Procurement Risk in the Cybersecurity Industry, computer science homework help

User Generated

rgbyb

Computer Science

Description

Please see attached file.

Unformatted Attachment Preview

Industry Profile Part 1: Acquisition & Procurement Risk in the Cybersecurity Industry For this paper, you will investigate and then summarize key aspects of risk and risk management for acquisitions or procurements of cybersecurity products and services. The specific questions that your industry profile will address are: 1. What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaser of cybersecurity related products and/or services? 2. Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and services? (That is, does the risk transfer from seller to buyer?) 3. How can governance frameworks be used by both suppliers and purchasers of cybersecurity related products and services to mitigate risks? First, you will research how operational risk during the manufacturing, development, or service delivery processes can affect the security posture (integrity) of products and services. You will then explore the problem of product liability and/or risk transference from supplier to purchaser as products or services are delivered, installed, and used. You will then examine the role that IT governance frameworks and standards can play in helping purchasers develop and implement risk mitigation strategies to compensate for potential risk transfer by suppliers. Once you have completed your research and analysis, you will summarize your research in a risk profile. Research 1. Research risks and/or vulnerabilities which could be introduced into a buyer’s organization and/or IT operations through acquisition or purchase of cybersecurity products or services. Some suggested resources are: a. Hardware Security: i. http://www.brookings.edu/~/media/research/files/papers/2011/5/hardwarecybersecurity/05_hardware_cybersecurity.pdf ii. http://resources.infosecinstitute.com/hardware-attacks-backdoors-andelectronic-component-qualification/ b. Software Security i. https://buildsecurityin.us-cert.gov/ ii. https://www.bsimm.com/ c. Data Center Security i. http://www.datacenterjournal.com/managing-data-center-security/ d. Telecommunications Systems i. https://www.pwc.com/gx/en/communications/publications/communicationsreview/assets/cyber-telecom-security.pdf 2. Identify five or more specific sources of operational risks, in a supplier’s organization, which could adversely affect the security of cybersecurity products or services. In addition to using information you found under #1, consult the Software Engineering Institute’s publication A Taxonomy of Operational Cyber Security Risks http://resources.sei.cmu.edu/asset_files/TechnicalNote/2010_004_001_15200.pdf 3. Research the issue of product liability with respect to cybersecurity products and services. What is the current legal environment? Some suggested sources are: a. http://www.darkreading.com/vulnerabilities---threats/security-product-liabilityprotections-emerge/d/d-id/1320274 b. http://victorsheymov.com/2015/04/product-liability-the-unique-position-of-thecybersecurity-industry/ c. https://www.travelers.com/prepare-prevent/protect-your-business/product-servicesliability/product-liability-prevention.aspx 4. Research the role of IT Governance standards in helping organizations identify and manage risks arising from the purchase of IT related products and services. Begin by looking at the following: a. COBIT®: AI5 Procure IT Resources b. ITIL® Supplier Management SD 4 c. ISO/IEC 27002 Section 15: Supplier Relationship Management i. 15.1 Establish security agreements with suppliers ii. 15.2 Manage supplier security and service delivery Write 1. An introduction section which provides a brief overview of the cybersecurity industry as a whole. Why does this industry exist? (Hint: buyers want to procure or acquire cybersecurity related products and services). How does this industry benefit society? Address the sources of demand for cybersecurity products and services. (You may reuse resources and/or narrative from your Case Study #3 assignment.) 2. An operational risks overview section in which you provide an overview of sources of operational risks which could affect suppliers of cybersecurity related products and services and, potentially, compromise the security of those products or services. Discuss the potential impact of such compromises upon buyers and the security of their organizations (risk transfer). 3. A product liability section in which you provide a summary of the current legal environment as it pertains to product liability in the cybersecurity industry. Discuss the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services. 4. A governance frameworks & standards section in which you discuss the role that standards and governance processes should play in ensuring that acquisitions or purchases of cybersecurity products and services meet the buyer’s organization’s security requirements (risk mitigation). 5. A summary and conclusions section in which you present a summary of your findings including the reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services. Your five to eight page paper is to be prepared using basic APA formatting (including title page and reference list) and submitted as an MS Word attachment to the Industry Profile Part 1: Acquisition & Procurement Risk entry in your assignments folder. See the sample paper and paper template provided in Course Resources > APA Resources for formatting examples. Consult the grading rubric for specific content and formatting requirements for this assignment.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Here you go. In case of any further inputs, please let me know.All the best!I appreciate working with you!

Running Head: INDUSTRY PROFILE PART 1

Acquisition Procurement Risk in the Cyber Security Industry
Name
Course
Tutor
Date

1

INDUSTRY PROFILE PART 1

2

Overview of the cyber security industry
Cybersecurity industry was first talked about as a very strong business opportunity. It has
grown to an extent that it has given birth to a parallel industry known as cyber insurance. The
cyber security industry will be worth $170 billion in the next five years. This is according to a
prediction made by researchers. Data breaches worth millions have shown and proven that cyber
security is not an IT concern anymore but a crucial business imperative which envelops the
business trust, continuity and even the brand. Many organizations worldwide are waking up to
this emergency. Some have already adopted a risk-based cyber security framework while other
have deployed some strategies for cloud-based services and also the internet of things.
Cybersecurity does exist simply because of the “Good enough” principle. This is a rule
for the system and software design. This term indicates that the customers will always go for
and use the products that are good enough for their requirements. This is despite the fact that
there exists more advanced technology (Larry, 2015).
Some of the benefits of cybersecurity is that it can protect a business. The best IT
solutions can be used to provide a comprehensive digital protection of the business. Employees
in a firm can also work safely. Cybersecurity helps protect the personal info and also the
productivity of a business. Cyber security industry also inspires confidence in the customers, if
the business owner can prove that his/her business is well protected.
There has been an increase in the cybersecurity products and services over the last few
years. This is because of the rise in the cloud-based services and applications such as CRM,
ERP, e-mail services, data backups, and the collaboration servic...


Anonymous
I was having a hard time with this subject, and this was a great help.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags