Not too easy. Not too difficult.
This course highlighted the fact that the supply chain is the weakest link in the cyber security chain and needs to be better protected.
"Supply chain risks can be broken into two major categories, Internal and External. Internal risks are defined as Processes, Controls, and Mitigation and External risks are defined as Demand risk, Supply risk, and Environmental risk (Wilding, 2013). The majority of cybersecurity risk will come from external suppliers, regardless if you are the manufacturer or the end user of an information and communications technology (ICT) product or service. Organizations must ensure their direct suppliers, as well as the suppliers of its suppliers, have controls in place to mitigate the risk of introducing malicious hardware alterations into the supply chain as described by Villasenor, 2011. (1st example) An example of such a supply chain being compromised is illustrated in the case of Lenovo laptops being shipped with a malware called Superfish, which allowed it to create its own encryption certificates, in essence creating a man-in-the-middle vulnerability (Villasenor, 2011), (Paul, 2015). Other sources of cybersecurity risk from the supply chain include (2nd example) vulnerabilities in software such as zero day exploits, (3rd example) malware being inserted into legitimate software (as in the case of the Dragonfly cyber group inserting a trojan into the software used by the pharmaceutical industry) or (4th example) third party website builders that are susceptible to embedded code that allows for redirection to a malicious domain as in the case of the shylock trojan (Mehta, n.d.)".
Hours per week:
Advice for students:
Complete all of the assigned reading and conduct independent research.