Description
Case Study #3: Is there a cybersecurity industry?
CSIA 350: Cybersecurity in Business & Industry
Case Study #3: Is There A Cybersecurity Industry?
Case Scenario:
You recently joined a small start-up company that has developed a suite of cybersecurity products that integrate network sensors (hardware) with big data analytics (software) to provide advanced threat detection at an affordable price. As is often the case with small companies, you are expected to lend your hand to whatever task needs doing. Yesterday, you were helping to write the online product brochures and other marketing materials. Today, your tasks include adding the North American Industry Classification System (NAICS) code(s) for the “cybersecurity” industry to the company’s Website. As you delve into the matter, you quickly discover that there is no NAICS code for a “cybersecurity” industry (see http://www.census.gov/cgi-bin/sssd/naics/naicsrch?chart=2012). After additional research, you learned that the NAICS codes for your company’s direct competitors (companies selling similar cybersecurity products) included the following:
- Computer and Electronic Product Manufacturing (NAICS prefix “334”)
- Computer Terminal and Other Computer Peripheral Equipment Manufacturing
- Computer Storage Device Manufacturing
- Information Industry (NAICS prefix “51”)
- Custom Computer Programming Services
- Software Publishers
- Professional, Scientific, and Technical Services Industry (NAICS prefix “54”)
- Computer Systems Design Services
- Electronic Stores
- Retail Trade (NAICS prefix “44”)
- Electronic Stores
You also learned that the NAICS system was designed to be production or product oriented and that provisions exist for adding new or emerging industries to the NAICS classification system (see NAICS Update Process Fact Sheet, p. 2, section “The Four Principles of NAICS” https://www.census.gov/eos/www/naics/reference_files_tools/NAICS_Update_Process_Fact_Sheet.pdf)
Your team leader has asked you to write a short report detailing your findings and recommending which industry your company should declare as its primary industry (out of the four listed above). Your report should include a justification for your selection. Your team leader has also asked you to provide a well-reasoned explanation as to why “cybersecurity” is considered an industry by many reporters and market analysts but is not listed as a unique industry under NAICS.
NAICS codes are incorporated into many business directory listings, independent financial reports / market analyses, and credit reports. Many large organizations, especially government agencies, require that a company have both a Dun & Bradstreet Data Universal Numbering System (D-U-N-S) number and one or more NAICS codes assigned to the company prior to being listed as an approved supplier.
Research:
- Read / Review the Week 5 readings. Pay close attention to those readings which provide evidence that “cybersecurity” is, in fact, an industry. Click below links to find readings
- http://www.marketsandmarkets.com/Market-Reports/cyber-security-market-505.html
- https://www.cbinsights.com/research/cybersecurity-industry-report/
- https://cybersecurityventures.com/cybersecurity-market-report-q1-2015/
- https://www.entrepreneur.com/article/226455
- http://blog.gust.com/what-is-the-difference-between-a-vertical-and-a-horizontal-market/
- Research additional information about industry classifications, why they were developed, and how they are used. Here are some suggested sources:
- http://www.naics.com/history-naics-code/
- https://www.naics.com/naicswp2014/wp-content/uploads/2014/10/How_to_Use_NAICS_SIC_Codes_for_Marketing_NAICSAssociation.pdf?
- http://www.bls.gov/bls/naics.htm
- https://www.census.gov/eos/www/naics/reference_files_tools/NAICS_Update_Process_Fact_Sheet.pdf (See page 2: “The Four Principles of NAICS” Principles #1 & #2)
- Find three or more additional sources which provide evidence that “cybersecurity” is or is not a distinct industry.
Write:
Using standard terminology (see case study #1), write a two to three page summary of your research. At a minimum, your research summary must include the following:
- Introduction which includes a well-reasoned explanation as to why “cybersecurity” is considered an industry by many reporters and market analysts but is not listed as a unique industry under NAICS. Your introduction should include an explanation of the importance of standardized industry classification codes (who uses them and why).
- Analysis and discussion of one or more industry codes which could be used by your cybersecurity company (based upon the product listed in this assignment). The discussion should include a comparison between your company’s business activities and the industry characteristics for the four classification families listed in this assignment (prefixes 334, 44, 51, & 54).
- Recommendation for the best fit for a single NAICS code to be used by your company on its website and included in its business directory listings and financial reports. This recommendation must include your reasons as to why this code is the best fit.
- A closing section in which you present a summary of the issues regarding the question of whether or not cybersecurity is a separate industry, your recommendation for selection of a NAICS code, and your rationale for your choice.
Submit For Grading & Discussion
Submit your case study in MS Word format (.docx or .doc file) using the Case Study #3 Assignment in your assignment folder. (Attach the file.)
Formatting Instructions
- Use standard APA formatting for the MS Word document that you submit to your assignment folder. Formatting requirements and examples are found under Course Resources > APA Resources.
Additional Information
- You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. These items are graded under Professionalism and constitute 20% of the assignment grade.
- You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must comply with APA 6th edition Style requirements. Failure to credit your sources will result in penalties as provided for under the university’s Academic Integrity policy.
Criteria Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable
Introduction or Overview for the Case Study 10 points
Provided an excellent introduction which included a well-reasoned explanation as to why “cybersecurity” is considered an industry but does not have a unique NAICS code. The overview appropriately used information from 3 or more authoritative sources.
8.5 points
Provided an outstanding introduction which included a well-reasoned explanation as to why “cybersecurity” is considered an industry but does not have a unique NAICS code. Explained the importance of standardized industry classification codes (who uses them and why).The overview appropriately used information from 3 or more authoritative sources.
7 points
Provided an introduction which included an explanation as to why “cybersecurity” is considered an industry but does not have a unique NAICS code. Explained the importance of standardized industry classifications. The overview appropriately used information from 2 or more authoritative sources.
6 points
Provided an overview but the section lacked important details about the case. Information from authoritative sources was cited and used in the overview.
4 points
Attempted to provide an introduction to the case study but this section lacked detail and/or was not well supported by information drawn from authoritative sources.
0 points
The introduction and/or overview sections of the paper were missing or off topic.
NAICS Codes and Industry Classification (What, Why, Who uses them) 10 points
Introduction included an excellent explanation of the importance of standardized industry classification codes including 3 or more examples of who uses NAICS codes and why. Appropriately used information from 3 or more authoritative sources.
8.5 points
Introduction included an outstanding explanation of the importance of standardized industry classification codes including 2 or more examples of who uses NAICS codes and why. Appropriately used information from 2 or more authoritative sources.
7 points
Introduction included an explanation of the importance of standardized industry classification codes including at least one example of who uses NAICS codes and why. Appropriately used information from authoritative sources.
6 points
Introduction mentioned the importance of standardized industry classification codes and gave at least one example of who uses NAICS codes and why.
4 points
Attempted to provide information about NAICS codes but the discussion lacked detail and/or was not well supported by information drawn from authoritative sources.
0 points
This section was missing, off topic, or failed to provide information about NAICS codes.
Identified and Explained Industry Codes used by Cybersecurity Companies 20 points
Provided an excellent analysis and discussion of one or more industry codes which could be used by the cybersecurity company& product as listed in the assignment. Included a comparison between the company’s business activities and the industry characteristics for the four classification families listed in this assignment (prefixes 334, 44, 51, & 54). Appropriately used information from 3 or more authoritative sources.
18 points
Provided an outstanding analysis and discussion of one or more industry codes which could be used by the cybersecurity company& product as listed in the assignment. Included a comparison between the company’s business activities and the industry characteristics for the four classification families listed in this assignment (prefixes 334, 44, 51, & 54). Appropriately used information from 2 or more authoritative sources.
16 points
Provided a discussion of one or more industry codes which could be used by the cybersecurity company& product as listed in the assignment. Compared the company’s business activities and the industry characteristics for at least 2 classification families listed in this assignment (prefixes 334, 44, 51, & 54).Appropriately used information from authoritative sources.
14 points
Provided a discussion of one or more industry codes which could be used by the cybersecurity company& product as listed in the assignment. Compared the company’s business activities and the industry characteristics to NAICS classifications.Appropriately used information from authoritative sources.
9 points
Provided a discussion of NAICS industry codes as used by cybersecurity companies. The discussion lacked detail and/or was not well supported by information drawn from authoritative sources.
0 points
This section was off topic or failed to provide information about cybersecurity related NAICS codes.
Recommendation for “Best Fit” for a NAICS Code for a Cybersecurity Company 20 points
Provided an excellent “best fit” recommendation for a single NAICS code to be used by the target cybersecurity company (a) on its website, (b) in its business directory listings, and (c) in financial reports. Justification included discussion of the company’s cybersecurity product as part of the rationale for the selected NAICS code. Appropriately used information from 3 or more authoritative sources.
18 points
Provided an outstanding “best fit” recommendation for a single NAICS code to be used by the target cybersecuritycompany (a) on its website, (b) in its business directory listings, and (c) in financial reports. Justification included discussion of the company’s cybersecurity product as part of the rationale for the selected NAICS code. Appropriately used information from 2 or more authoritative sources.
16 points
Provided a “best fit” recommendation for a single NAICS code to be used by the target cybersecurity company (a) on its website, (b) in its business directory listings, and (c) in financial reports. Justification included discussion of the company’s cybersecurity product as part of the rationale for the selected NAICS code. Appropriately used information from authoritative sources.
14 points
Recommended a NAICS code to be used by the target cybersecurity company. Discussion included mention of the company’s cybersecurity product. Appropriately used information from authoritative sources.
9 points
Identified an appropriate NAICS code but the discussion lacked detail and/or was not well supported by information from authoritative sources.
0 points
Did not address selection of an appropriate NAICS code.
Summary of Issues and Recommendations 10 points
Provided an excellent summary of the issues regarding the question of whether or not cybersecurity is a separate industry, a recommended NAICS code, and explanation of the reasons supporting this choice of NAICS code. Appropriately used information from authoritative sources.
8.5 points
Provided an outstanding summary of the issues regarding the question of whether or not cybersecurity is a separate industry, a recommended NAICS code, and explanation of the reasons supporting this choice of NAICS code. Appropriately used information from authoritative sources.
7 points
Provided an acceptable summary of the issues regarding the question of whether or not cybersecurity is a separate industry, a recommended NAICS code, and explanation of the reasons supporting this choice of NAICS code. Appropriately used information from authoritative sources.
6 points
Attempted to provide a summary of the issues and recommendations regarding assignment of NAICS codes for a cybersecurity company but the summary lacked detail or was disorganized. Appropriately used information from authoritative sources.
4 points
Provided a summary section but this section lacked relevancy. Or, the section was not well supported by information from authoritative sources.
0 points
Did not provide a summary or conclusions section.
Professionalism: Addressed security issues using standard cybersecurity terminology 5 points
Demonstrated excellence in the integration of standard cybersecurity terminology into the case study.
4 points
Provided an outstanding integration of standard cybersecurity terminology into the case study.
3 points
Integrated standard cybersecurity terminology into the into the case study
2 points
Used standard cybersecurity terminology but this usage was not well integrated with the discussion.
1 point
Misused standard cybersecurity terminology.
0 points
Did not integrate standard cybersecurity terminology into the discussion.
Professionalism: APA Formatting for Citations and Reference List 5 points
Work contains a reference list containing entries for all cited resources. Reference list entries and in-text citations are correctly formatted using the appropriate APA style for each type of resource.
4 points
Work contains a reference list containing entries for all cited resources. One or two minor errors in APA format for in-text citations and/or reference list entries.
3 points
Work contains a reference list containing entries for all cited resources. No more than 3 minor errors in APA format for in-text citations and/or reference list entries.
2 points
Work has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 5 minor errors in APA format for in-text citations and/or reference list entries.
1 point
Work attempts to credit sources but demonstrates a fundamental failure to understand and apply the APA formatting standard as defined in the Publication Manual of the American Psychological Association (6thed.).
0 points
Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper.
Professionalism: Organization & Appearance 5 points
Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.
4 points
Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings (per the assignment’s directions).
3 points
Organization and/or appearance of submitted work could be improved through better use of fonts, color, titles, headings, etc. OR Submitted work has multiple style or formatting errors. Professional appearance could be improved.
2 points
Submitted work has multiple style or formatting errors. Organization and professional appearance need substantial improvement.
1 point
Submitted work meets minimum requirements but has major style and formatting errors. Work is disorganized and needs to be rewritten for readability and professional appearance.
0 points
No work submitted.
Professionalism: Execution 15 points
No formatting, grammar, spelling, or punctuation errors.
14 points
Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance.
13 points
Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work.
11 points
Submitted work has numerous errors in formatting, spelling, grammar, or punctuation. Work is unprofessional in appearance.
4 points
Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage.
0 points
No work submitted.
Overall Score Excellent 90 or more Outstanding 80 or more Acceptable 70 or more Needs Improvement 56 or more Needs Significant Improvement 36 or more Missing or Unacceptable 0 or more