Presenter: Prithvinder Singh & Prashanth Sulegaon Abstract: What is supply chain security? Supply Chain is a system of organizations, people, process, information, technology and resources involved in moving a product or service from a supplier to the intended customer. An unsecured supply chain can introduce great risk to any organization and if vendors, solutions or hardware aren’t properly vetted, it can lead to huge data loss. Why is it required? An unsecured supply chain can introduce great risk to an organization. If vendor aren’t properly vetted, or if we purchase software that does not meet our security standards, we can lose data. These days several companies have had data breaches that allowed hundreds of millions of customer records to be compromised. On average, it takes 229 days after a breach for it to be detected. Often, these breaches were caused by a vulnerability in third-party software or services being exploited, costing companies tens of millions of dollars and damaging customers’ confidence. In this Session: Everyone knows, 3rd party softwares bring lot of risk to an organization. However does traditional vetting of supplier solutions work? Will it really reduce the risk? can we perform effective assessments? Is it scalable? Can we do continuous monitoring? In this session we will talk about what are the risks currently associated with the 3rd Party Softwares and how to surface them for effective risk reduction. This session will focus on securing supply chain using risk based 3rd party framework which encompasses integration of multiple security checkpoints at various stages of solution life cycle We will talk about: * Supply Chain Universe * Current challenges in Supply Chain Security * Secure life-cycle of 3rd party software from on-boarding till termination. * Supplier Risk Profiling * Point in time vs Continuous Assurance