How can governance frameworks be used by both suppliers-purchasers of cybersecurity related products-services to mitigate risks?

Acquisition Risk Analysis

For this project, you will investigate and then summarize key aspects of risk and risk management for acquisitions or procurements of cybersecurity products and services. The specific questions that your acquisition risk analysis will address are:

What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaser of cybersecurity related products and/or services?

Are suppliers liable for harm or loss incurred by purchasers of cybersecurity products and services? (That is, does the risk transfer from seller to buyer?)

How can governance frameworks be used by both suppliers and purchasers of cybersecurity related products and services to mitigate risks?