Supply chain risk management practices and the software risk analysis process
Most companies and agencies implement security models to protect the confidentiality, integrity, and availability (CIA) of information and data. As security vulnerabilities and threats continue to evolve, security systems need to adapt to effectively protect data and systems. In this project, you will evaluate existing security models and their attributes and ultimately recommend a custom security plan to your assigned organization. You will also evaluate the pros and cons of implementing particular model attributes based on the type of organization and employees in relation to CIA. Upon completion of this project, you will have written a report on the importance of security models in organizations like yours and identified the vulnerabilities of your organization. This is the first of four sequential projects. There are 14 steps in this project. Begin by reviewing the project scenario, then proceed to Step 1.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
- 5.1: Define and appropriately use basic cybersecurity concepts and terminology.
- 6.2: Create an information security program and strategy, and maintain their alignment.
- 7.3: Evaluate enterprise cybersecurity policy.
- 9.2: Rank the vulnerabilities of a system from a disaster-management perspective.
Cyber management and policy professionals need to be able to identify software security vulnerabilities and communicate those vulnerabilities to nontechnical policy makers. Whether an organization purchases commercially available software or develops original applications, understanding the vulnerabilities is especially important. Upon completion of this project, you will evaluate relevant vulnerabilities, determine potential costs associated with these vulnerabilities, and recommend the best solution for an organization. You will also develop and present a software maintenance plan, taking into consideration the Supply Chain Risk Management (SCRM) framework. Finally, you will present the recommended solution to a nontechnical audience. This is the third of four sequential projects. There are thirteen steps in this project. Begin by reviewing your project scenario, then proceed to Step 1.
Step 1: Determine Relevant Supply Chain Risk Management (SCRM) Practices and Challenges
You begin your project with an investigation of supply chain risk management (SCRM). SCRM is the implementation of strategies to manage risks associated with the selection, installation, implementation and use of products with the goal of reducing vulnerabilities and assuring secure operations. It is important to understand SCRM in order to make informed decisions regarding the selection of products.
Review Supply chain risk management concepts and theories.
As you read about SCRM, document the following:
- SCRM best practices—Identify best practices and successful implementation. Describe supply chain risk management practices and the software risk analysis process.
- SCRM threats—List and describe supply-chain cybersecurity threats and the technologies and policies that can be used to mitigate the threats.
- SCRM challenges—Determine the SCRM challenges in your organization given its business and culture and the concerns that John cited during your meeting. Evaluate the various approaches to developing secure code in a cost-effective manner in light of your organization’s Software Assurance needs and expectations, software assurance objectives, and software assurance coding and development plan. You will want to optimize the effectiveness of your software procurement by addressing early on your organization’s information security requirements and risk management in the supply chain germane to your workplace.
You will use this information throughout the project and to help you create the presentation slide deck.
Step 2: Presentation Slide Deck
Using the information that you obtained in Step 1, develop a slide deck with a minimum of six slides. John will include these slides in his final presentation to educate his audience on SCRM. These slides should identify the key concepts, considerations, and applicability of SCRM for your organization.