Project #5: Supply Chain Risk Analysis
For this project, you will research and report upon the problem of Supply Chain Risk as it pertains to the cybersecurity industry. To begin, you will need to explore through the readings the concepts of global supply chains and global cooperation for cross-border trade in goods and services. Then, you will need to investigate due diligence and other business processes / strategies which can be used to mitigate the impacts of supply chain risk for companies who produce and sell cybersecurity related products and services.
Research
1. Global Supply Chain Risks affecting the Cybersecurity Industry. Here are some suggested resources to get you started:
a. https://www.supplychaindigital.com/technology/supply-chain-remains-weakest-link-cybersecurity
b. https://www.lexisnexis.com/en-us/products/entity-insight/political-risk-and-its-impact-on-supply-chain.page
c. https://www.cshub.com/attacks/articles/cyber-attacks-top-list-of-risks-impacting-supply-chain
d. https://www.lmi.org/blog/securing-supply-chain-cybersecurity-and-digital-supply-chain
e. Information and Communications Technology Supply Chain Risk Management (ICT SCRM) https://csrc.nist.gov/CSRC/media/Projects/Supply-Chain-Risk-Managements/documents/nist_ict-scrm_fact-sheet.pdf
2. Read the following articles / documents which focus on international cooperation and capacity building for cybersecurity:
a. https://www.cfr.org/report/increasing-international-cooperation-cybersecurity-and-adapting-cyber-norms
b. https://www.weforum.org/agenda/2015/09/what-cybersecurity-means-for-global-trade/
c. https://eeas.europa.eu/sites/eeas/files/joint_communication_increasing_resilience_and_bolstering_capabilities_to_address_hybrid_threats.pdf
3. Investigate due diligence as it applies to the purchase of components or services from vendors. Answer the question: how can due diligence processes help a company manage supply chain risks? Here are some suggested resources:
a. https://www.microsoft.com/en-us/trustcenter/Compliance/Due-Diligence-Checklist# (download to your computer then open document to read/review the checklist)
b. https://www.lexisnexis.com/en-us/products/lexis-diligence/ctr/9-steps-to-effective-third-party-due-diligence.page
4. Research best practices and recommended strategies and approaches for managing global supply chain risk
a. Best Practices in Cyber Security Supply Chain Risk Management https://csrc.nist.gov/CSRC/media/Projects/Supply-Chain-Risk-Management/documents/case_studies/USRP_NIST_Exelon_102215_05.pdf
b. Supply Chain Cybersecurity: Experts on How to Mitigate Third Party Risk https://digitalguardian.com/blog/supply-chain-cybersecurity
c. 5 Cybersecurity Best Practices for your Supply Chain Ecosystem https://supply-chain.cioreview.com/cxoinsight/5-cybersecurity-best-practices-for-your-supply-chain-ecosystem-nid-14195-cid-78.html
Write
1. An introduction which addresses the reasons why cooperation on a global basis is required to address cybersecurity related risks in global supply chains for products and services. Your introduction should include a brief overview of the problem of supply chain risk as it pertains to the cybersecurity industry.
2. A supply chain risks section in which you identify and describe 5 or more specific sources of supply chain risk which impact cybersecurity related products and services.
3. A due diligence section in which you address the use of diligence processes (investigating suppliers before entering into contracts) as a supply chain risk management strategy. Include 5 or more cybersecurity related questions which should be asked of suppliers during the due diligence process. This section should include discussion of political, economic, and social factors which impact management of supply chain risk.
4. A best practices section in which you address 5 or more best practices for managing global supply chain risks in the cybersecurity industry. You must also provide an evaluation of the expected benefits from implementing each of these practices.
5. A summary and conclusions section in which you present an overall picture of the supply chain risk problem in the cybersecurity industry and best practices for managing supply chain risks.
Submit For Grading
Submit your work in MS Word format (.docx or .doc file) using the Project 5 Assignment in your assignment folder. (Attach the file.)
Additional Information
1. Consult the grading rubric for specific content and formatting requirements for this assignment.
2. Your 5-8 page paper should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper.
3. Your paper should use standard terms and definitions for cybersecurity.
4. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx.
5. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.
6. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
7. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).
Rubric
Introduction
10 points
Provided an excellent overview of the problem of supply chain risk as it pertains to the cybersecurity industry. Appropriately used information from 3 or more authoritative sources.
Supply Chain Risks
20 points
Provided an excellent discussion of specific aspects of supply chain risks in the cybersecurity industry. Identified and discussed 5 or more specific examples of supply chain risk that have or will impact cybersecurity products and services. Appropriately used and cited information from 3 or more authoritative sources.
Due Diligence for Procurement & Acquisition
15 points
Provided an excellent discussion of due diligence as a risk management strategy for acquisitions and procurements of cybersecurity products and services. Addressed requirements to investigate suppliers prior to entering into contracts for products or services. Provided 5 or more examples of cybersecurity related questions that should be asked during the due diligence process. Appropriately used information from 3 or more authoritative sources.
Best Practices for Managing Global Supply Chain Risks
15 points
Provided an excellent discussion of the role that best practices should play in addressing global supply chain risks for cybersecurity products and services. Provided 5 or more examples of best practice recommendations and an evaluation of the expected benefits from implementing each of these practices. Appropriately used information from 3 or more authoritative sources.
Summary and Conclusions
10 points
Provided an excellent summary and conclusions section which presented a summary of findings including 3 or more reasons why global supply chain risk is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services.
Addressed security issues using standard cybersecurity terminology
5 points
Demonstrated excellence in the use of standard cybersecurity terminology to support discussion of the security issues. Appropriately used 5 or more standard terms.
Professionalism Part 1: Consistent Use and Formatting for Citations and Reference List
5 points
Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. Reference list entries and in-text citations are consistently and correctly formatted using an appropriate citation style (APA, MLA, etc.).
Professionalism Part 2: Organization & Appearance
5 points
Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.
Professionalism Part 3: Execution
15 points
No formatting, grammar, spelling, or punctuation errors.