Cost of Capital

We've regarded how cyber crimes impact the performance and how we can measure the impact of cyber crimes. Case study of Amazon Inc. epresents the main and general information about the ompany, identifies its mission and objectives. We've evaluated the current situation in company's business and performance. Our case also determined and found exposures of Amazon Inc. to cyber threats. We've reviewed the strategy and performance of the company from four perspectives: financial, customer, internal, innovation learning &growth perspective. On the basis of our findings we've given specific recommendations to the company that would help to achieve its goals and maintain leadership in the market of online retail.Recommendations correspond to four perspectives we've used to review performance of the company. We are onvinced that cyber defense is an integral part of company's performance and hence the performance management. 2. Introduction 2. 1 Cybercrimes in information age Cybercrimes appe ared at the same time as the Internet. And the ways and technologies of crimes were, are and would be improving along the development of machines and technologies in the whole and in particular the Internet. Cybercrimes became the part of our world and in order to protect us from that, governments of all countries provide the laws to prevent from such things.Also there are companies, which provide the security services against cybercrimes: Cyberpath, ESET, TDI and any others. But, unfortunately, they cannot solve all the problems. The existing criminal laws in most countries should cover computer-related crimes or electronically perpetrated crimes. 2. 2 Use of informational technology in fraud The biggest cyber threat is that it may happen at any given time, it is simply impossible to find out when the new wave will hit and more importantly what type of wave will it be. Cyber threat may take different forms.Here are the most common especially for our company. The first and the least dangerous is the threat, which has not material impact on the company. As an example can be the defacing of the company's website by hackers. Second, more serious is the threat, which is haling for the financial gain. Not only have the businesses entered the digital world. The criminals have done the same as well. And nowadays it functions Just like any other business. They have their strategies, management structures, quality control and so on.For example, hackers may obtain company's earnings reports before its official release. Having that knowledge, they may use it in making the decision of buying or selling stocks of that particular company. Keeping pace with new technologies also eeds certain portion of attention. Companies' risk exposure is constantly growing as the companies invest more and more in technologies (social, mobile, cloud, etc. ). All ot those can be a threat at the end ot the day. Mobile, tor instance, put the business in danger as the organization's corporate data suddenly may be assessed from the outside.Furthermore, the employees do not always fully realize the threat they are undertaking by sending, sharing or receiving the information on their personal devices. The same goes for social media, where the personal and professional line is often erased. One way that a hacker can gain illicit access toa system is through â€Å"social engineering†. Social engineering is a term used to describe deception against other humansl . A hacker may devise a scheme to trick another person into providing a username and password.Social engineering is as simple and effective as pretending to leave the room while another is signing onto a computer, all the while peaking around the corner to get a glimpse of logon keystrokes. Social engineering does not always take place face-to-face. Clever hackers have been known to place phone calls pretending to be a corporate help desk person or other legitimate artner asking for information that could compro mise access to computing resources. Imagine how many workstations are left wide open in a building when a fire alarm goes off.How long would it take for the alarm puller to drop a floppy into your desktop computer, initiate a process and be gone? Another category of intrusion tool is known as the scanner, or sniffer. Many operating systems come with vulnerability scanners that assist administrators in finding weaknesses. Public domain and commercial products are readily available, including SARA, Nessus, O SANS Institute 2002, Author retains full rights2. These scanners can reveal service ports that are open for attack and even details about the operating system itself.We should not be naive enough to think that these are out of the reach of the bad guys. Then, password cracking entails creating plain text passwords from their cryptographic hashes. Once the plain text password is garnered, access can be had. Password cracking tools are made available to system administrators for aud iting and recovery reasons. IP3 spoofing is a technique used by hackers as a means to gain hidden, unauthorized access to a target resource. They do this by impersonating a trusted resource.Specifically, a DDoS4 attack may change address information in the IP header of a message to make the target resource think the message is coming from a recognized, friendly port. When this technique is deployed in high volume, the attack can effectively dominate the target machine's resources, causing the target machine to perform sluggishly, or stop processing altogether. In addition to password cracking, social engineering, IP spoofing techniques, hackers have many other ways to perform destructive acts in the cyber realm.They have ways to hijack legitimate sessions, intercept and re-assemble IP fragments, take advantage of buffer overflows or flood a target machine with SYN requests. It is the wide and diverse nature of vulnerability today that argues for a strong cyber security management sy stem, one that begins with comprehensive policy and applies many technologies to achieve defense in depth. 3. Is business performance management relevant today? Business performance management is scientific approach to reaching the set of relevant and time limited goals by applying the definite set of metrics to assess the ffectiveness of resource usage.An evaluation of performance management regards indicators that numerically show the outcome of business activities. There are metrics for evaluating the success of a business: financial, internal, customer, strategic and compliance. Financial metric Financial metric includes sales, profits and costs. This metric shows us if our sales decreased or increased and if decreased, we should investigate why. But more important metric is how our profits behave. If our sales go down, our profits could still increase because we decreased the rate of cost.Internal metric Internal metric provides an evaluation management working at the company. As usual, this metric is better in small companies, because managers are closely connected with the employees rather than in big corporations. Customer metric Businesses exist to serve the needs of their customers. This means that behviour and loyalty of customers, and their level of satisfaction, provide us with a good measure for business long-term health and performance. Strategic metric Companies create strategies to reach short and long-term targets.An evaluation of the strategic performance management includes the quality of execution the trategies that management tried to implement. Strategies specify actions that management expects to achieve the desired result. An evaluation considers implementation of the strategies, successful execution of the planned actions by the company and whether results comply with the goals. Compliance metric Compliance metric measures effectiveness of compliance within the organization. Management should demonstrate ability to comply with financi al reporting standards, regulations and environmental legislation.Ideally, business should not have any imposed sanctions from the authorities. As we mentioned all these metrics are important for successful existence of the company. Without business performance management the company will collapse because, for example, if the company does not know what is its profit or its customer rate, what is inside in the company and so on and so forth. Measuring and keeping track on business's performance is essential for every company. If you don't evaluate your past performance you can't make realistic sustainable plans for the future. Cost of Capital We've regarded how cyber crimes impact the performance and how we can measure the impact of cyber crimes. Case study of Amazon Inc. epresents the main and general information about the ompany, identifies its mission and objectives. We've evaluated the current situation in company's business and performance. Our case also determined and found exposures of Amazon Inc. to cyber threats. We've reviewed the strategy and performance of the company from four perspectives: financial, customer, internal, innovation learning &growth perspective. On the basis of our findings we've given specific recommendations to the company that would help to achieve its goals and maintain leadership in the market of online retail.Recommendations correspond to four perspectives we've used to review performance of the company. We are onvinced that cyber defense is an integral part of company's performance and hence the performance management. 2. Introduction 2. 1 Cybercrimes in information age Cybercrimes appe ared at the same time as the Internet. And the ways and technologies of crimes were, are and would be improving along the development of machines and technologies in the whole and in particular the Internet. Cybercrimes became the part of our world and in order to protect us from that, governments of all countries provide the laws to prevent from such things.Also there are companies, which provide the security services against cybercrimes: Cyberpath, ESET, TDI and any others. But, unfortunately, they cannot solve all the problems. The existing criminal laws in most countries should cover computer-related crimes or electronically perpetrated crimes. 2. 2 Use of informational technology in fraud The biggest cyber threat is that it may happen at any given time, it is simply impossible to find out when the new wave will hit and more importantly what type of wave will it be. Cyber threat may take different forms.Here are the most common especially for our company. The first and the least dangerous is the threat, which has not material impact on the company. As an example can be the defacing of the company's website by hackers. Second, more serious is the threat, which is haling for the financial gain. Not only have the businesses entered the digital world. The criminals have done the same as well. And nowadays it functions Just like any other business. They have their strategies, management structures, quality control and so on.For example, hackers may obtain company's earnings reports before its official release. Having that knowledge, they may use it in making the decision of buying or selling stocks of that particular company. Keeping pace with new technologies also eeds certain portion of attention. Companies' risk exposure is constantly growing as the companies invest more and more in technologies (social, mobile, cloud, etc. ). All ot those can be a threat at the end ot the day. Mobile, tor instance, put the business in danger as the organization's corporate data suddenly may be assessed from the outside.Furthermore, the employees do not always fully realize the threat they are undertaking by sending, sharing or receiving the information on their personal devices. The same goes for social media, where the personal and professional line is often erased. One way that a hacker can gain illicit access toa system is through â€Å"social engineering†. Social engineering is a term used to describe deception against other humansl . A hacker may devise a scheme to trick another person into providing a username and password.Social engineering is as simple and effective as pretending to leave the room while another is signing onto a computer, all the while peaking around the corner to get a glimpse of logon keystrokes. Social engineering does not always take place face-to-face. Clever hackers have been known to place phone calls pretending to be a corporate help desk person or other legitimate artner asking for information that could compro mise access to computing resources. Imagine how many workstations are left wide open in a building when a fire alarm goes off.How long would it take for the alarm puller to drop a floppy into your desktop computer, initiate a process and be gone? Another category of intrusion tool is known as the scanner, or sniffer. Many operating systems come with vulnerability scanners that assist administrators in finding weaknesses. Public domain and commercial products are readily available, including SARA, Nessus, O SANS Institute 2002, Author retains full rights2. These scanners can reveal service ports that are open for attack and even details about the operating system itself.We should not be naive enough to think that these are out of the reach of the bad guys. Then, password cracking entails creating plain text passwords from their cryptographic hashes. Once the plain text password is garnered, access can be had. Password cracking tools are made available to system administrators for aud iting and recovery reasons. IP3 spoofing is a technique used by hackers as a means to gain hidden, unauthorized access to a target resource. They do this by impersonating a trusted resource.Specifically, a DDoS4 attack may change address information in the IP header of a message to make the target resource think the message is coming from a recognized, friendly port. When this technique is deployed in high volume, the attack can effectively dominate the target machine's resources, causing the target machine to perform sluggishly, or stop processing altogether. In addition to password cracking, social engineering, IP spoofing techniques, hackers have many other ways to perform destructive acts in the cyber realm.They have ways to hijack legitimate sessions, intercept and re-assemble IP fragments, take advantage of buffer overflows or flood a target machine with SYN requests. It is the wide and diverse nature of vulnerability today that argues for a strong cyber security management sy stem, one that begins with comprehensive policy and applies many technologies to achieve defense in depth. 3. Is business performance management relevant today? Business performance management is scientific approach to reaching the set of relevant and time limited goals by applying the definite set of metrics to assess the ffectiveness of resource usage.An evaluation of performance management regards indicators that numerically show the outcome of business activities. There are metrics for evaluating the success of a business: financial, internal, customer, strategic and compliance. Financial metric Financial metric includes sales, profits and costs. This metric shows us if our sales decreased or increased and if decreased, we should investigate why. But more important metric is how our profits behave. If our sales go down, our profits could still increase because we decreased the rate of cost.Internal metric Internal metric provides an evaluation management working at the company. As usual, this metric is better in small companies, because managers are closely connected with the employees rather than in big corporations. Customer metric Businesses exist to serve the needs of their customers. This means that behviour and loyalty of customers, and their level of satisfaction, provide us with a good measure for business long-term health and performance. Strategic metric Companies create strategies to reach short and long-term targets.An evaluation of the strategic performance management includes the quality of execution the trategies that management tried to implement. Strategies specify actions that management expects to achieve the desired result. An evaluation considers implementation of the strategies, successful execution of the planned actions by the company and whether results comply with the goals. Compliance metric Compliance metric measures effectiveness of compliance within the organization. Management should demonstrate ability to comply with financi al reporting standards, regulations and environmental legislation.Ideally, business should not have any imposed sanctions from the authorities. As we mentioned all these metrics are important for successful existence of the company. Without business performance management the company will collapse because, for example, if the company does not know what is its profit or its customer rate, what is inside in the company and so on and so forth. Measuring and keeping track on business's performance is essential for every company. If you don't evaluate your past performance you can't make realistic sustainable plans for the future.