CSIA350 Project 1 Supply Chain Risk Analysis. Assignment.
docx
keyboard_arrow_up
School
University of Maryland, University College *
*We aren’t endorsed by this school
Course
350
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
7
Uploaded by libdon4life
Project 1: Supply Chain Risk Assessment
University of Maryland Global Campus
CSIA 350: Cybersecurity in Business and Industry
Professor: Mohammad Shirazee
Kparkay Alvin Togba
Feb 7, 2023
Introduction
What is Supply Chain in Sifers-Grayson's context, and why does it play such a crucial role for our clients?
“The process of moving a product from its inception to its customer is known as the supply chain. It involves various activities and resources” (Michigan State University 2022). Depending on the context and situation, the term supply chain can be used differently. It refers to a process that involves moving goods from one point of origin to another. In addition, it coordinates both buyer and supplier activities. The importance of having a well-defined supply chain management strategy is acknowledged by companies such as Sifers-Grayson. It can help them anticipate problems and improve their inventory to meet their customers' needs. Due to the increasing complexity of the supply chain management process, many companies are now adopting digital strategies to improve their efficiency. This has created more potential risks for them. To minimize these risks, Nofsinger consultants can help companies identify and implement effective cybersecurity measures. The risks of supply chains:
“The concept of supply chain risk management refers to the process of identifying and assessing the various risks that can affect the operations of a company's supply chain. It involves developing strategies
to minimize these risks and avoid disruptions” (Cecere 2015). The vulnerability in the supply chain could be caused by different factors such as bad actors or intelligence agencies that are looking to infiltrate it. These organizations could then use the supply chain to gain access to its intellectual property. Third-
party sellers can also be infected since they are not as trustworthy as those with major brands. Sifers- Grayson believes that there is a risk that malware could be smuggled in or loaded onto a device.
Here is a list of hardware supply risks:
1.Tampering -
In the event of compromised items being sold, the place where the products were made is not responsible. “The Chinese spy peeled microchips out of server motherboards and shipped them to
the US, infecting servers sold to the US government. This is an example of how a supply chain can be compromised by a foreign operative” (Bloomberg,2018).
2.
Physical Security -
Without physical security, products can be vulnerable to intrusion, whether by third-party employees or bad actors seeking access. 3.
Hardware vulnerability -
As the digital age progresses, devices known as IoT, or the internet of things become more and more common. Cybercriminals exploit a number of known vulnerabilities in these devices to attack them. A similar ban was imposed by the US government in 2018 against Chinese telecom companies Huawei and ZTE. Through an exploit of their devices, these companies claimed to have eavesdropped (Wong 2018).
Software supply chain risks include the following:
1.
Open-source products -
“There is an average time gap between the discovery of vulnerabilities in open-source software and the actual vulnerability” (Osborne 2020). A cybercriminal who leaves a vulnerability to hack into a supply chain can cause massive losses to the supply chain since some applications are only available as open-sourced software. 2.
Software Vulnerability - “Even in today's supply chain, some companies have been duped by fraudulent software, lost personal information, risked identity theft, and wasted time and money as a result” (Finn 2020). A SQL injection attack could give malicious actors access to the servers and allow them to insert malicious commands. A vulnerability in a system is usually caused by exploits used by attackers to gain access to its flaws.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
3.
IT Management Server access -
“I am most concerned about the code development process. It is easy
for hackers to exploit gaps and openings in software if developers are inadequate and the code is written poorly. With properly designed software, you would not experience SolarWinds' security issues"(Denyer 2021). A company like 2020's SolarWinds shows how its supply chain can be compromised during development and maintenance. Malware is injected into server updates without notice for months, delivering patches to all customer networks without notice. Best practices for reducing risks in the workplace:
One of the most critical steps that businesses can take to reduce their risk of IT is by managing the various risks associated with their use and ownership of technology. This can help minimize the risk that businesses face when it comes to operating in the information technology field. For instance, Nofsinger Consulting conducted a penetration test to identify potential threats that could affect the operations of Sifers- Grayson. They also discovered several vulnerabilities that could allow them to access the company's servers. Through the pen test, Nofsinger Consulting was able to identify the various risks that
Sifers-Grayson could face. It also helped the company develop effective strategies to minimize its exposure to these threats. There should be a change in policy implemented if the specifications for your products do not match, and if that is the case, ensure that they comply. As a result, the software will be protected from being counterfeit and loaded with malicious software that can harm the computer. The amended policy should also be communicated to all of your suppliers in order to help them prevent unauthorized access to your systems as well. In order to ensure the security of the company's systems, the source codes of all software purchased should be available in the company's possession. By doing this, the cybersecurity team will have a better
chance of identifying potential threats and vulnerabilities. Furthermore, employees will have to be
educated on how to use the software in order to be able to use it. In order to ensure that unauthorized access to their systems is prevented, members of the cybersecurity team will need to update their policies and procedures on a regular basis. It is also essential that they train their managers on how to spot phishing attacks in order to keep their staff safe. Conclusion
It is important that you take immediate action to address certain risks once you have assessed their impact, so that you can mitigate them in the future. Using the information that is collected from the third-party contact, it is possible to develop strategies and procedures that will be based on the information obtained from that source. It is imperative to be proactive in order to reduce the risk associated with the supply chain and prevent it from happening. When it comes to dealing with threats, there are no guarantees, but if the threats are dealt with effectively, it can be possible to prevent their effects from occurring. It is paramount that well-thought-out procedures and practices are in place to minimize the potential damage that can be caused by these issues.
References
Cyber Attacks Top List of Risks Impacting Supply Chain. (2019). Retrieved 11September 2022, from https://www.cshub.com/attacks/articles/cyber-attacks-top-list-of-risks-impacting-supply-chain
.
Cybersecurity Supply Chain Risk Management | CSRC. (2022). Retrieved 11 September2022, from https://csrc.nist.gov/Projects/cyber-supply-chain-risk-management#:~:text=Cyber%20supply%20chain
%20risks%20may%20include%20insertion%20of,and%20development%20practices%20in%20the
%20cyber%20supply%20chain
. The Global Supply Chain Ups the Ante for Risk Management - Supply Chain Insights. (2022). Retrieved 11
September 2022, from https://supplychaininsights.com/the-global-supply-chain-ups-the-ante-for-risk-
management/
It's time for Huawei to prove its phones aren't spying on Americans. (2018). Retrieved11 September 2022, from https://mashable.com/article/huawei-prove-phones-not-spying-americans
(2022). Retrieved 11 September 2022, from https://www.michiganstateuniversityonline.com/resources/supply-chain/what-is-supply-chain-
management/
. Microsoft Warns of Malware-Laced Counterfeit Software. (2009). Retrieved 11September 2022, from https://www.darkreading.com/vulnerabilities-threats/microsoft-warns-of-malware-laced-counterfeit-
software
Open-source software security vulnerabilities exist for over four years before detection. (2022). Retrieved 11 September 2022, from https://www.zdnet.com/article/open-
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Understanding Software Supply Chain Risks and How to Mitigate Them. (2022).Retrieved 11 September 2022, from https://www.contrastsecurity.com/security-influencers/understanding-software-supply-
chain-risks-and-how-to-mitigate-them
The US is readying sanctions against Russia over the SolarWinds cyber-attack. Here's a simple explanation of how the massive hack happened and why it's such a big deal. (2022). Retrieved 12 September 2022, from https://www.businessinsider.com/solarwinds-hack-explained-government-
agencies-cyber-security-2020-11
What is a Software Vulnerability? (2022). Retrieved 11 September 2022, from https://jfrog.com/knowledge-base/software-vulnerability/