Expert Answer:CSIA 350 UMUC Hamon Limited Acquisition Risk Analy

  

Solved by verified expert:For this project, you will investigate and then summarize key aspects of risk and risk management for acquisitions or procurements of cybersecurity products and services. The specific questions that your acquisition risk analysis will address are: What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaser of cybersecurity related products and/or services?Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and services? (That is, does the risk transfer from seller to buyer?)How can governance frameworks be used by both suppliers and purchasers of cybersecurity related products and services to mitigate risks?
csia_350_project_4___acquisition_risk_analysis___detailed_project_description_v1_1.docx

Unformatted Attachment Preview

Don't use plagiarized sources. Get Your Custom Essay on
Expert Answer:CSIA 350 UMUC Hamon Limited Acquisition Risk Analy
Just from $10/Page
Order Essay

CSIA 350: Cybersecurity in Business & Industry
Project #4: Acquisition Risk Analysis
Overview
For this project, you will investigate and then summarize key aspects of risk and risk management for
acquisitions or procurements of cybersecurity products and services. The specific questions that your
acquisition risk analysis will address are:
1. What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon
a purchaser of cybersecurity related products and/or services?
2. Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and
services? (That is, does the risk transfer from seller to buyer?)
3. How can governance frameworks be used by both suppliers and purchasers of cybersecurity
related products and services to mitigate risks?
For this assignment, your “purchaser” will be the same company that you researched in Project #2. You
should reuse relevant information from your risk assessment and risk profile (especially your
recommended security controls).
Begin by reviewing your selected company’s needs or requirements for cybersecurity (this information
should have been collected your earlier projects in this course). What information and/or business
operations need to be protected? What are the likely sources of threats or attacks for each type of
information or business operation? What technologies, products, or services did you identify and discuss
in your risk management strategy / acquisition forecast?
Next, you will research how operational risk during the manufacturing, development, or service delivery
processes can affect the security posture (integrity) of products and services listed in your acquisition
forecast. You will then explore the problem of product liability and/or risk transference from supplier to
purchaser as products or services are delivered, installed, and used. You will also need to examine the
role that IT governance frameworks and standards can play in helping purchasers develop and
implement risk mitigation strategies to compensate for potential risk transfer by suppliers.
Once you have completed your research and analysis, you will summarize your findings in an acquisition
risk analysis for cybersecurity products and services. This analysis should be suitable for use by the
company’s senior managers in developing a company-wide risk management strategy for acquisition
and procurement activities which could impact the company’s cybersecurity posture.
Research
1. Review your work for projects 1, 2, and 3.
2. Review your previous work as to the role of IT Governance standards in helping businesses
identify and manage risks arising from the purchase of IT related products and services.
Copyright © 2019 by University of Maryland University College. All rights reserved.
CSIA 350: Cybersecurity in Business & Industry
3. Review the course readings relating to the Cybersecurity industry and sources of products and
services.
4. If you have not previously done so, identify three or more categories of cybersecurity products
or services which your selected company is likely to purchase. Investigate the characteristics of
these products / services. You should also identify possible vendors or sources from whom these
can be purchased or acquired (e.g. open source software is acquired rather than bought or
“purchased”). You should focus on products which can help reduce risks associated with eCommerce and protection of customer information, protection of online ordering systems, etc.
5. Research risks and/or vulnerabilities which could be introduced into a buyer’s organization
and/or IT operations through acquisition or purchase of cybersecurity products or services.
Some suggested resources are:
a. Hardware Security:
i. http://www.brookings.edu/~/media/research/files/papers/2011/5/hardwarecybersecurity/05_hardware_cybersecurity.pdf
ii. http://resources.infosecinstitute.com/hardware-attacks-backdoors-andelectronic-component-qualification/
b. Software Security
i. https://www.synopsys.com/blogs/software-security/software-security/
ii. http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com.ezproxy.umuc
.edu/login.aspx?direct=true&db=heh&AN=61216498&site=eds-live&scope=site
c. Data Center Security
i. http://www.datacenterjournal.com/managing-data-center-security/
d. Telecommunications Systems
i. https://www.pwc.com/gx/en/communications/publications/communicationsreview/assets/cyber-telecom-security.pdf
6. Identify five or more specific sources of operational risks, in a supplier’s organization, which
could adversely affect the security of cybersecurity products or services delivered to its
customers. In addition to using information you relied on in your previous projects, consult the
Software Engineering Institute’s publication A Taxonomy of Operational Cyber Security Risks
http://resources.sei.cmu.edu/asset_files/TechnicalNote/2010_004_001_15200.pdf
7. Research the issue of product liability with respect to cybersecurity products and services. What
is the current legal environment? Some suggested sources are:
a. http://www.darkreading.com/vulnerabilities—threats/security-product-liabilityprotections-emerge/d/d-id/1320274
b. http://victorsheymov.com/2015/04/product-liability-the-unique-position-of-thecybersecurity-industry/
c. https://www.travelers.com/prepare-prevent/protect-your-business/product-servicesliability/product-liability-prevention.aspx
Write
1. An introduction section which provides a brief overview of your selected company, its eCommerce operations, and the acquisition forecast for the company’s likely future needs and
Copyright © 2019 by University of Maryland University College. All rights reserved.
2.
3.
4.
5.
6.
CSIA 350: Cybersecurity in Business & Industry
purchases for cybersecurity products and services. You should reuse information / narrative
from projects 2 and 3. Your introduction section for this project should be no more than 1 page
in length.
A governance frameworks & standards section in which you discuss the role that standards and
governance processes should play in reducing risk by ensuring that acquisitions or purchases of
cybersecurity products and services meet the buyer’s organization’s security requirements (risk
mitigation).
A Cybersecurity Industry & Supplier Overview section which provides a discussion of the likely
sources (companies, vendors, consortiums, open source repositories, etc.) from which
cybersecurity products and services can be acquired, licensed, or purchased. Your overview
should briefly discuss the cybersecurity industry as a whole. Why does this industry exist? (Hint:
buyers want to procure or acquire cybersecurity related products and services). How does this
industry benefit society?
An operational risks overview section in which you provide an overview of sources of
operational risks which could affect suppliers of cybersecurity related products and services and,
potentially, compromise the security of those products or services. Discuss the potential impact
of such compromises upon buyers and the security of their organizations (risk transfer).
A product liability section in which you provide a summary of the current legal environment as it
pertains to product liability in the cybersecurity industry. Discuss the potential impact upon
buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity
products or services.
A summary and conclusions section in which you present a summary of your findings including
the reasons why product liability (risk transfer) is a problem that must be addressed by both
suppliers and purchasers of cybersecurity related products and services.
Submit For Grading
Submit your work in MS Word format (.docx or .doc file) using the Project #4 Assignment in your
assignment folder. (Attach the file.)
Additional Information
1. Consult the grading rubric for specific content and formatting requirements for this assignment.
2. Your 7-10 page paper should be professional in appearance with consistent use of fonts, font
sizes, margins, etc. You should use headings and page breaks to organize your paper.
3. You may reuse portions of your Project #2 and 3 submissions and/or narrative from relevant
discussion papers completed for THIS section of this course (CSIA 350).
4. Your paper should use standard terms and definitions for cybersecurity. See Course Content >
Cybersecurity Concepts for recommended resources.
Copyright © 2019 by University of Maryland University College. All rights reserved.
CSIA 350: Cybersecurity in Business & Industry
5. The CSIA program recommends that you follow standard APA formatting since this will give you
a document that meets the “professional appearance” requirements. APA formatting guidelines
and examples are found under Course Resources > APA Resources. An APA template file (MS
Word format) has also been provided for your use
CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx.
6. You must include a cover page with the assignment title, your name, and the due date. Your
reference list must be on a separate page at the end of your file. These pages do not count
towards the assignment’s page count.
7. You are expected to write grammatically correct English in every assignment that you submit for
grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c)
verifying that your punctuation is correct and (d) reviewing your work for correct word usage
and correctly structured sentences and paragraphs.
8. You are expected to credit your sources using in-text citations and reference list entries. Both
your citations and your reference list entries must follow a consistent citation style (APA, MLA,
etc.).
Copyright © 2019 by University of Maryland University College. All rights reserved.

Purchase answer to see full
attachment

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 30% with the discount code ESSAYSHELP