Background: Let us imagine that you are a Cyber Security consultant working for the North American Lumber Coalition. Your specialization is information technology and cyber security policy.
Recently, NALC leadership has learned about the Solarwinds supply-chain cyber attack and have grown very concerned that there could be other similar threats lurking within their environment.
Your company has been engaged by NALC to develop an information technology supply-chain risk management policy. They have chosen to align their security program to the NIST 800-53 model, and would like this policy to align with the framework (Attached) as well.
Research and consider the various IT security risks related to technology supply chain. Leverage the framework which we developed in class (Attached) as well as the NIST 800-53 framework (https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/controls?version=5.1&family=SR (Links to an external site.)) to develop an information technology supply-chain risk management policy as well as associated procedures and standards documents.
