Question Details

(Solved) CSIA 350: Cybersecurity in Business & Industry Industry Profile Part 1: Acquisition & Procurement Risk in the Cybersecurity Industry...


PLEASE I AM SUBMITTING THIS ASSIGNMENT ON TURNTIN. I HAVE ALSO ATTACHED ADDITIONAL INSTRUCTIONS BELOW.


For this paper, you will investigate and then summarize key aspects of risk and risk management for acquisitions or procurements of cybersecurity products and services. The specific questions that your industry profile will address are:

1.      What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaser of cybersecurity related products and/or services?

2.      Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and services? (That is, does the risk transfer from seller to buyer?)

3.      How can governance frameworks be used by both suppliers and purchasers of cybersecurity related products and services to mitigate risks?


First, you will research how operational risk during the manufacturing, development, or service delivery processes can affect the security posture (integrity) of products and services. You will then explore the problem of product liability and/or risk transference from supplier to purchaser as products or services are delivered, installed, and used. You will then examine the role that IT governance frameworks and standards can play in helping purchasers develop and implement risk mitigation strategies to compensate for potential risk transfer by suppliers. Once you have completed your research and analysis, you will summarize your research in a risk profile.


Research


1.      Research risks and/or vulnerabilities which could be introduced into a buyer’s organization and/or IT operations through acquisition or purchase of cybersecurity products or services. Some suggested resources are:

a.      Hardware Security:

                                                              i.     http://www.brookings.edu/~/media/research/files/papers/2011/5/hardware-cybersecurity/05_hardware_cybersecurity.pdf

                                                            ii.     http://resources.infosecinstitute.com/hardware-attacks-backdoors-and-electronic-component-qualification/

b.      Software Security

                                                              i.     https://buildsecurityin.us-cert.gov/

                                                            ii.     https://www.bsimm.com/

c.      Data Center Security

                                                              i.     http://www.datacenterjournal.com/managing-data-center-security/

d.      Telecommunications Systems

                                                              i.     https://www.pwc.com/gx/en/communications/publications/communications-review/assets/cyber-telecom-security.pdf


2.      Identify five or more specific sources of operational risks, in a supplier’s organization, which could adversely affect the security of cybersecurity products or services. In addition to using information you found under #1, consult the Software Engineering Institute’s publication A Taxonomy of Operational Cyber Security Risks http://resources.sei.cmu.edu/asset_files/TechnicalNote/2010_004_001_15200.pdf



3.      Research the issue of product liability with respect to cybersecurity products and services. What is the current legal environment? Some suggested sources are:

a.      http://www.darkreading.com/vulnerabilities---threats/security-product-liability-protections-emerge/d/d-id/1320274

b.      http://victorsheymov.com/2015/04/product-liability-the-unique-position-of-the-cybersecurity-industry/

c.      https://www.travelers.com/prepare-prevent/protect-your-business/product-services-liability/product-liability-prevention.aspx


4.      Research the role of IT Governance standards in helping organizations identify and manage risks arising from the purchase of IT related products and services. Begin by looking at the following:

a.      COBIT®: AI5 Procure IT Resources

b.      ITIL® Supplier Management SD 4

c.      ISO/IEC 27002 Section 15: Supplier Relationship Management

                                                              i.     15.1 Establish security agreements with suppliers

                                                            ii.     15.2 Manage supplier security and service delivery

CSIA 350: Cybersecurity in Business & Industry
Industry Profile Part 1: Acquisition & Procurement Risk in the Cybersecurity Industry
For this paper, you will investigate and then summarize key aspects of risk and risk management for
acquisitions or procurements of cybersecurity products and services. The specific questions that your
industry profile will address are:
1. What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon
a purchaser of cybersecurity related products and/or services?
2. Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and
services? (That is, does the risk transfer from seller to buyer?)
3. How can governance frameworks be used by both suppliers and purchasers of cybersecurity
related products and services to mitigate risks?
First, you will research how operational risk during the manufacturing, development, or service delivery
processes can affect the security posture (integrity) of products and services. You will then explore the
problem of product liability and/or risk transference from supplier to purchaser as products or services
are delivered, installed, and used. You will then examine the role that IT governance frameworks and
standards can play in helping purchasers develop and implement risk mitigation strategies to
compensate for potential risk transfer by suppliers. Once you have completed your research and
analysis, you will summarize your research in a risk profile.
Research
1. Research risks and/or vulnerabilities which could be introduced into a buyer’s organization
and/or IT operations through acquisition or purchase of cybersecurity products or services.
Some suggested resources are:
a. Hardware Security:
i. http://www.brookings.edu/~/media/research/files/papers/2011/5/hardwarecybersecurity/05_hardware_cybersecurity.pdf
ii. http://resources.infosecinstitute.com/hardware-attacks-backdoors-andelectronic-component-qualification/
b. Software Security
i. https://buildsecurityin.us-cert.gov/
ii. https://www.bsimm.com/
c. Data Center Security
i. http://www.datacenterjournal.com/managing-data-center-security/
d. Telecommunications Systems
i. https://www.pwc.com/gx/en/communications/publications/communicationsreview/assets/cyber-telecom-security.pdf
2. Identify five or more specific sources of operational risks, in a supplier’s organization, which
could adversely affect the security of cybersecurity products or services. In addition to using
information you found under #1, consult the Software Engineering Institute’s publication A
Taxonomy of Operational Cyber Security Risks
http://resources.sei.cmu.edu/asset_files/TechnicalNote/2010_004_001_15200.pdf Copyright © 2015 by University of Maryland University College. All rights reserved. CSIA 350: Cybersecurity in Business & Industry
3. Research the issue of product liability with respect to cybersecurity products and services. What
is the current legal environment? Some suggested sources are:
a. http://www.darkreading.com/vulnerabilities---threats/security-product-liabilityprotections-emerge/d/d-id/1320274
b. http://victorsheymov.com/2015/04/product-liability-the-unique-position-of-thecybersecurity-industry/
c. https://www.travelers.com/prepare-prevent/protect-your-business/product-servicesliability/product-liability-prevention.aspx
4. Research the role of IT Governance standards in helping organizations identify and manage risks
arising from the purchase of IT related products and services. Begin by looking at the following:
a. COBIT®: AI5 Procure IT Resources
b. ITIL® Supplier Management SD 4
c. ISO/IEC 27002 Section 15: Supplier Relationship Management
i. 15.1 Establish security agreements with suppliers
ii. 15.2 Manage supplier security and service delivery
Write
1. An introduction section which provides a brief overview of the cybersecurity industry as a whole.
Why does this industry exist? (Hint: buyers want to procure or acquire cybersecurity related
products and services). How does this industry benefit society? Address the sources of demand
for cybersecurity products and services. (You may reuse resources and/or narrative from your
Case Study #3 assignment.)
2. An operational risks overview section in which you provide an overview of sources of operational
risks which could affect suppliers of cybersecurity related products and services and, potentially,
compromise the security of those products or services. Discuss the potential impact of such
compromises upon buyers and the security of their organizations (risk transfer).
3. A product liability section in which you provide a summary of the current legal environment as it
pertains to product liability in the cybersecurity industry. Discuss the potential impact upon
buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity
products or services.
4. A governance frameworks & standards section in which you discuss the role that standards and
governance processes should play in ensuring that acquisitions or purchases of cybersecurity
products and services meet the buyer’s organization’s security requirements (risk mitigation).
5. A summary and conclusions section in which you present a summary of your findings including
the reasons why product liability (risk transfer) is a problem that must be addressed by both
suppliers and purchasers of cybersecurity related products and services.
Your five to eight page paper is to be prepared using basic APA formatting (including title page and
reference list) and submitted as an MS Word attachment to the Industry Profile Part 1: Acquisition &
Procurement Risk entry in your assignments folder. See the sample paper and paper template provided
in Course Resources > APA Resources for formatting examples. Consult the grading rubric for specific
content and formatting requirements for this assignment. Copyright © 2015 by University of Maryland University College. All rights reserved.

 


Solution details:
STATUS
Answered
QUALITY
Approved
ANSWER RATING

This question was answered on: Sep 05, 2019

PRICE: $18

Solution~000200239094.zip (25.37 KB)

Buy this answer for only: $18

This attachment is locked

We have a ready expert answer for this paper which you can use for in-depth understanding, research editing or paraphrasing. You can buy it or order for a fresh, original and plagiarism-free solution (Deadline assured. Flexible pricing. TurnItIn Report provided)

Pay using PayPal (No PayPal account Required) or your credit card . All your purchases are securely protected by .
SiteLock

About this Question

STATUS

Answered

QUALITY

Approved

DATE ANSWERED

Sep 05, 2019

EXPERT

Tutor

ANSWER RATING

GET INSTANT HELP/h4>

We have top-notch tutors who can do your essay/homework for you at a reasonable cost and then you can simply use that essay as a template to build your own arguments.

You can also use these solutions:

  • As a reference for in-depth understanding of the subject.
  • As a source of ideas / reasoning for your own research (if properly referenced)
  • For editing and paraphrasing (check your institution's definition of plagiarism and recommended paraphrase).
This we believe is a better way of understanding a problem and makes use of the efficiency of time of the student.

NEW ASSIGNMENT HELP?

Order New Solution. Quick Turnaround

Click on the button below in order to Order for a New, Original and High-Quality Essay Solutions. New orders are original solutions and precise to your writing instruction requirements. Place a New Order using the button below.

WE GUARANTEE, THAT YOUR PAPER WILL BE WRITTEN FROM SCRATCH AND WITHIN YOUR SET DEADLINE.

Order Now