Industry Profile: Acquisition & Procurement Risk in the Cybersecurity Industry
ASSIGNMENT NEEDED:
Write An introduction section which provides a brief overview of the cybersecurity industry as a whole.
The introduction must be approximately 1 page, in 12 point font, double spaced and answer/include the following:
1. Address the sources of demand for cybersecurity products and services.
2. Provide an excellent overview of the cybersecurity industry as a whole.
3. Answer the questions: (a) why does this industry exist? And (b) how does this industry benefit society?
4. Address sources of demand for cybersecurity products and services.
5. Appropriately use information from 3 or more authoritative sources.
**NOTE THE INTRODUCTION ABOVE IS THE ONLY PART I NEED DONE AS THIS IS A GROUP PROJECT**
The information below is provided as reference for the assignment.
First, you will research how operational risk during the manufacturing, development, or service delivery processes can affect the security posture (integrity) of products and services. You will then explore the problem of product liability and/or risk transference from supplier to purchaser as products or services are delivered, installed, and used. You will then examine the role that IT governance frameworks and standards can play in helping purchasers develop and implement risk mitigation strategies to compensate for potential risk transfer by suppliers. Once you have completed your research and analysis, you will summarize your research in a risk profile.
Research
1. Research risks and/or vulnerabilities which could be introduced into a buyer’s organization and/or IT operations through acquisition or purchase of cybersecurity products or services. Some suggested resources are:
a. Hardware Security:
i. http://www.brookings.edu/~/media/research/files/papers/2011/5/hardware-cybersecurity/05_hardware_cybersecurity.pdf
ii. http://resources.infosecinstitute.com/hardware-attacks-backdoors-and-electronic-component-qualification/
b. Software Security
i. https://buildsecurityin.us-cert.gov/
ii. https://www.bsimm.com/
c. Data Center Security
i. http://www.datacenterjournal.com/managing-data-center-security/
d. Telecommunications Systems
i. https://www.pwc.com/gx/en/communications/publications/communications-review/assets/cyber-telecom-security.pdf
2. Identify five or more specific sources of operational risks, in a supplier’s organization, which could adversely affect the security of cybersecurity products or services. In addition to using information you found under #1, consult the Software Engineering Institute’s publication A Taxonomy of Operational Cyber Security Risks http://resources.sei.cmu.edu/asset_files/TechnicalNote/2010_004_001_15200.pdf
3. Research the issue of product liability with respect to cybersecurity products and services. What is the current legal environment? Some suggested sources are:
a. http://www.darkreading.com/vulnerabilities—threats/security-product-liability-protections-emerge/d/d-id/1320274
b. http://victorsheymov.com/2015/04/product-liability-the-unique-position-of-the-cybersecurity-industry/
c. https://www.travelers.com/prepare-prevent/protect-your-business/product-services-liability/product-liability-prevention.aspx
4. Research the role of IT Governance standards in helping organizations identify and manage risks arising from the purchase of IT related products and services. Begin by looking at the following:
a. COBIT®: AI5 Procure IT Resources
b. ITIL® Supplier Management SD 4
c. ISO/IEC 27002 Section 15: Supplier Relationship Management
i. 15.1 Establish security agreements with suppliers
ii. 15.2 Manage supplier security and service delivery
5.