cyber security Determine Relevant Supply Chain Risk Management (SCRM) Practices and Challenges)

 Project 3 You hear voices coming from the chief technology officer’s office as you approach to hand in your weekly status report. As you walk in, he looks up and says, “Perfect timing! I have a new project for you.” John introduces Brenda, the director over in Accounting Systems. “Brenda, please explain why you’re here and what you need from us.” Brenda smiles. “Sure. As I was just telling John, accounting needs a more efficient way to handle our month-end closing procedures. “Currently, this process is cumbersome with many tasks that could be automated. Also, every month during this procedure, we process a high volume of sensitive data that could be at risk while we implement any type of change. “In a few weeks, John and I must make a recommendation to the CEO whether to purchase new software or develop an original application to improve the efficiency of month-end processing. We need to present a recommendation that will consider the needs of accounting while keeping the data secure.” John turns to you. “I would like you to look into solutions and provide me with a recommendation prior to our meeting with the CEO. There are several factors that I would like you to think about. “First, consider the importance of supply chains. I would also like some slides on supply chain risk management concepts that I can include in my presentation. Next, conduct your due diligence on software development. The third factor to consider is software assurance, whether we develop or procure. And finally, should we be considering open source options? Whatever option we choose, we’ll need to support the maintenance of it, and so you should also develop a maintenance plan that provides all of the functionality needed by the accounting department, with minimal disruption in their operations, and of course, maximum security.” Brenda says, “Automating the month-end process will be a huge benefit to the accounting department.” John concludes, “I would like to see your final recommendations in three weeks in order for us to have time to prepare for our conversation with the CEO.” Cyber management and policy professionals need to be able to identify software security vulnerabilities and communicate those vulnerabilities to nontechnical policy makers. Whether an organization purchases commercially available software or develops original applications, understanding the vulnerabilities is especially important. Upon completion of this project, you will evaluate relevant vulnerabilities, determine potential costs associated with these vulnerabilities, and recommend the best solution for an organization. You will also develop and present a software maintenance plan, taking into consideration the Supply Chain Risk Management (SCRM) framework. Finally, you will present the recommended solution to a nontechnical audience. This is the third of four sequential projects. There are thirteen steps in this project. Begin by reviewing your project scenario, then proceed to Step 1. When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. 6.1: Analyze secure software development methodologies and describe the cybersecurity issues that each methodology addresses. 6.4: Explain systems life cycle management concepts used to plan, develop, implement, operate, and maintain information systems. 9.4: Demonstrate secure principles, methods, and tools used in the software development life cycle. 9.5: Describe the cybersecurity implications related to procurement and supply chain risk management. Step 1: Determine Relevant Supply Chain Risk Management (SCRM) Practices and Challenges You begin your project with an investigation of supply chain risk management (SCRM). SCRM is the implementation of strategies to manage risks associated with the selection, installation, implementation and use of products with the goal of reducing vulnerabilities and assuring secure operations. It is important to understand SCRM in order to make informed decisions regarding the selection of products. Review Supply chain risk management concepts and theories. As you read about SCRM, document the following: