Course Hero Logo
Computer Science
Engineering & Technology
Information Security
will investigate and then summarize key aspects of risk and risk...
Subscription benefits

Get more out of your subscription*

  • Access to over 100 million course-specific study resources
  • 24/7 help from Expert Tutors on 140+ subjects
  • Full access to over 1 million Textbook Solutions

*You can change, pause or cancel anytime

Question
Answered step-by-step

Asked by kpham228

will investigate and then summarize key aspects of risk and risk...

will investigate and then summarize key aspects of risk and risk management for acquisitions or procurements of cybersecurity products and services. The specific questions that your acquisition risk analysis will address are:

1.      What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaser of cybersecurity related products and/or services?

2.      Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and services? (That is, does the risk transfer from seller to buyer?)

3.      How can governance frameworks be used by both suppliers and purchasers of cybersecurity related products and services to mitigate risks?

 

For this assignment, your "purchaser" will be the same company that you researched in Project #2. You should reuse relevant information from your risk assessment and risk profile (especially your recommended security controls).

 

Begin by reviewing your selected company's needs or requirements for cybersecurity (this information should have been collected your earlier projects in this course). What information and/or business operations need to be protected? What are the likely sources of threats or attacks for each type of information or business operation? What technologies, products, or services did you identify and discuss in your risk management strategy / acquisition forecast?

 

Next, you will research how operational risk during the manufacturing, development, or service delivery processes can affect the security posture (integrity) of products and services listed in your acquisition forecast. You will then explore the problem of product liability and/or risk transference from supplier to purchaser as products or services are delivered, installed, and used. You will also need to examine the role that IT governance frameworks and standards can play in helping purchasers develop and implement risk mitigation strategies to compensate for potential risk transfer by suppliers.

 

Once you have completed your research and analysis, you will summarize your findings in an acquisition risk analysis for cybersecurity products and services. This analysis should be suitable for use by the company's senior managers in developing a company-wide risk management strategy for acquisition and procurement activities which could impact the company's cybersecurity posture.


5.      Research risks and/or vulnerabilities which could be introduced into a buyer's organization and/or IT operations through acquisition or purchase of cybersecurity products or services. Some suggested resources are:

a.      Hardware Security:

                                                              i.     http://www.brookings.edu/~/media/research/files/papers/2011/5/hardware-cybersecurity/05_hardware_cybersecurity.pdf

                                                            ii.     https://resources.infosecinstitute.com/hardware-attacks-backdoors-and-electronic-component-qualification/

b.      Software Security

                                                              i.     https://www.synopsys.com/blogs/software-security/software-security/

                                                            ii.     https://ezproxy.umgc.edu/login?url=http://search.ebscohost.com.ezproxy.umgc.edu/login.aspx?direct=true&db=heh&AN=61216498&site=eds-live&scope=site  

c.      Data Center Security

                                                              i.     https://www.forcepoint.com/cyber-edu/data-center-security

                                                            ii.     https://phoenixnap.com/blog/data-center-security

d.      Telecommunications Systems

                                                              i.     http://www.oracle.com/us/industries/communications/state-telecom-security-wp-3518256.pdf

                                                            ii.     https://www.fico.com/blogs/fraud-security/how-are-telecom-providers-managing-cybersecurity-risk/


6.      Identify five or more specific sources of operational risks, in a supplier's organization, which could adversely affect the security of cybersecurity products or services delivered to its customers. In addition to using information you relied on in your previous projects, consult the Software Engineering Institute's publication A Taxonomy of Operational Cyber Security Risks https://resources.sei.cmu.edu/asset_files/TechnicalNote/2010_004_001_15200.pdf

7.      Research the issue of product liability with respect to cybersecurity products and services. What is the current legal environment? Some suggested sources are:

a.      https://cdt.org/files/2018/04/2018-04-16-IoT-Strict-Products-Liability-FNL.pdf

b.      https://www.productliabilityadvocate.com/2018/12/internet-of-things-security-standards-will-states-follow-californias-lead-or-look-across-the-pond-for-further-guidance/#more-2266  

c.      https://www.travelers.com/resources/product-service-liability/5-steps-for-product-liability-risk-management   


1.      An introduction section which provides a brief overview of your selected company, its e-Commerce operations, and the acquisition forecast for the company's likely future needs and purchases for cybersecurity products and services. You should reuse information / narrative from projects 2 and 3. Your introduction section for this project should be no more than in length.

2.      A governance frameworks & standards section in which you discuss the role that standards and governance processes should play in reducing risk by ensuring that acquisitions or purchases of cybersecurity products and services meet the buyer's organization's security requirements (risk mitigation). 

3.      A Cybersecurity Industry & Supplier Overview section which provides a discussion of the likely sources (companies, vendors, consortiums, open source repositories, etc.) from which cybersecurity products and services can be acquired, licensed, or purchased. Your overview should briefly discuss the cybersecurity industry as a whole. Why does this industry exist? (Hint: buyers want to procure or acquire cybersecurity related products and services). How does this industry benefit society?

4.      An operational risks overview section in which you provide an overview of sources of operational risks which could affect suppliers of cybersecurity related products and services and, potentially, compromise the security of those products or services. Discuss the potential impact of such compromises upon buyers and the security of their organizations (risk transfer).

5.      A product liability section in which you provide a summary of the current legal environment as it pertains to product liability in the cybersecurity industry. Discuss the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services.

6.      A summary and conclusions section in which you present a summary of your findings including the reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services.

Computer Science Engineering & Technology Information Security
Answer & Explanation
Verified Solved by verified expert

Answered by tufsilkh12345

entesque dapibus efficitur

gue

Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec

gue

gue

gue

usce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar

Unlock full access to Course Hero

Explore over 16 million step-by-step answers from our library

Subscribe to view answer
Step-by-step explanation

ipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet

gue

gue

tesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie

gue

, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ult

gue

entesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce

gue

m risus ante, dapibus a

gue

, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit a

gue

sum dolor sit amet, con

gue

a. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam l

gue

facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec fac

gue

ipsum dolor sit amet, conse

gue

amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a

gue

entesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. L

gue

gue vel laoreet ac, dictum vitae odio. Donec aliqu

gue

m risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Done

ipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a

llentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie conseq

a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac,

gue

ipiscing elit.

gue

lestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus eff

gue

m risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacin

gue

itur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipi

gue

facilisis. Pellentesque

gue

trices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam

gue

s ante, dapibus a molestie

inia pulvinar tortor nec facilisis. Pellentesq

gue

ur laoreet. Nam risu

ac, dictum vitae odio. Donec a

at, ultrices a

gue

sum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus ef

consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentes

facilisis. Pellentesque dapibus efficitur laoreet. Nam ri

Student review
100% (1 rating)