Project #82791 - Acquisition & Procurement Risk in the Cybersecurity Industry

Industry Profile Part 1: Acquisition & Procurement Risk in the Cybersecurity Industry

 

For this paper, you will investigate and then summarize key aspects of risk and risk management for acquisitions or procurements of cybersecurity products and services. The specific questions that your industry profile will address are:

1.       What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaser of cybersecurity related products and/or services?

2.       Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and services? (That is, does the risk transfer from seller to buyer?)

3.       How can governance frameworks be used by both suppliers and purchasers of cybersecurity related products and services to mitigate risks?

 

First, you will research how operational risk during the manufacturing, development, or service delivery processes can affect the security posture (integrity) of products and services. You will then explore the problem of product liability and/or risk transference from supplier to purchaser as products or services are delivered, installed, and used. You will then examine the role that IT governance frameworks and standards can play in helping purchasers develop and implement risk mitigation strategies to compensate for potential risk transfer by suppliers. Once you have completed your research and analysis, you will summarize your research in a risk profile.

 

Research

 

1.       Research risks and/or vulnerabilities which could be introduced into a buyer’s organization and/or IT operations through acquisition or purchase of cybersecurity products or services. Some suggested resources are:

a.       Hardware Security:

                                                               i.      http://www.brookings.edu/~/media/research/files/papers/2011/5/hardware-cybersecurity/05_hardware_cybersecurity.pdf

                                                             ii.      http://resources.infosecinstitute.com/hardware-attacks-backdoors-and-electronic-component-qualification/

b.      Software Security

                                                               i.      https://buildsecurityin.us-cert.gov/

                                                             ii.      https://www.bsimm.com/

c.       Data Center Security

                                                               i.      http://www.datacenterjournal.com/managing-data-center-security/

d.      Telecommunications Systems

                                                               i.      https://www.pwc.com/gx/en/communications/publications/communications-review/assets/cyber-telecom-security.pdf

2.       Identify five or more specific sources of operational risks, in a supplier’s organization, which could adversely affect the security of cybersecurity products or services. In addition to using information you found under #1, consult the Software Engineering Institute’s publication A Taxonomy of Operational Cyber Security Risks http://resources.sei.cmu.edu/asset_files/TechnicalNote/2010_004_001_15200.pdf

3.       Research the issue of product liability with respect to cybersecurity products and services. What is the current legal environment? Some suggested sources are:

a.       http://www.darkreading.com/vulnerabilities---threats/security-product-liability-protections-emerge/d/d-id/1320274

b.      http://victorsheymov.com/2015/04/product-liability-the-unique-position-of-the-cybersecurity-industry/

c.       https://www.travelers.com/prepare-prevent/protect-your-business/product-services-liability/product-liability-prevention.aspx

4.       Research the role of IT Governance standards in helping organizations identify and manage risks arising from the purchase of IT related products and services. Begin by looking at the following:

a.       COBIT®: AI5 Procure IT Resources

b.      ITIL® Supplier Management SD 4

c.       ISO/IEC 27002 Section 15: Supplier Relationship Management

                                                               i.      15.1 Establish security agreements with suppliers

                                                             ii.      15.2 Manage supplier security and service delivery

 

Write

 

1.       An introduction section which provides a brief overview of the cybersecurity industry as a whole. Why does this industry exist? (Hint: buyers want to procure or acquire cybersecurity related products and services). How does this industry benefit society? Address the sources of demand for cybersecurity products and services.  (You may reuse resources and/or narrative from your Case Study #3 assignment.)

2.       An operational risks overview section in which you provide an overview of sources of operational risks which could affect suppliers of cybersecurity related products and services and, potentially, compromise the security of those products or services. Discuss the potential impact of such compromises upon buyers and the security of their organizations (risk transfer).

3.       A product liability section in which you provide a summary of the current legal environment as it pertains to product liability in the cybersecurity industry. Discuss the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services.

4.       A governance frameworks & standards section in which you discuss the role that standards and governance processes should play in ensuring that acquisitions or purchases of cybersecurity products and services meet the buyer’s organization’s security requirements (risk mitigation). 

5.       A summary and conclusions section in which you present a summary of your findings including the reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services.

 

 

Your five to eight page paper is to be prepared using basic APA formatting (including title page and reference list) and submitted as an MS Word attachment to the Industry Profile Part 1: Acquisition & Procurement Risk entry in your assignments folder. See the sample paper and paper template provided in Course Resources > APA Resources for formatting examples. Consult the grading rubric for specific content and formatting requirements for this assignment.

Criteria

Provided an excellent overview of the cybersecurity industry as a whole. Answered the questions: (a) Why does this industry exist? and (b) How does this industry benefit society? Addressed sources of demand for cybersecurity products and services. Appropriately used information from 3 or more authoritative sources. (Reuse of narrative from Case Study #3 is permitted).

Provided an outstanding overview of the cybersecurity industry as a whole. Answered the questions: (a) Why does this industry exist? and (b) How does this industry benefit society? Addressed sources of demand for cybersecurity products and services. Appropriately used information from 2 or more authoritative sources. (Reuse of narrative from Case Study #3 is permitted).

Provided an brief introduction to the cybersecurity industry. Addressed why the industry exists and how the industry benefits society. Addressed sources of demand for cybersecurity products and services. Appropriately used information from authoritative sources. (Reuse of narrative from Case Study #3 is permitted).

Provided an introduction to the industry but the section lacked some required details. Information from authoritative sources was cited and used in the overview.

Attempted to provide an introduction to the industry but this section lacked detail and/or was not well supported by information drawn from authoritative sources. 

The introduction section was missing or did not present information about the cybersecurity industry.

Provided an excellent overview of the operational risks and sources of operational risks which could affect suppliers of cybersecurity related products and services. Addressed the potential impacts on products & services (compromised security). Discussed the potential impact of such compromises upon buyers and the security of buyers' organizations (risk transfer). Appropriately used and cited information from 3 or more authoritative sources.

1.   

Provided an outstanding overview of the operational risks which could affect suppliers of cybersecurity related products and services. Addressed the potential impacts on products & services (compromised security). Discussed the potential impact of such compromises upon buyers and the security of buyers' organizations (risk transfer). Appropriately used and cited information from 2 or more authoritative sources.

Discussed operational risks and sources of operational risks which could affect suppliers of cybersecurity related products and services. Addressed the possible impacts on products & services and the impacts upon the security of buyers' organizations (risk transfer).Appropriately used and cited information from authoritative sources.

Provided information about operational risks and sources of operational risks which could impact sellers and buyers of cybersecurity products and services.  Appropriately used and cited information from authoritative sources.

Provided a discussion of operational risk as it applies to the cybersecurity industry. The discussion lacked detail and/or was not well supported by information drawn from authoritative sources.

This section was missing, off topic, or failed to provide information about operational risks and the impacts thereof.

Provided an excellent discussion of product liability in the cybersecurity industry. Summarized the current legal environment and discussed the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services. Appropriately used information from 3 or more authoritative sources.

Provided an outstanding discussion of product liability in the cybersecurity industry. Summarized the current legal environment and discussed the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services. Appropriately used information from 2 or more authoritative sources.

Discussed product liability in the cybersecurity industry. Summarized the current legal environment and discussed the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services. The discussion was supported by information drawn from authoritative sources.

Attempted to provide a discussion of product liability in the cybersecurity industry. Mentioned the potential impact upon buyers who suffer harm or loss related to the use of cybersecurity products or services.The discussion was supported by information drawn from authoritative sources.

Mentioned product liability but the section was lacking in details and/or was not supported by information from authoritative sources.

This section was missing, off topic, or failed to address product liability.

Provided an excellent discussion of the role that standards and governance processes should play in ensuring that acquisitions and procurements (purchases) of cybersecurity products and services meet the buyer’s security requirements.  Discussed specific governance process examples from COBIT®,ITIL®, and ISO/IEC 27002. Appropriately used information from 3 or more authoritative sources. 

 

Provided an outstanding discussion of the role that standards and governance processes should play in ensuring that acquisitions and procurements (purchases) of cybersecurity products and services meet the buyer’s security requirements.  Discussed specific governance process examples from two of the three frameworks (COBIT®ITIL®, and ISO/IEC 27002). Appropriately used information from 2 or more authoritative sources.

 

 

Discussed the role that standards and governance processes should play in ensuring that acquisitions and procurements (purchases) of cybersecurity products and services meet the buyer’s security requirements.  Mentioned the use of processes from COBIT®,ITIL®, or ISO/IEC 27002. Appropriately used information from authoritative sources.

 

Provided a discussion of the role that standards and governance processes should play during the purchase of cybersecurity products or services.Appropriately used information from authoritative sources.

Attempted to provide a discussion of the role that standards and governance processes should play during the purchase of cybersecurity products or services but the discussion was substantially lacking in details.

Section was missing, off topic, or did not mention governance frameworks and standards.

Provided an excellent summary and conclusions section which presented a summary of findings including 3 or more reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services.

Provided an outstanding summary and conclusions section which presented a summary of findings including 2 or more reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services.

Provided a summary and conclusions section which presented a summary of findings including the reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services.

Summarized findings which mentioned product liability problems in the cybersecurity industry.

Included a summary but did not mention product liability.

Summary and conclusions were missing.

Demonstrated excellence in the integration of standard cybersecurity terminology into the case study.

Provided an outstanding integration of standard cybersecurity terminology into the case study.

Integrated standard cybersecurity terminology into the into the case study

Used standard cybersecurity terminology but this usage was not well integrated with the discussion.

Misused standard cybersecurity terminology.

Did not integrate standard cybersecurity terminology into the discussion.

Work contains a reference list containing entries for all cited resources. Reference list entries and in-text citations are correctly formatted using the appropriate APA style for each type of resource.

Work contains a reference list containing entries for all cited resources. One or two minor errors in APA format for in-text citations and/or reference list entries.

Work contains a reference list containing entries for all cited resources. No more than 3 minor errors in APA format for in-text citations and/or reference list entries.

Work has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 5 minor errors in APA format for in-text citations and/or reference list entries.

Work attempts to credit sources but demonstrates a fundamental failure to understand and apply the APA formatting standard as defined in the Publication Manual of the American Psychological Association (6th ed.).

Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper.

Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.

Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings (per the assignment’s directions).

Organization and/or appearance of submitted work could be improved through better use of fonts, color, titles, headings, etc. OR Submitted work has multiple style or formatting errors. Professional appearance could be improved.

Submitted work has multiple style or formatting errors. Organization and professional appearance need substantial improvement.

Submitted work meets minimum requirements but has major style and formatting errors. Work is disorganized and needs to be rewritten for readability and professional appearance.

Submitted work is poorly organized and formatted. Writing and presentation are lacking in professional style and appearance. Work does not reflect college level writing skills.

No formatting, grammar, spelling, or punctuation errors.

Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance.

Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work.

Submitted work has numerous errors in formatting, spelling, grammar, or punctuation. Work is unprofessional in appearance.

Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage.

Submitted work is poorly executed OR does not reflect college level work.

Overall Score

 

Subject Computer
Due By (Pacific Time) 09/25/2015 12:00 am
Report DMCA
TutorRating
pallavi

Chat Now!

out of 1971 reviews
More..
amosmm

Chat Now!

out of 766 reviews
More..
PhyzKyd

Chat Now!

out of 1164 reviews
More..
rajdeep77

Chat Now!

out of 721 reviews
More..
sctys

Chat Now!

out of 1600 reviews
More..
sharadgreen

Chat Now!

out of 770 reviews
More..
topnotcher

Chat Now!

out of 766 reviews
More..
XXXIAO

Chat Now!

out of 680 reviews
More..
All Rights Reserved. Copyright by AceMyHW.com - Copyright Policy