Project 3: Software Weaknesses
Step 1: Determine Relevant Supply Chain Risk Management (SCRM) Practices and Challenges
You will begin your project with an investigation of supply chain risk management (SCRM). SCRM is the implementation of strategies to manage risks associated with the selection, installation, implementation and use of products with the goal of reducing vulnerabilities and assuring secure operations. It is important to understand SCRM in order to make informed decisions regarding the selection of products.
Review supply chain risk management concepts and theories.
Supply Chain Risk Management
Supply chain risk management (SCRM) is the process by which risks associated with the acquisition and provisioning of components (e.g., hardware, software, infrastructure) are regularly reviewed and addressed. Such efforts are applied in order to minimize the impact of risks on business operations and the security of the infrastructures and data.
SCRM acknowledges that the origin of system components cannot always be controlled and that as such, vulnerabilities can occur that threaten the security of the system. Such vulnerabilities in the supply chain can occur naturally (i.e., as a result of changes in technology or use cases) or intentionally (i.e., due to the intent to create weaknesses to enable exploitation).
All organizations that are dependent on a supply chain must consider the need for resilience and build processes that assure continued business operations even in spite of malicious acts.
As you read about SCRM, document the following:
- SCRM best practices—Identify best practices and successful implementation. Describe supply chain risk management practices and the
software risk analysis process. (The process by which software is evaluated to determine if it poses any risks to its users is known as a software risk analysis process. Such a process evaluates the life cycle of software from design to end of life to ensure that the code performs only the functions intended. These efforts also includes searching for any hidden and/or unauthorized processes that would affect the functions intended to be performed as well as any other operations in the system.) - SCRM threats—List and describe supply-chain cybersecurity threats and the technologies and policies that can be used to mitigate the threats.
- SCRM challenges—Determine the SCRM challenges in your organization given its business and culture and the concerns that John cited during your meeting. Evaluate the various approaches to developing secure code in a cost-effective manner in light of your organization’s software assurance needs and expectations, software assurance objectives, and software assurance coding and development plan. You will want to optimize the effectiveness of your software procurement by addressing early your organization’s information security requirements and risk management in the supply chain germane to your workplace.
You will use this information throughout the project and to help you create the presentation slide deck.
Step 2: Create Presentation Slide Deck
Using the information that you obtained on supply chain risk management (SCRM), develop a slide deck with a minimum of six slides. John will include these slides in his final presentation to educate his audience on SCRM. These slides should identify the key concepts, considerations, and applicability of SCRM for your organization.
The 6 slides containing key concepts, considerations and applicability of SCRM. Be sure to describe : Definitions, threats to your organization (CAPITAL ONE), Mitigation of those threats.
0 comments