Describe cybersecurity implications related to the procurement process.
System Development or Application Assurance Transcript
Your vulnerability assessment has been completed, and it’s a good thing, because you found several system weaknesses in the area of application software security.
If these weaknesses were exploited, it could ruin your company’s reputation — not to mention causing major disruptions to operations and unexpected costs.
You plan on following up on these issues this afternoon, but it’s about lunchtime, so you head out for a quick bite to eat.
You pass by Maria Sosa’s office and see her at her desk. You knock on her door frame, peek inside, and ask if she has a minute.
Maria motions to you: “Come on in. What brings you to my office?”
You give her a high-level overview of your findings, and tell her that after lunch, you plan to start taking an even closer look.
Maria says, “That sounds great. Can you write up your analysis and recommendations for solutions? I’d like to share this with important stakeholders at the executive meeting next week. How does that sound?”
You nod in agreement.
Then you make a beeline back to your office and grab an energy bar from your desk. You need to prepare for your presentation for the meeting next week.
Project 4 Start Here
It is critical that cybersecurity professionals be able to use all applicable systems, tools, and concepts to minimize risks to an organization’s cyberspace and prevent cybersecurity incidents. In this project, you will demonstrate your understanding of how to apply security principles, methods, and tools within the software development life cycle. You will also apply your knowledge of the cybersecurity implications related to procurement and supply chain risk management.
This is the fourth and final project for this course. There are 13 steps in this project. Begin below to review your project scenario.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
1.5: Use sentence structure appropriate to the task, message and audience.
2.4: Consider and analyze information in context to the issue or problem.
9.4: Demonstrate secure principles, methods, and tools used in the software development life cycle.
9.5: Describe the cybersecurity implications related to procurement and supply chain risk management.
Step 1: Assess Software Vulnerabilities
Project 1 outlined the steps involved to produce a final vulnerability assessment and Project 2 covered risk analysis & mitigation. Those assessment were across the entire enterprise and included numerous elements outside the realm of systems and technology. However, they did uncover opportunities for improvement in the application software processes.
For this step, return to the vulnerability assessment from Project 1 and focus on all areas of application software that were itemized. Give additional thought to uncover software that perhaps did not make the list or were assumed to be secure and simply overlooked.
The assignment is to create a more comprehensive list of application software that could place the enterprise at risk of a breach, loss of data, loss of production, and/or loss of brand confidence.
The assessment should include the application of secure principles, development models such as the maturity model or integrated product and process development (IPPD), software development methods, libraries & toolsets used in the software development life cycle or systems development life cycle.
Use the Software Vulnerability Assessment Template to submit your results for feedback. In the next step, you will review your organization’s software procurement policy.
Step 2: Review Software Procurement Policy
Upon completion of the software specific vulnerability assessment, conduct a review of the organization’s software procurement policies for software development methods.
Note that there is no submitted assignment for this step. Your review will be used in the submission for the following steps.
When the review is complete, move to the next step, where you will create a table or spreadsheet that lists recommended policies for software procurement that address certain questions or concerns.
Step 3: Create a Software Procurement Policy List
You’ve reviewed the organization’s policies for software development methods. Now it’s time to create a policy list for software procurement. The following are some sample questions to be included in a software procurement policy:
Does the vendor provide any cybersecurity certifications with the product?
Does the vendor provide access to the source code for the product? Are there other security issues in source code to be addressed?
What is the guaranteed frequency of security updates to be provided for the product?
What is the implementation process for software updates/upgrades?
What are additional questions or concerns that should be included in the procurement process? Create a table or spreadsheet that lists recommended policies to properly address these questions or concerns.
Use the Procurement Policy Template to list the cybersecurity implications related to procurement and supply chain risk management and submit your results for feedback. In the next step, you will generate assurances or controls to address each of the policy issues identified here.
Step 4: Document Relevant Software Acceptance Policies
Now that the procurement policies have been identified in the previous step, what assurances or controls should be established as policy that would evaluate the security implications during the software acceptance process? The objective is to provide a one-page overview of security testing that would be included in the acceptance of a vendor’s application.
The next step in this project will document the actual testing and validation. This step is simply to verify the congruence between the procurement process and acceptance process. In other words, do the procurement policies establish the correct cyber security framework for software purchase and do the acceptance policies match?
In considering the security implications of the in the software acceptance phase of the development cycle, use the Software Acceptance Policy Template to document recommended tests and assurances for the procurement policies identified in the previous steps.
Submit your results below for feedback. In the next step, you will research software testing and validation.
Step 5: Research Software Testing and Validation Procedures
Based on the software acceptance policies created in the previous step, consider what testing and validation procedures could be used to assure compliance.
Note that there is no submitted assignment for this step. You will submit the final list of recommended testing and validation procedures in the next step.
Step 6: Document Software Testing and Validation Procedures
You’ve completed the research, and it is now time to create testing and validation procedures that follow a specific process to assure compliance. The key to the success of this step is to document exact procedures to be followed by a testing team prior to installation.
At a minimum, the procedures should address the following questions:
What are potential vulnerabilities inherent in the application platform?
How well does the vendor document preventive measures built into the application?
Are there alternative solutions provided by the vendor or in the application in case of a breach?
What additional safeguards can be added to ensure the security of the software environment?
The testing and validation procedures should address each of these concerns.
The executive team will want to see specific steps for the testing team to follow as the team members complete the tests and assurances you recommended in the previous step.
Document your specific testing and validation recommendations from a cybersecurity policy standpoint in the Test Script Procedures Template and submit for feedback. In the next step, you will consider procedures for upgrading software.
Step 8: Review Supply Chain Risks
Following the previous steps relative to the supply chain and previous projects, it is time to thoroughly review risk within the supply chain.
Like many companies, your organization is dependent on a supply chain, so the software development process must include a supply chain risk management (SCRM) plan to minimize the impact of supply chain-related risks on business operations and the security of the infrastructures and data.
Note that there is no submitted assignment for this step. The identified supply chain risks will be reported in the next step.
Step 9: Document Supply Chain Risks
After review, it’s time to document supply chain risks. This portion of the overall report requires a two- to three-page narrative that addresses the following supply chain concerns:
Describe cybersecurity implications related to the procurement process.
Provide recommendations that would address these concerns.
Include appropriate supply chain risk management practices.
Where appropriate, cite references to support the assertions in the recommendations and conclusion.
Submit your report on supply chain concerns here for feedback. Then, move to the next step, in which you will consider how the procedures of acquisition, procurement, and outsourcing line up in the organization.
Step 10: Consider Alignment Issues
Based on the review and recommendations on the supply chain described in the previous step, consider how well the policies and procedures regarding the acquisition, procurement, and outsourcing of software in your organization are aligned.
Outline a strategic approach to getting all the functions in alignment. There is no submission for this step. The alignment recommendations will be submitted in the next step.
Step
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.