Task:
Cyber management and policy professionals need to be able to identify software security vulnerabilities and communicate those vulnerabilities to nontechnical policy makers. Whether an organization purchases commercially available software or develops original applications, understanding the vulnerabilities is especially important. Upon completion of this project, you will evaluate relevant vulnerabilities, determine potential costs associated with these vulnerabilities, and recommend the best solution for an organization. You will also develop and present a software maintenance plan, taking into consideration the Supply Chain Risk Management (SCRM) framework. Finally, you will present the recommended solution to a nontechnical audience. This is the third of four sequential projects. There are thirteen steps in this project.
Step 1: Determine Relevant Supply Chain Risk Management (SCRM) Practices and Challenges
You begin your project with an investigation of supply chain risk management (SCRM). SCRM is the implementation of strategies to manage risks associated with the selection, installation, implementation and use of products with the goal of reducing vulnerabilities and assuring secure operations. It is important to understand SCRM in order to make informed decisions regarding the selection of products.
Review Supply chain risk management concepts and theories.
As you read about SCRM, document the following:
SCRM best practices—Identify best practices and successful implementation. Describe supply chain risk management practices and the software risk analysis process.
SCRM threats—List and describe supply-chain cybersecurity threats and the technologies and policies that can be used to mitigate the threats.
SCRM challenges—Determine the SCRM challenges in your organization given its business and culture and the concerns that John cited during your meeting. Evaluate the various approaches to developing secure code in a cost-effective manner in light of your organization’s Software Assurance needs and expectations, software assurance objectives, and software assurance coding and development plan. You will want to optimize the effectiveness of your software procurement by addressing early on your organization’s information security requirements and risk management in the supply chain germane to your workplace.
You will use this information throughout the project and to help you create the presentation slide deck.
Step 2: Presentation Slide Deck
Using the information that you obtained in Step 1, develop a slide deck with a minimum of six slides. John will include these slides in his final presentation to educate his audience on SCRM. These slides should identify the key concepts, considerations, and applicability of SCRM for your organization.
Step 3: Explore the Software Development Life Cycle (SDLC)
Now that you understand SCRM, you decide to complete a Software Development Life Cycle assessment. The Software development life cycle (SDLC) is a process used to develop, maintain, replace, and change software. The overall purpose of SDLC is to improve the quality of software through the development and implementation process. (Review Systems Software, Application Software, Software Interaction and Programming if you do not already have a working understanding of these topics.)
As part of your assessment, include the following information:
Note how various entities are currently utilizing SDLC to implement software.
Identify and take note of successful implementations, describing the results.
Identify software development methodologies for common software applications and cybersecurity standards organizations.
You will use the information that you gather during this step to complete your SDLC assessment.
Step 4: Identify Key Implementation Attributes
In Step 3, you explored SDLC, the ways other organizations are implementing it, and best practices. Now you are ready to guide your own organization through the process of developing software.
You start by considering the needs of your organization. Currently, the accounting month-end closing procedures involve extracting data from the accounting database into spreadsheets, running macros within the spreadsheets, uploading new data into the accounting database, and emailing generated spreadsheet reports and word processing memos. Brenda, the Director of Accounting Systems, would like this process automated without putting financial data at risk during or after the implementation. (Review Databases for operational data, Database Management Systems, and How a DBMS works if you do not already have a working understanding of these topics.)
Based on this needs analysis, you decide to focus on the SDLC maintenance phase:
Identify the factors key to successful maintenance and the implementation of this phase.
Identify potential obstacles to success and ways to anticipate and mitigate them.
You will use the information that you gather during this step to complete your SDLC assessment.
The post CMP610 Cyber Security Management And Policy appeared first on My Assignment Online.