User Account

All Pages

Acquisition risk analysis assignment

Assignment Help Computer Network Security
Reference no: EM132568738

CSIA 350 Cybersecurity in Business & Industry - University of Maryland Global Campus

Project : Acquisition Risk Analysis

Overview
For this project, you will investigate and then summarize key aspects of risk and risk management for acquisitions or procurements of cybersecurity products and services. The specific questions that your acquisition risk analysis will address are:

1. What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaserofcybersecurity related products and/or services?

2. Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and services? (That is, does the risk transfer from seller to buyer?)

3. How can governance frameworks be used by both suppliers and purchasers of cybersecurity related products and services to mitigate risks?

For this assignment, your "purchaser" will be the same company that you researched in Project #2. You should reuse relevant information from your risk assessment and risk profile (especially your recommended security controls).

Begin by reviewing your selected company's needs or requirements for cybersecurity (this information should have been collected your earlier projects in this course). What information and/or business operations need to be protected? What are the likely sources of threats or attacks for each type of information or business operation? What technologies, products, or services did you identify and discuss in your risk management strategy / acquisition forecast?

Next, you will research how operational risk during the manufacturing, development, or service delivery processes can affect the security posture (integrity) of products and services listed in your acquisition forecast. You will then explore the problem of product liability and/or risk transference from supplier to purchaser as products or services are delivered, installed, and used. You will also need to examine the role that IT governance frameworks and standards can play in helping purchasers develop and implement risk mitigation strategies to compensate for potential risk transfer by suppliers.

Once you have completed your research and analysis, you will summarize your findings in an acquisition risk analysis for cybersecurity products and services. This analysis should be suitable for use by the company's senior managers in developing a company-wide risk management strategy for acquisition and procurement activities which could impact the company's cybersecurity posture.

Research
1. Review your work for projects 1, 2, and 3.

2. Review your previous work as to the role of IT Governance standards in helping businesses identify and manage risks arising from the purchase of IT related products and services.

3. Review the course readings relating to the Cybersecurity industry and sources of products and services.

4. If you have not previously done so, identify three or more categories of cybersecurity products or services which your selected company is likely to purchase. Investigate the characteristics of these products / services. You should also identify possible vendors or sources from whom these can be purchased or acquired (e.g. open source software is acquired rather than bought or "purchased"). You should focus on products which can help reduce risks associated with e-Commerce and protection of customer information, protection of online ordering systems, etc.

5. Research risks and/or vulnerabilities which could be introduced into a buyer's organization and/or IT operations through acquisition or purchase of cybersecurity products or services.

6. Identify five or more specific sources of operational risks, in a supplier's organization, which could adversely affect the security of cybersecurity products or services delivered to its customers. In addition to using information you relied onin your previous projects, consult the Software Engineering Institute's publication A Taxonomy of Operational Cyber Security Risks

7. Research the issue of product liability with respect to cybersecurity products and services. What is the current legal environment?

Write

1. An introduction section which provides a brief overview of your selected company, its e-Commerce operations, and the acquisition forecast for the company's likely future needs and purchases for cybersecurity products and services. You should reuse information / narrative from projects 2 and 3. Your introduction section for this project should be no more than 1 page in length.

2. A governance frameworks & standards section in which you discuss the role that standards and governance processes should play in reducing risk by ensuring that acquisitions or purchases of cybersecurity products and services meet the buyer's organization's security requirements (risk mitigation).

3. A Cybersecurity Industry &Supplier Overviewsection which provides a discussion of the likely sources (companies, vendors, consortiums, open source repositories, etc.) from which cybersecurity products and services can be acquired, licensed, or purchased. Your overview should briefly discuss thecybersecurity industry as a whole. Why does this industry exist? (Hint: buyers want to procure or acquire cybersecurity related products and services). How does this industry benefit society?

4. An operationalrisks overview section in which you provide an overview of sources of operational risks which could affect suppliers of cybersecurity related products and services and, potentially, compromise the security of those products or services. Discuss the potential impact of such compromises upon buyers and the security of their organizations (risk transfer).

5. A product liability section in which you provide a summary of the current legal environment as it pertains to product liability in the cybersecurity industry. Discuss the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services.

6. A summary and conclusions section in which you present a summary of your findings including the reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services.

Attachment:- Acquisition Risk Analysis.rar

Reference no: EM132568738

Questions Cloud

Create a more positive classroom climate : What changes could been made to improve the discipline process and create a more positive classroom climate?
Implementation of a selected strategy : Develop and plan the implementation of a selected strategy for different organisational levels including for change management processes.
Calculate the issue price of the bonds : Calculate the issue price of these bonds if the market interest rate is 5%. AP Central College is about to issue $1 million of 10-year bonds that pay a 6%
Write detailed examination of right to life : Write detailed examination of "right to life". Make sure that you consider certain aspects of the right such as rights-holder, duty-bearer and state obligations
Acquisition risk analysis assignment : Project Acquisition Risk Analysis - What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaser of cybersecurity
What amount should vaughn report as total income : What amount should Vaughn report as total 2018 income tax expense? At December 31, 2017, Vaughn Inc. had a deferred tax asset of $27,700.
Which health care laws are still in practice : Which health care laws are still in practice? Why? What are the functions of a hospital? How have these functions evolved over the past twenty years?
Risk management strategy for an e-commerce company : Risk Management Strategy for an e-Commerce Company - identifying the selected company and providing an executive summary of the e-Commerce Risk Analysis
What is public interest theory and interest group theory : What is public interest theory and interest group theory? What is contractual and market based incentives? What is sensitivity and precision?

Reviews

Write a Review

Computer Network Security Questions & Answers

  Why do you think functional silos are not appropriate for

1. where are erp systems heading in the future? do you agree or disagree with the trends discussed in the chapter?

  Discuss the major components of a good security policy

Securing a network consists of much more than just installing the appropriate hardware and software. Discuss the major components of a good security policy.

  Biggest new technology

Question 1: What are some problems with not adding data integrity for your input strings? Example: If you are asking for an amount and when you can put in a letter. Question 2: What is one security issue that can take place with an interface? Expla..

  Explain the following in terms of ict - worms and malware

In about 300 words, explain the following in terms of ICT - Worms and Malware

  Perform an rsa encoding of the message

erform an RSA encoding of the message "3" using 7 for the public exponent, and n = p q = 11.13 = 143 for the public modulus.

  Create a comprehensive security policy for the company

Create a comprehensive security policy for the company that will Protect the company infrastructure and assets by applying the principals of CIA.

  Developing the corporate strategy for information security

Developing the Corporate Strategy for Information Security

  Create a three page policy for business continuity

Create a three page policy for business continuity for the White House security staff. Prepare a plan based on the critical nature of information that is presented within the executive department and military strategies that are reviewed for actio..

  Lab- vulnerability assessment

Lab: Vulnerability Assessment, Probably the most overlooked process in any type of security system is the vulnerability assessment. Vulnerability assessments are incredibly useful (and necessary) tools

  How would use address the troublesome trend

How can one protect against virus outbreaks in an organization? What are the common causes of this problems? How would use address this troublesome trend?

  Analyse and discuss common emerging threats and attacks

Analyse and discuss common emerging threats, attacks, mitigation and countermeasures in networked information systems

  What is the man-in-the-middle attack

What is the certificate? Please explain the meaning of CRL (certificate revocation list).

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd