WK7 Project 5 CSIA
CSIA 350: Cybersecurity in Business and Industry
Project #5: Supply Chain Risk Analysis
For this project, you will research and report upon the problem of Supply Chain Risk as it pertains to the cybersecurity industry. To begin, you will need to explore through the readings the concepts of global supply chains and global cooperation for cross-border trade in goods and services. Then, you will need to investigate due diligence and other business processes / strategies which can be used to mitigate the impacts of supply chain risk for companies who produce and sell cybersecurity related products and services.
1. Global Supply Chain Risks affecting the Cybersecurity Industry. Here are some suggested resources to get you started:
a. Cyber Security Risks in Industrial Supply Chains http://www.securityweek.com/cyber-security-risks-industrial-supply-chains
b. Political Risk and the Supply Chain http://www.rmmagazine.com/2014/06/01/political-risk-and-the-supply-chain/
c. Top 5 Supply Chain Risk Factors https://www.industryweek.com/environment/top-five-supply-chain-risk-factors
d. Securing the Supply Chain: Cybersecurity and the Digital Supply Chain https://www.lmi.org/blog/securing-supply-chain-cybersecurity-and-digital-supply-chain
e. Cyber Supply Chain Best Practices https://csrc.nist.gov/CSRC/media/Projects/Supply-Chain-Risk-Management/documents/briefings/Workshop-Brief-on-Cyber-Supply-Chain-Best-Practices.pdf
f. What is a supply chain attack? https://www.csoonline.com/article/3191947/data-breach/what-is-a-supply-chain-attack-why-you-should-be-wary-of-third-party-providers.html
g. Information and Communications Technology Supply Chain Risk Management (ICT SCRM) https://csrc.nist.gov/CSRC/media/Projects/Supply-Chain-Risk-Managements/documents/nist_ict-scrm_fact-sheet.pdf
2. Read the following articles / documents which focus on international cooperation and capacity building for cybersecurity:
d. https://www.itu.int/en/action/cybersecurity/Documents/gca-chairman-report.pdf (from 2007 but helpful for historical perspective)
3. Investigate due diligence as it applies to the purchase of components or services from vendors. Answer the question: how can due diligence processes help a company manage supply chain risks? Here are some suggested resources:
a. http://blogs.wsj.com/cio/2014/03/21/going-beyond-due-diligence-to-monitor-vendor-cybersecurity/ (Click close-box on subscription pop-up)
4. Research best practices and recommended strategies and approaches for managing global supply chain risk
a. Best Practices in Cyber Security Supply Chain Risk Management https://csrc.nist.gov/CSRC/media/Projects/Supply-Chain-Risk-Management/documents/case_studies/USRP_NIST_Exelon_102215_05.pdf
b. Supply Chain Cybersecurity: Experts on How to Mitigate Third Party Risk https://digitalguardian.com/blog/supply-chain-cybersecurity
c. 5 Cybersecurity Best Practices for your Supply Chain Ecosystem https://supply-chain.cioreview.com/cxoinsight/5-cybersecurity-best-practices-for-your-supply-chain-ecosystem-nid-14195-cid-78.html
1. An introduction which addresses the reasons why cooperation on a global basis is required to address cybersecurity related risks in global supply chains for products and services. Your introduction should include a brief overview of the problem of supply chain risk as it pertains to the cybersecurity industry.
2. A supply chain risks section in which you identify and describe 5 or more specific sources of supply chain risk which impact cybersecurity related products and services.
3. A due diligence section in which you address the use of diligence processes (investigating suppliers before entering into contracts) as a supply chain risk management strategy. Include 5 or more cybersecurity related questions which should be asked of suppliers during the due diligence process. This section should include discussion of political, economic, and social factors which impact management of supply chain risk.
4. A best practices section in which you address 5 or more best practices for managing global supply chain risks in the cybersecurity industry. You must also provide an evaluation of the expected benefits from implementing each of these practices.
5. A summary and conclusions section in which you present an overall picture of the supply chain risk problem in the cybersecurity industry and best practices for managing supply chain risks.
Submit For Grading
Submit your work in MS Word format (.docx or .doc file) using the Project 5 Assignment in your assignment folder. (Attach the file.)
1. Consult the grading rubric for specific content and formatting requirements for this assignment.
2. Your 5-8 page paper should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper.
3. Your paper should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts for recommended resources.
4. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx.
5. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.
6. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
7. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).
WK7 Project 5 CSIA