For this project, you will investigate and then summarize key aspects of risk and risk management for
acquisitions or procurements of cybersecurity products and services. The specific questions that your
acquisition risk analysis will address are:
- What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a
purchaser of cybersecurity related products and/or services?
- Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and services?
(That is, does the risk transfer from seller to buyer?)
- How can governance frameworks be used by both suppliers and purchasers of cybersecurity related
products and services to mitigate risks?
Sample Solution
