, you should present your analysis of why this issue is important for your selected company. You should also discuss the legal and regulatory drivers which make this issue important for your company. What are the non-compliance risks associated with these issues? (Discuss at least 3.)

3. A separate analysis section (
Privacy Compliance Risk Profile) in which you present your privacy-related compliance risks. Provide an introductory paragraph that explains the relationship between the previously identified privacy issues and your privacy compliance risk profile. You should discuss the type of information presented in Table #1 Privacy Compliance Risk Profile (use the template at the end of this file – this is a different table than used in previous projects) and what sources were used to obtain this information. Your completed table should have 10 or more entries. Describe the process and documents used to construct Privacy Compliance Risk Profile. Place Table #1 at the end of this section (remember to delete the sample text).

4. A separate analysis section (
Privacy Compliance Controls Profile) in which you present your Privacy Compliance Controls Profile. Provide an introductory paragraph that explains the privacy compliance controls profile, e.g., what information is contained in the table and what sources were used to obtain this information. Describe the process and documents used to construct the Privacy Compliance Controls Profile. Your profile should have 10 or more rows entered into Table #2. Place Table #2 at the end of this section (remember to delete the sample text).

5. A separate section (
Privacy Compliance
Risk Mitigation Strategy) in which you present a high-level strategy for implementing the risk mitigations (security controls) presented earlier in this deliverable. This section should include a summary of the business problem (reduce privacy-related risks arising from legal and regulatory requirements for privacy protections), the general types of privacy-related risks to be mitigated (focus on the CIA triad and summarize the risks you previously identified), the timeframe for implementing each element of your strategy, and the benefits of implementing an enterprise strategy for reducing privacy-related compliance risks.

6. A separate
Recommendations and Conclusions section which provides a summary of the information contained in this deliverable and presents your concluding statements regarding the business need and business benefits which support implementing your
Privacy Compliance Risk Mitigation Strategy and the allocation of resources by the company.

Submit Your Work for Grading and Feedback

Before you submit your work, check the rubric (displayed in the Assignment Folder entry) to make sure that you have covered all required content including citations and references.

Submit your work in MS Word format ( x or file) using the Project #4 Assignment in your assignment folder. (Attach the file.)

Additional Information

1. Your 8 to 10 page deliverable should be professional in appearance with consistent use of fonts, font sizes, colors, margins, etc. You should use headings and sub-headings to organize your paper. Use headings which correspond to the content rows in the rubric – this will make it easier for your instructor to find required content elements and will help you ensure that you have covered all required sections and content in your paper.

2. The stated page length is a recommendation based upon the content requirements of the assignment. All pages submitted will be graded but, for the highest grades, your work must be clear, concise, and accurate. Exceeding the recommended length will not necessarily result in a higher grade. Shorter submissions may not fully meet the content requirements resulting in a lower grade.

3. The INFA program requires that graduate students follow standard APA style guidance for both formatting and citing/reference sources. Your file submission must be in MS Word format ( x). PDF, ODF, and other types of files are not acceptable.

4. You must include a cover page with the course, the assignment title, your name, your instructor’s name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s minimum page count.

5. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.

You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow APA Style guidance. Use of required readings from the course as sources is expected and encouraged. Where used, you must cite and provide references for these readings.

7. When using Security and Privacy controls from NIST SP 800-53, you must use the exact numbering and names (titles) when referring to those controls. This information does not need to be treated as quotations. You may paraphrase or quote from the descriptions of the controls provided that you appropriately mark copied text (if any) and attach a citation for both quoted and paraphrased information.

8. Consult the grading rubric for specific content and formatting requirements for this assignment.

9. All work submitted to the Assignment Folder will be scanned by the Turn It In service. We use this service to help identify areas for improvement in student writing.

Table 1. Privacy Compliance Risk Profile for [company]

Risk ID

Privacy Risk Title

Description

Risk Category

Impact Level

001

Unauthorized disclosure of privacy-related customer information.

Unauthorized disclosure or access to privacy-related customer data could result in non-compliance with [law], [law], [regulation: section].

People

Medium

002

003

004

005

006

007

008

009

010

Table 2. Privacy Compliance Controls Profile

Risk ID

Risk Title

Compliance Risk Mitigation Strategy

Security Controls

001

Unauthorized disclosure of privacy-related customer information.

Implementation of role-based access controls will reduce the compliance related risk arising from failure to control access to privacy-related customer information. Compliance will be improved by (a) auditing access and access permissions to ensure that least privilege is implemented and enforced and (b) review of audit records and external sources to detect unauthorized disclosures of privacy-related information.

AC-3 (7) Access Enforcement | Role Based Access Control; AC-3 (11) Access Enforcement | Restrict Access to Specific Information Types; AU-2 Event Logging; AU-6 Audit Record Review, Analysis, and Reporting; AU-13 Monitoring for information Disclosure

002

003

004

005

006

007

008

009

010

image1

Project 3 – Risk Mitigation Strategy

Description

For this project, you will leverage your research from Project #1 and analysis from Project #2 to develop a risk mitigation strategy for your chosen company. If necessary, you can adjust
your Information Usage Profile or your
Risk Profile using feedback from your instructor and additional information from your readings and research. The deliverable for this project will be a Risk Mitigation Strategy that includes a Security Controls Profile based upon the security and privacy controls catalog from NIST SP 800-53 Revision 5 and the security functions and identifiers from the NIST Cybersecurity Framework (CSF) Version 1.1.

· NIST SP 800-53

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5

· NIST CSF

https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018

Note: Table 2
Framework Core in Appendix A of the
NIST Cybersecurity Framework provides a cross-reference for each function/category/sub-category to the security and privacy controls from NIST SP 800-53.

Review Guidance for Information Security Functions & Controls

1. Review the
NIST Cybersecurity Framework with a particular focus on the Functions, Categories, and Sub-Categories. Consider how these functions can be employed to mitigate the risks you identified and documented in Project #2.

2. Review Chapter 2 in
Security and Privacy Controls for Information Systems and Organizations (NIST SP 800-53). Pay special attention to section 2.2 Control Structure and Organization.

3. Review Appendix A in the NIST CSF to identify security Functions/Categories/Sub-Categories which specifies risk mitigations which could be implemented to reduce or eliminate each risk listed in your
Risk Mitigation Strategy Controls Profile (Table 2).

Develop and Document Your Security Controls Profile

1. Review the sample security controls profile provided in Tables 1 & 2 at the end of this file. Use this sample to guide your security controls analysis and the formatting of your
Risk Mitigation Strategy Security Controls Profile. The sample entry in Table 2 was derived from the entry shown below (source: NIST CSF Appendix A Table 2
Framework Core).

2. Copy your Risk Profile (Table 1) from Project #2 into a new file (for your assignment submission). Then copy the
Risk Mitigation Strategy Security Controls Profile (Table #2) from this assignment file into your project submission file (place it after Table #1). Delete the sample text from Table #2.

3. Transfer the RISK ID and RISK TITLE columns from Table 1 into Table 2. This is how you will link your Risk Profile to your Risk Mitigation Strategy. You should have 15 or more risks related to the company’s business operations, use of the Internet, the company’s IT systems and infrastructures (including “technologies in use”), and the types and collections of information used by the company.

4. For each row in your Table 2 (
Risk Mitigation Strategy Security Controls Profile), choose a security function from the NIST CSF which could be implemented to mitigate the identified risk. Then, review the Category and Sub-Category information for that function. Choose one or more sub-categories and enter those into your table in the CSF Category ID column.

5. Using the Informative References provided in the NIST CSF Appendix A Table 2: Framework Core, identify 2 or 3 security controls which, if implemented, will serve to mitigate the specific risk listed in your risk profile.

6. Write a brief narrative description of the risk mitigation strategy for your identified risk. This strategy should derive from your selected security function and controls. Use the ABC hallmark for writing for executive audiences: accuracy, brevity, and clarity.

Develop Your Risk Mitigation Strategy

1. Review Chapter 1: The Business Case for Decision Assurance and Information Security in the
(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide (the course textbook). This resource will help you determine what information to include as part of your Risk Mitigation Strategy for your selected company. Another helpful resource for understanding what information should be included in your strategy is:

https://www.workfront.com/project-management/life-cycle/initiation/business-case

Note: this assignment does not require a full business case. You are not required to provide financial information, implementation plans, etc. Your presentation of your strategy should focus on these sections of a business case:

· Business problem or opportunity

· Benefits

· Risk

· Technical Solutions

· Timescale

· Impact on Operations

2. Identify
best practices for information security and reasons / justifications for allocating resources (people, money, technologies) to implement security controls
. You will find relevant best practices and justifications listed in the Executive Summaries and opening chapters of NIST SP 800-30, NIST SP 800-37, NIST SP 800-53, and the NIST Cybersecurity Framework. You may wish to discuss your recommendations in terms of timeframe for implementation: immediate, near-term (6 months?), medium term (12-18 months), within the next two years, etc. Keep in mind that there may need to be tradeoffs between time and money.

3. Organize your recommendations to formulate your Risk Mitigation Strategy. At a minimum, this section should include a summary of the business problem (reduce risks related to information and IT systems and infrastructures), the benefits of implementing security controls, the general types of risks to be mitigated (focus on the CIA triad), and the policy, processes, and technical solutions being recommended.

Write

1. An introduction section which provides a brief introduction to the company and the information / information technology risks that it faces (you may reuse some of your narrative from Project #1 and/or Project #2). Your introduction should include a brief overview of the company’s business operations. Follow this with a description of the purpose and contents of this Risk Mitigation Strategy deliverable.

2. A separate analysis section in which you present your
Risk Profile. Start with a summary of your
Risk Profile. You may reuse your introductory paragraph from Project #2 (revise if necessary) where you explained your risk profile (what information is contained in the table and what sources were used to obtain this information). Include a description of the process and documents used to construct the
Risk Profile. Explain the benefits of using a risk profile to help manage risk. The citations and named documents in this paragraph will serve as citations and attributions for the contents of Table #1 (bring
Table #1 Risk Profile forward from Project #2 and update if needed). Place Table #1 at the end of this section.

3. A separate analysis section (
Security Controls Profile) in which you present your Security Controls Profile. Provide an introductory paragraph that explains the security controls profile, e.g., what information is contained in the table and what sources were used to obtain this information. Describe the process and documents used to construct the Security Controls Profile.

4. A separate section (
Risk Mitigation Strategy) in which you present a high-level strategy for implementing the risk mitigations (security controls) presented earlier in this deliverable. This section should include a summary of the business problem (reduce risks related to information and IT systems and infrastructures), the general types of risks to be mitigated (focus on the CIA triad and summarize the risks you previously identified), the benefits of implementing security controls listed in your Security Controls Profile, and the policy, processes, and technical solutions being recommended for implementation (aligned to your Security Controls Profile).

5. A separate
Recommendations and Conclusions section which provides a summary of the information contained in this deliverable and presents your concluding statements regarding the business need and business benefits which support implementing your Risk Mitigation Strategy and the allocation of resources by the company.

Submit Your Work for Grading and Feedback

Before you submit your work, check the rubric (displayed in the Assignment Folder entry) to make sure that you have covered all required content including citations and references.

Submit your work in MS Word format ( x or file) using the Project #3 Assignment in your assignment folder. (Attach the file.)

Additional Information

6. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow APA Style guidance. Use of required readings from the course as sources is expected and encouraged. Where used, you must cite and provide references for these readings.

8. Consult the grading rubric for specific content and formatting requirements for this assignment.

9. All work submitted to the Assignment Folder will be scanned by the Turn It In service. We use this service to help identify areas for improvement in student writing.

INFA 610 Foundations of Information Security and Assurance

Table 1. Risk Profile for [company]

Risk ID						Risk Title	Description	Risk Category	Impact Level
	001	Unauthorized disclosure of customer information.	Disclosure of or access to customer information must be restricted to authorized individuals with a need to know. Unauthorized disclosure or access could result in harm to customers and financial liabilities for the company.	People	Medium
	002
	003
	004
	005
	006
	007
	008
	009
	010
	011
	012
	013
	014
	015

Table 2. Risk Mitigation Strategy Security Controls Profile

Risk Title

001

Unauthorized disclosure of customer information.

002

003

004

005

006

007

008

009

010

011

012

013

014

015

Risk ID	Risk Mitigation Strategy	CSF Category ID	Security Controls
Implementation of role-based access controls will reduce the risk of unauthorized access to customer information by controlling which individuals are granted access to the systems and software used to collect, process, transmit, and store this information.	PR.AC Identity Management, Authentication, and Access Control: PR.AC-4	AC-3 (7) Access Enforcement \| Role Based Access Control; AC-3 (11) Access Enforcement \| Restrict Access to Specific Information Types

image1

image2

Turn in your highest-quality paper
Get a qualified writer to help you with

“ INFA PROJECT 4 PRIVACY COMPLIANCE ”

Get high-quality paper

Guarantee! All work is written by expert writers!

Still stressed from student homework?

Get quality assistance from academic writers!

Order now