Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

Project 1

Follow the attach instructions to complete this work.

Project #1: Supply Chain Risk Analysis

Overview

For this project, you will write a research-based report on Cyber and IT supply chain risks which the client company, Sifers-Grayson must be aware of. This report will be presented to the company’s executive leadership to help them understand the overall problem of Cyber and IT supply chain risk. This problem has been raised to the attention of the company’s executive leadership by two influential customers — the US Department of Defense and US Department of Homeland Security. These two customers have raised concerns about the company’s preparedness to address and mitigate cybersecurity risks which could result from supply chain attacks. In their letter to Sifers-Grayson, these customers asked the company “what are you doing to prevent supply chain attacks?”

Background

Nofsinger consultants met with the government officials and learned that they were concerned about managing the risks from attacks such as the 2020 Solar Winds attacks and longstanding trojans/backdoor attacks in network hardware (e.g. Huawei routers) and computer system components. The Solar Winds attack compromised the software update mechanisms for a widely used set of network management tools (Korolov, 2021). Supply chain attacks which compromise hardware components purchased from non US sources are also of concern.

Nofsinger consultants also analyzed the internal business processes involved in the engineering supply chain for client Sifers-Grayson. They have learned that, when a Sifers-Grayson engineer needs parts to build a robot or drone, the engineer will place an internal order from the company’s parts stockroom. If the stockroom does not have the part immediately available, an employee will place an order with an approved vendor. These vendors are equipment resellers who purchase components from a number of manufacturers and suppliers. The company also makes purchases of components for some systems via e-Commerce websites and has encountered supply chain issues as a result of using these systems to purchase common components such as CPU chips, memory chips, programmable control chips, power supplies, graphics cards, network interface cards, and mass storage devices. Some may be brand-name components while other, less expensive products, are made by companies who are less well known. They also learned that Sifers-Grayson does not have a controlled process for testing software updates prior to the updates being installed on computer systems in the company’s R&D labs.

Finally, the consultants learned through interviews that, at times, there are supply chain shortages which may result in a reseller substituting generic products for brand name products. The consultants informed Sifers-Grayson that such substitutions can increase risks associated with purchasing products from third parties whose reputations are unknown or less well established. The company responded that it has a quality assurance process which checks purchased parts for physical damage or lack of functionality. The consultants believe that this process can be improved to reduce the likelihood of an undetected supply chain attack (e.g. malware loaded onto a USB or SSID mass storage device, programmable control chip, etc.).

Your Task

Your task is to build upon the business analysis previously conducted by the Nofsinger consultants (see overview section in this file). You must research the problems of hardware and software supply chain attacks and then write a research-based report for Sifers-Grayson executives which will provide them with information they can use to evaluate proposed solutions for addressing the identified supply chain risks. Use the authoritative sources provided below (under “Research”) to start your investigation into the issues. Then, follow the required outline (See “Write” in this file) to organize and write your report. You must paraphrase information from your authoritative sources and provide appropriate citations which identify your sources so that readers can
fact check your work.

Research

1. Research Cyber Supply Chain Risks affecting industry in general. Here are some suggested resources to get you started:

a.

b.

c.

d. Information and Communications Technology Supply Chain Risk Management (ICT SCRM)

e. Key Practices in Cyber Supply Chain Risk Management: Observations from Industry (NISTIR 8276)

2. Research Hardware Supply Chain Attacks including trojans/backdoors in commercial network hardware

a.

b.

c.

3. Research Software Supply Chain Attacks including the Solar Winds Attack

a.

b.

c.

d.

4. Research best practices and recommended strategies and approaches for managing Cyber and IT supply chain risks

a.
Best Practices in Cyber Security Supply Chain Risk Management



b. Supply Chain Cybersecurity: Experts on How to Mitigate Third Party Risk

c. 5 Cybersecurity Best Practices for your Supply Chain Ecosystem

Write

1.
An introduction which addresses the problem of Cyber and IT supply chain security. Your introduction should clearly explain what a supply chain is and why it is important to a manufacturing firm like Sifers-Grayson.

2.
A section on Cyber and IT
supply chain risks
 in which you identify and describe specific sources of cyber or IT supply chain risk which could impact Sifers-Grayson’s operations and its products and services. Begin this section with an overview followed by the two required sub-sections. You should have at least 3 hardware supply chain related risks and 3 software supply chain related risks (six or more total risks).

a.
Use a sub-section to address 3 or more risks of attacks which could impact hardware components used in manufacturing robots and drones (focus on components obtained from third-parties and vendors via the hardware supply chain). You should also address the networks and computers used in the manufacturing facility (which are also obtained via the hardware supply chain).

b.
Use a sub-section to address 3 or more risks of attacks against the software supply chain (e.g. attacks against the software supply chain for software used to program and test control systems for the robots and drones produced by Sifers-Grayson).

3.
A section on
best practices for reducing risks in the Cyber and IT supply chain.
In this section you must identify and discuss 5 or more best practices for managing Cyber and IT supply chain risks in a manufacturing industry. You must also provide an evaluation of the expected benefits from implementing each of these practices.

4.
A
summary and conclusions section
 in which you present an overall picture of the supply chain risk problem in a manufacturing industry and best practices for managing Cyber and IT supply chain risks.

Submit for Grading

Submit your work in MS Word format (.docx or .doc file) using the Project 1 Assignment in your assignment folder. (Attach the file.)

Additional Information

1. Consult the grading rubric for additional content and formatting requirements for this project.

2. Your 4-5 page paper should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use section and sub-section headings in addition to page breaks to organize your paper.

3. You are allowed to exceed the page count listed under item #2 but you should focus upon providing a clear and concise written analysis. Graphics, title page, table of contents, and reference list do not count towards the page count.

4. Your paper should use standard terms and definitions for cybersecurity concepts.

5. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Paper_Template(TOC+TOF,2021).docx.

6. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count. The table of contents from the template is not required for this assignment and does not count towards the page count. However, if you leave the table in place, you must update it so that it shows correct headings and page numbers.

7. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 

8. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.). If you paste in graphics, you MUST provide a caption with an in-text citation that identifies the source (treat it like a quotation).

9. References

Korolov, M. (2021, January 12).
What are supply chain attacks, and how to guard against them. Retrieved from

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

Wk4_300

Need help with a question. Due 3/10/2025 @ 9PM n the Week 4 labs, you performed tasks such as creating a cluster, restoring files, configuring account lockout policies, and verifying RAM usage.  Note: Ensure you have completed all lab exercises from Week 4 before completing this assessment. Assessment Details Write a 350-

Event Khusus dan Promosi di Witching Pot

“Saya sangat puas dengan pengalaman taruhan di situs ini. Setiap elemen, dari navigasi hingga pembayaran, berjalan dengan mulus. Ini menunjukkan profesionalisme dan kualitas layanan mereka. Saya pasti akan kembali lagi!”

Business/computer

Isolation Discussion Thread: Cybersecurity — Layering-Abstraction-Process Isolation The NSA has identified what they call the First Principles of cybersecurity. The following lists three of these: Principle Last Name Starts With Layering A through H Abstraction I through Q Process Isolation R through Z For your discussion, describe the principle assigned

D 3 of 459

 Building Block Technologies    What is an operational technology?  How is it similar or different than Consumer IoT? What emerging risks can you identify for an operational technology in a hypothetical utilities distribution monitoring & control environment (pipelines & transmission grids)?

D 2 of 459

  Follow the attach document to complete this work. Questions: 1. Consumer Internet of Things (IoT) has become ubiquitous and represents a major vector of cyber risk. Provide examples of consumer IoT that may be found in your own home (not sharing exact details is OK) 2. Provide a high

D 1 of 459

Follow the attach document to complete this work. Building Block Technologies   1. Software, Hardware, and Network Communications are considered building block technologies for enterprises. Define what they are, how they are used and give an example. 2. What are the most notable cyber risks for each type of building block?

D 8 0f 360

Follow the attach document to complete this work. International Cooperation for Cybersecurity   Prepare a 5- to 7-paragraph briefing statement that explains why wealthy nations and developing nations should work together to improve cybersecurity for the globally connected networks referred to as “the Internet.” Your statement should address the following.

D 7 of 360

Follow the attach document to complete this work. Policy Soup: Dealing with the Aftermath of a New Cybersecurity Policy   Prepare a 5 to 7 paragraph “Expert Opinion” for local government officials. This document should present a strategy for communicating with residents about a new “cybersecurity” policy that requires a

D 6 of 360

Follow the attach document to complete this work.  Partnerships for Improving State and Local Government Cybersecurity   Before you begin, read this report:  National League of Cities ( ) (Click the Download Report link at the bottom of the page) Prepare a briefing statement (3 to 5 paragraphs) for a group

D 5 of 360

Follow the attach instruction to complete this work. Background Briefing: How will the Governor’s Initiatives Improve Cybersecurity for the State’s Critical Infrastructures?   Discussion we transition from federal to state critical infrastructure. You are working for the Chief of Staff (CoS) for a newly elected Governor. The governor asked the

D 4 of 360

Follow the attach instruction to complete this work. Panel Presentation: Privacy Impact Assessments (PIA)  Coordinators of an upcoming conference, attended by federal government IT managers and staff, invited you to participate in a panel presentation about privacy. For this activity, prepare a 5 to 7 paragraph briefing statement which answers

Proj4-final

Project 4: Postmigration Activities  Step 1: Postmigration Activities Overview  Like any software development project, migration projects require careful planning to ensure success. This planning includes the postmigration testing and maintenance phase. Start this project by researching and planning the  postmigration activities that will be required to get BallotOnline’s migrated workloads in

Discussion-4

Discussion: Postmigration Approaches and Activities Contains unread posts Now that you have completed BallotOnline’s cloud migration, you will discuss the cloud postmigration activities and approaches. You should cover the following areas: · What is the business impact after the migration? · How will you manage service-level agreements in the cloud?

D 3 of 360

Follow the attach instructions to complete this work. How does FedRAMP help agencies ensure that Digital Government services are secure?   Must post first. Subscribe The format for your week 3 discussion is a backgrounder (“briefing paper”). Background papers are summaries of issues provided to help decision-makers/leaders/managers make decisions. Decision-makers

D 2 of 360

Follow the attach document to complete this work.  Briefing Statement: Security Implications of OPEN Data   Representatives from the  Joint Committee on Cybersecurity and Information Technology have asked you to provide a briefing as part of their “Cyber Scholars Day.” The committee is sponsoring this day of briefings and outreach for

D 1 of 360

Follow the attach document to complete this work. Growing Reliance on Digital Government Services   Your 1 discussion short paper assignment is to write a  workplace newsletter article. As you work on this type of discussion item, think about the newsletters you receive in your workplace. Are they engaging? Do they

Week 3 Discussion: PUMP Versus PMBOK® Guide Approach

I put the links to both the text and the PMBOK Guide, it is through my school library so it may not come up without my login at the botton of the instructions also in bold letters is the information to both the course text and the guide please let

wk 9 distance edu

PLEASE SEE IF YOU CAN LOOK UP THE READING IN THE FILE PORTION, I WAS NOT ABLE TO PULL IT UP UNFORTUNATELY!  After reading “Applying “Design Thinking” in the Context of Media Management EducationLinks to an external site.,” think about all aspects of learning online: activities, workload, faculty-to-learner communication, and