Industry Profile Part 1: Acquisition & Procurement Risk in the Cybersecurity Industry For this paper, you will investigate and then summarize key aspects of risk and risk management for acquisitions or procurements of cybersecurity products and services. The specific questions that your industry profile will address are: What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaser of cybersecurity related products and/or services?Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and services? (That is, does the risk transfer from seller to buyer?)How can governance frameworks be used by both suppliers and purchasers of cybersecurity related products and services to mitigate risks? First, you will research how operational risk during the manufacturing, development, or service delivery processes can affect the security posture (integrity) of products and services. You will then explore the problem of product liability and/or risk transference from supplier to purchaser as products or services are delivered, installed, and used. You will then examine the role that IT governance frameworks and standards can play in helping purchasers develop and implement risk mitigation strategies to compensate for potential risk transfer by suppliers. Once you have completed your research and analysis, you will summarize your research in a risk profile. Research Research risks and/or vulnerabilities which could be introduced into a buyers organization and/or IT operations through acquisition or purchase of cybersecurity products or services. Some suggested resources are: Hardware Security: http://www.brookings.edu/~/media/research/files/papers/2011/5/hardware-cybersecurity/05_hardware_cybersecurity.pdfhttp://resources.infosecinstitute.com/hardware-attacks-backdoors-and-electronic-component-qualification/Software Securityhttps://buildsecurityin.us-cert.gov/https://www.bsimm.com/Data Center Securityhttp://www.datacenterjournal.com/managing-data-center-security/Telecommunications Systems https://www.pwc.com/gx/en/communications/publications/communications-review/assets/cyber-telecom-security.pdfIdentify five or more specific sources of operational risks, in a suppliers organization, which could adversely affect the security of cybersecurity products or services. In addition to using information you found under #1, consult the Software Engineering Institutes publication A Taxonomy of Operational Cyber Security Risks http://resources.sei.cmu.edu/asset_files/TechnicalNote/2010_004_001_15200.pdfResearch the issue of product liability with respect to cybersecurity products and services. What is the current legal environment? Some suggested sources are:http://www.darkreading.com/vulnerabilities—threats/security-product-liability-protections-emerge/d/d-id/1320274http://victorsheymov.com/2015/04/product-liability-the-unique-position-of-the-cybersecurity-industry/https://www.travelers.com/prepare-prevent/protect-your-business/product-services-liability/product-liability-prevention.aspxResearch the role of IT Governance standards in helping organizations identify and manage risks arising from the purchase of IT related products and services. Begin by looking at the following:COBIT®: AI5 Procure IT ResourcesITIL® Supplier Management SD 4ISO/IEC 27002 Section 15: Supplier Relationship Management15.1 Establish security agreements with suppliers 15.2 Manage supplier security and service delivery Write An introduction section which provides a brief overview of the cybersecurity industry as a whole. Why does this industry exist? (Hint: buyers want to procure or acquire cybersecurity related products and services). How does this industry benefit society? Address the sources of demand for cybersecurity products and services. An operational risks overview section in which you provide an overview of sources of operational risks which could affect suppliers of cybersecurity related products and services and, potentially, compromise the security of those products or services. Discuss the potential impact of such compromises upon buyers and the security of their organizations (risk transfer).A product liability section in which you provide a summary of the current legal environment as it pertains to product liability in the cybersecurity industry. Discuss the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services.A governance frameworks & standards section in which you discuss the role that standards and governance processes should play in ensuring that acquisitions or purchases of cybersecurity products and services meet the buyers organizations security requirements (risk mitigation). A summary and conclusions section in which you present a summary of your findings including the reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services. Your five to eight page paper is to be prepared using basic APA formatting (including title page and reference list) and submitted as an MS Word attachment to the Industry Profile Part 1: Acquisition & Procurement Risk entry in your assignments folder. See the sample paper and paper template provided in Course Resources > APA Resources for formatting examples. Consult the grading rubric for specific content and formatting requirements for this assignment. THESE MUST BE METINTRODUCTION Provided an excellent overview of the cybersecurity industry as a whole.Provided an outstanding integration of standard cybersecurity terminology into the case study.APA formatting for citations and reference listAppropriately used information from 3 or more authoritative sources for this section.OPERATIONAL RISKS (SUPPLIERS)Provided an excellent overview of the operational risks and sources of operational risks which could affect suppliers of cybersecurity related products and services.Addressed the potential impacts on products & services (compromised security). Discussed the potential impact of such compromises upon buyers and the security of buyers’ organizations (risk transfer).Appropriately used information from 3 or more authoritative sources for this sectionPRODUCT LIABILITY IN THE CYBERSECURITY INDUSTRYProvided an excellent discussion of product liability in the cybersecurity industry. Summarized the current legal environment and discussed the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services. Appropriately used information from 3 or more authoritative sources.GOVERNANCE FRAMEWORKSProvided an excellent discussion of the role that standards and governance processes should play in ensuring that acquisitions and procurements (purchases) of cybersecurity products and services meet the buyers security requirements. Discussed specific governance process examples from COBIT®, ITIL®, and ISO/IEC 27002. Appropriately used information from 3 or more authoritative sources.SUMMARY AND CONCLUSIONSProvided an excellent summary and conclusions section which presented a summary of findingsincluding 3 or more reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more