CSIA 350 UMUC Hamon Limited Acquisition Risk Analysis Project 4 Paper

Anonymous
timer Asked: Mar 29th, 2019
account_balance_wallet $30

Question Description

For this project, you will investigate and then summarize key aspects of risk and risk management for acquisitions or procurements of cybersecurity products and services. The specific questions that your acquisition risk analysis will address are:

  • What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaser of cybersecurity related products and/or services?
  • Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and services? (That is, does the risk transfer from seller to buyer?)
  • How can governance frameworks be used by both suppliers and purchasers of cybersecurity related products and services to mitigate risks?

Unformatted Attachment Preview

CSIA 350: Cybersecurity in Business & Industry Project #4: Acquisition Risk Analysis Overview For this project, you will investigate and then summarize key aspects of risk and risk management for acquisitions or procurements of cybersecurity products and services. The specific questions that your acquisition risk analysis will address are: 1. What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaser of cybersecurity related products and/or services? 2. Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and services? (That is, does the risk transfer from seller to buyer?) 3. How can governance frameworks be used by both suppliers and purchasers of cybersecurity related products and services to mitigate risks? For this assignment, your “purchaser” will be the same company that you researched in Project #2. You should reuse relevant information from your risk assessment and risk profile (especially your recommended security controls). Begin by reviewing your selected company’s needs or requirements for cybersecurity (this information should have been collected your earlier projects in this course). What information and/or business operations need to be protected? What are the likely sources of threats or attacks for each type of information or business operation? What technologies, products, or services did you identify and discuss in your risk management strategy / acquisition forecast? Next, you will research how operational risk during the manufacturing, development, or service delivery processes can affect the security posture (integrity) of products and services listed in your acquisition forecast. You will then explore the problem of product liability and/or risk transference from supplier to purchaser as products or services are delivered, installed, and used. You will also need to examine the role that IT governance frameworks and standards can play in helping purchasers develop and implement risk mitigation strategies to compensate for potential risk transfer by suppliers. Once you have completed your research and analysis, you will summarize your findings in an acquisition risk analysis for cybersecurity products and services. This analysis should be suitable for use by the company’s senior managers in developing a company-wide risk management strategy for acquisition and procurement activities which could impact the company’s cybersecurity posture. Research 1. Review your work for projects 1, 2, and 3. 2. Review your previous work as to the role of IT Governance standards in helping businesses identify and manage risks arising from the purchase of IT related products and services. Copyright © 2019 by University of Maryland University College. All rights reserved. CSIA 350: Cybersecurity in Business & Industry 3. Review the course readings relating to the Cybersecurity industry and sources of products and services. 4. If you have not previously done so, identify three or more categories of cybersecurity products or services which your selected company is likely to purchase. Investigate the characteristics of these products / services. You should also identify possible vendors or sources from whom these can be purchased or acquired (e.g. open source software is acquired rather than bought or “purchased”). You should focus on products which can help reduce risks associated with eCommerce and protection of customer information, protection of online ordering systems, etc. 5. Research risks and/or vulnerabilities which could be introduced into a buyer’s organization and/or IT operations through acquisition or purchase of cybersecurity products or services. Some suggested resources are: a. Hardware Security: i. http://www.brookings.edu/~/media/research/files/papers/2011/5/hardwarecybersecurity/05_hardware_cybersecurity.pdf ii. http://resources.infosecinstitute.com/hardware-attacks-backdoors-andelectronic-component-qualification/ b. Software Security i. https://www.synopsys.com/blogs/software-security/software-security/ ii. http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com.ezproxy.umuc .edu/login.aspx?direct=true&db=heh&AN=61216498&site=eds-live&scope=site c. Data Center Security i. http://www.datacenterjournal.com/managing-data-center-security/ d. Telecommunications Systems i. https://www.pwc.com/gx/en/communications/publications/communicationsreview/assets/cyber-telecom-security.pdf 6. Identify five or more specific sources of operational risks, in a supplier’s organization, which could adversely affect the security of cybersecurity products or services delivered to its customers. In addition to using information you relied on in your previous projects, consult the Software Engineering Institute’s publication A Taxonomy of Operational Cyber Security Risks http://resources.sei.cmu.edu/asset_files/TechnicalNote/2010_004_001_15200.pdf 7. Research the issue of product liability with respect to cybersecurity products and services. What is the current legal environment? Some suggested sources are: a. http://www.darkreading.com/vulnerabilities---threats/security-product-liabilityprotections-emerge/d/d-id/1320274 b. http://victorsheymov.com/2015/04/product-liability-the-unique-position-of-thecybersecurity-industry/ c. https://www.travelers.com/prepare-prevent/protect-your-business/product-servicesliability/product-liability-prevention.aspx Write 1. An introduction section which provides a brief overview of your selected company, its eCommerce operations, and the acquisition forecast for the company’s likely future needs and Copyright © 2019 by University of Maryland University College. All rights reserved. 2. 3. 4. 5. 6. CSIA 350: Cybersecurity in Business & Industry purchases for cybersecurity products and services. You should reuse information / narrative from projects 2 and 3. Your introduction section for this project should be no more than 1 page in length. A governance frameworks & standards section in which you discuss the role that standards and governance processes should play in reducing risk by ensuring that acquisitions or purchases of cybersecurity products and services meet the buyer’s organization’s security requirements (risk mitigation). A Cybersecurity Industry & Supplier Overview section which provides a discussion of the likely sources (companies, vendors, consortiums, open source repositories, etc.) from which cybersecurity products and services can be acquired, licensed, or purchased. Your overview should briefly discuss the cybersecurity industry as a whole. Why does this industry exist? (Hint: buyers want to procure or acquire cybersecurity related products and services). How does this industry benefit society? An operational risks overview section in which you provide an overview of sources of operational risks which could affect suppliers of cybersecurity related products and services and, potentially, compromise the security of those products or services. Discuss the potential impact of such compromises upon buyers and the security of their organizations (risk transfer). A product liability section in which you provide a summary of the current legal environment as it pertains to product liability in the cybersecurity industry. Discuss the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services. A summary and conclusions section in which you present a summary of your findings including the reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services. Submit For Grading Submit your work in MS Word format (.docx or .doc file) using the Project #4 Assignment in your assignment folder. (Attach the file.) Additional Information 1. Consult the grading rubric for specific content and formatting requirements for this assignment. 2. Your 7-10 page paper should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper. 3. You may reuse portions of your Project #2 and 3 submissions and/or narrative from relevant discussion papers completed for THIS section of this course (CSIA 350). 4. Your paper should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts for recommended resources. Copyright © 2019 by University of Maryland University College. All rights reserved. CSIA 350: Cybersecurity in Business & Industry 5. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx. 6. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count. 7. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 8. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.). Copyright © 2019 by University of Maryland University College. All rights reserved. ...
Purchase answer to see full attachment

Tutor Answer

EagleEye1
School: Duke University

Your Assignment is complete

Running Head: ACQUISITION RISK ANALYSIS
1

Acquisition Risk Analysis
Student Name:
Instructor Name:
Course:
Date:

ACQUISITION RISK ANALYSIS
2
Introduction
Hamon limited is a company that deals with sales and marketing of products and services
through an online platform. It involves a seller posting a product by first logging into the
website. The company then allows customers to place bids towards the product and once the
timeline for putting proposals towards the product is finished, the highest bidder is selected, and
the owner is connected with the buyer to ensure that the product or service is supplied. The
customer of the product then pays to the company online before the supply and waits for the
delivery of the product by the owner through the company. The company then pays the owner of
the good but at a lower price after charging for marketing and sales.
Once the product is sold, it is removed from the online platform to indicate that it is
already sold. The process continues for all goods and services. Most activities of the company
are online, all the way from posting of products, advertisements, bidding, payments, and
communications with customers. Due to this, there are various products that the company intends
to purchase. There are plans to buy a large warehouse for storage of the owners’ products at a
fee. The company also wants to increase its security especially against cybercrimes, and
therefore cybersecurity products will be purchased. This is to prevent any interference with the
bidding process and payment process by hackers and viruses.
Governance Frameworks and Standards
Cybersecurity framework contains management tools, security awareness program and
compressive risk management approach, hence for any organization to function completely it
needs to have a complete cybersecurity governance framework to address their needs adequately.
One of the efforts that have guided in the field of cybersecurity is the national institute of

ACQUISITION RISK ANALYSIS
3
standards and technology. The structure is one of the best starting points for organizations that
are interested in defining and refining infrastructure associated with their own needs and at the
same time follow the industry norms and standards, (John D. Villasenor, 2011).
The organizational structure ensures that the management is well suited. It happens when
the hierarchy of an organization is well defined, and it contributes to the security issues arising as
every member is conversant with their work and responsibilities and does not look upon anyone
to handle their work on behalf of them, (Pierluigi Paganini, 2013). It helps the organization to
stay focused on any cause that may arise and problems are tackled according to the organization
hierarchy and where it has occurred. By doing this, the security of the buyer is well met, and the
buyer is well assured that if any problem arises, it will be well catered for by the governance of
the organization, (Gary McGraw, 2004).
Another issue that the governance framework addresses is the work culture of the
organization; this involves how companies check the information and respond to adjustments in
the organization which is coming up at a faster pace. The tradition and the formal way of
interacting and working with different stakeholder within or outside are well catered for and
adjusted according to incoming changes, (Mark Lobel, 2014).
The security awareness and educational programs which are also a form of governance
need to be objectively focused in different organization and business. Rules and policies should
be made and strictly followed. This is to show organization engagement and seriousness of
making their labor pool aware of ...

flag Report DMCA
Review

Anonymous
Tutor went the extra mile to help me with this essay. Citations were a bit shaky but I appreciated how well he handled APA styles and how ok he was to change them even though I didnt specify. Got a B+ which is believable and acceptable.

Similar Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors