Cybersecurity Supply Chain Governance

Logo
Presented by

Pam Nigro, Chair, Board of Directors | ISACA

About this talk

Supply chains face known and unknown risks. IT organizations are especially susceptible to supply chain risk as it often uses many open source products in the acquisition and development of their software. We need a structured approach for cybersecurity supply chain risk management. A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. A SBOM is a nested inventory, a list of ingredients that make up software components. The Executive Order (EO) on Improving the Nation’s Cybersecurity released on May 12, 2021 acknowledges the increasing number of software security risks throughout the supply chain. This EO mandates that Federal departments and agencies (and their suppliers) understand the cybersecurity risks through the software and services that they acquire, deploy, use, and manage from their supply chain (which includes open source software components). Acquired software may need to contain known and unknown vulnerabilities as a result of the product architecture and development life cycle. In this webinar learn about cybersecurity risk management and governance. - Identify and document the risks and known vulnerabilities. - Build a supply-chain risk-management framework. - Know and manage critical components and suppliers. - Develop a supplier/vendor software bill of materials, of each binary component that is used in the software, firmware, or product. - Build a remediation plan for any vulnerable open source materials. - Institute a governance and monitoring process.
Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (605)
Subscribers (204522)
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.