This document discusses cyber security supply chain risks and governance. It aims to inform participants about aligning cybersecurity governance principles with effective supply chain risk management to enhance national security. It covers topics like supply chain risks, risk treatment plans, cyber security governance objectives, and recommendations. The key points are that cyber supply chain risks can come from third party vendors and software, and that governance needs to acknowledge attacks often target the weakest link, requiring basic and extended governance provisions that address cybercrime across the enterprise value chain.
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
Cyber–supply chain risks pose a new set of challenges for businesses (loss of critical IP, unwanted functionality in products) which jeopardize brand reputation and shareholder value. This session will present case study research from NIST on cutting-edge practices and tools that today’s industry leaders in supply chain risk management are deploying to secure their supply chains from end to end.
(Source: RSA USA 2016-San Francisco)
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
Cyber–supply chain risks pose a new set of challenges for businesses (loss of critical IP, unwanted functionality in products) which jeopardize brand reputation and shareholder value. This session will present case study research from NIST on cutting-edge practices and tools that today’s industry leaders in supply chain risk management are deploying to secure their supply chains from end to end.
(Source: RSA USA 2016-San Francisco)
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
Cyber–supply chain risks pose a new set of challenges for businesses (loss of critical IP, unwanted functionality in products) which jeopardize brand reputation and shareholder value. This session will present case study research from NIST on cutting-edge practices and tools that today’s industry leaders in supply chain risk management are deploying to secure their supply chains from end to end.
(Source: RSA USA 2016-San Francisco)
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
Cyber–supply chain risks pose a new set of challenges for businesses (loss of critical IP, unwanted functionality in products) which jeopardize brand reputation and shareholder value. This session will present case study research from NIST on cutting-edge practices and tools that today’s industry leaders in supply chain risk management are deploying to secure their supply chains from end to end.
(Source: RSA USA 2016-San Francisco)
Presentation from NRF Protect 2019: Retail's Loss Prevention and Cyber Risk Event.
Neil Lakomiak, Business Development Director, Underwriters Laboratories Inc.
Steve Welk, Senior Director, Loss Prevention, Barnes & Noble College Bookstores Inc.
Bernell Zorn, Manager of Program Management, Nordstrom
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
Who's responsible for cybersecurity at your organization? The accountability for cybersecurity has shifted to the C-Suite, and it's needs to become part of the overall business strategy.
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurAlan Yau Ti Dun
"Like any information security processes, there should be an adequate and"
"reasonable level of assurance for cyber security, which completes the security perspective when combined with governance and management processes. Cyber security assurance requires a comprehensive set of controls that covers risk as well as management processes."
"These controls are supported by appropriate metrics and indicators for"
"security goals and factual security risk. This session will share the cybesecurity self assessment program in carrying out an audit or self- assessment review on cyber security controls and practices in a typical organisation. This assurance program will leverage on COBIT 5 framework"
"and COBIT 5 for Information Security as a baseline."
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: Cybersecurity for Government Contractors
Presenter: Robert Nichols, Partner, Covington & Burling LLP
Awareness and Guide to a Practical Implementation.
Discover how to automate security testing, and ensure every bit of code is scanned before it leaves the developer’s hands
https://bsidesdc2018.busyconf.com/schedule#day_5acff470ec4a15f24e000036
For many companies, Cyber Security is achieved solely through the application of technological solutions to software and hardware challenges. Schneider-Electric takes a more holistic approach with a program built around complete product lifecycles and encompassing safety, maintenance and security. Discover Schneider-Electric's cyber security vision, from understanding how secure functionality is engineered into products through the tools and support available to manage updates and patches, plus specific procedures for handling potential vulnerabilities. A software and hardware ecosystem is only as strong as its weakest component, and Schneider-Electric is working to strengthen this through StruXureware and the evolution of platforms.
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
This webinar gives an idea of what is the relation of ISO 27032 with ISO 55001, and how these two standards cover one another. Get more information on Cybersecurity as the importance is given more to the security industry nowadays.
Main points covered:
• Protection assets in Cyberspace
• Covering ISO 27032 in ISO 55001 and ISO 55001 in ISO 27032
• Sample of Cybersecurity Risks in Assets
• Highlights of the Implementation of the Cyber Security program Framework
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Claude Essomba, who is a Managing Director at GETSEC SARL, and has more than 9 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/_280jG77iKY
Implementing Robust Cybersecurity Measures in IT InfrastructuresVRS Technologies
In This PDF We discuss about the implementation of cyber security measures in IT Infrastructures. VRS Technologies LLC occupies the Leading Position in Supplying the Services of Cyber Security Dubai. For More Info Contact us: +971 56 7029840Visit us: https://www.vrstech.com/cyber-security-services.html
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...Cohesive Networks
On June 10th CFO/COO Dwight Koop presented "Cybersecurity for real life: Using the NIST Framework to protect your critical infrastructure" at CircleCity Con in Indianapolis, IN.
Our mission is to be a trusted provider of information technology services and solutions with core competencies in cybersecurity, information assurance, security engineering, risk management and security program and project management. Our proven methodologies and scalable solutions help our clients achieve maximum return on their investment.
Cloud Cybersecurity: Strategies for Managing Vendor RiskHealth Catalyst
As more organizations shift away from on-premise architectures toward the cloud or hybrid hosting models, critical cybersecurity concerns emerge. Organizations, especially health systems, should carefully examine the shared responsibility model in partnership with their cloud vendor.
Kevin Scharnhorst, Health Catalyst Chief Information Security Officer, shares perspectives on how your organization’s security program, through adherence to standards-based policy and procedures, can align with your cloud vendor on reduced organizational risk.
This presentation from the NTXISSA June 2015 Lunch and Learn meeting covers: “Survival in an evolving threat landscape” and “How to talk security in the boardroom”
A Summit to advance BAS cybersecurity
For the second year, the New Deal for Buildings is organizing a Cybersecurity Summit at AHR Expo. The event is designed to gather BAS leaders and facility practitioners to discuss and chart the way forward for the adoption of comprehensive cybersecurity policies, practices, and technologies in the BAS industry. Sponsors of this event are made up of the leading companies and organizations advocating for better cybersecurity in building automation systems.
The Summit comes at the heels of the release of BACnet/SC, a critical component to securing BAS networks.
Fortifying the Digital Sky: Exploring the Application of Cybersecurity for Cl...cyberprosocial
Cloud-Based Applications have become a key component of technical innovation in the dynamic world of modern computing, where scalability and agility are critical. Strong cybersecurity safeguards are becoming more and more important as enterprises move their core business processes to the cloud
Remote sensing and monitoring are changing the mining industry for the better. These are providing innovative solutions to long-standing challenges. Those related to exploration, extraction, and overall environmental management by mining technology companies Odisha. These technologies make use of satellite imaging, aerial photography and sensors to collect data that might be inaccessible or from hazardous locations. With the use of this technology, mining operations are becoming increasingly efficient. Let us gain more insight into the key aspects associated with remote sensing and monitoring when it comes to mining.
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...PaulBryant58
This article provides a comprehensive guide on how to
effectively manage the convert Accpac to QuickBooks , with a particular focus on utilizing online accounting services to streamline the process.
More Related Content
Similar to Cybersec Supply Chain Risks and Governance v0.1.pdf
Presentation from NRF Protect 2019: Retail's Loss Prevention and Cyber Risk Event.
Neil Lakomiak, Business Development Director, Underwriters Laboratories Inc.
Steve Welk, Senior Director, Loss Prevention, Barnes & Noble College Bookstores Inc.
Bernell Zorn, Manager of Program Management, Nordstrom
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
Who's responsible for cybersecurity at your organization? The accountability for cybersecurity has shifted to the C-Suite, and it's needs to become part of the overall business strategy.
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurAlan Yau Ti Dun
"Like any information security processes, there should be an adequate and"
"reasonable level of assurance for cyber security, which completes the security perspective when combined with governance and management processes. Cyber security assurance requires a comprehensive set of controls that covers risk as well as management processes."
"These controls are supported by appropriate metrics and indicators for"
"security goals and factual security risk. This session will share the cybesecurity self assessment program in carrying out an audit or self- assessment review on cyber security controls and practices in a typical organisation. This assurance program will leverage on COBIT 5 framework"
"and COBIT 5 for Information Security as a baseline."
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: Cybersecurity for Government Contractors
Presenter: Robert Nichols, Partner, Covington & Burling LLP
Awareness and Guide to a Practical Implementation.
Discover how to automate security testing, and ensure every bit of code is scanned before it leaves the developer’s hands
https://bsidesdc2018.busyconf.com/schedule#day_5acff470ec4a15f24e000036
For many companies, Cyber Security is achieved solely through the application of technological solutions to software and hardware challenges. Schneider-Electric takes a more holistic approach with a program built around complete product lifecycles and encompassing safety, maintenance and security. Discover Schneider-Electric's cyber security vision, from understanding how secure functionality is engineered into products through the tools and support available to manage updates and patches, plus specific procedures for handling potential vulnerabilities. A software and hardware ecosystem is only as strong as its weakest component, and Schneider-Electric is working to strengthen this through StruXureware and the evolution of platforms.
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
This webinar gives an idea of what is the relation of ISO 27032 with ISO 55001, and how these two standards cover one another. Get more information on Cybersecurity as the importance is given more to the security industry nowadays.
Main points covered:
• Protection assets in Cyberspace
• Covering ISO 27032 in ISO 55001 and ISO 55001 in ISO 27032
• Sample of Cybersecurity Risks in Assets
• Highlights of the Implementation of the Cyber Security program Framework
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Claude Essomba, who is a Managing Director at GETSEC SARL, and has more than 9 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/_280jG77iKY
Implementing Robust Cybersecurity Measures in IT InfrastructuresVRS Technologies
In This PDF We discuss about the implementation of cyber security measures in IT Infrastructures. VRS Technologies LLC occupies the Leading Position in Supplying the Services of Cyber Security Dubai. For More Info Contact us: +971 56 7029840Visit us: https://www.vrstech.com/cyber-security-services.html
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...Cohesive Networks
On June 10th CFO/COO Dwight Koop presented "Cybersecurity for real life: Using the NIST Framework to protect your critical infrastructure" at CircleCity Con in Indianapolis, IN.
Our mission is to be a trusted provider of information technology services and solutions with core competencies in cybersecurity, information assurance, security engineering, risk management and security program and project management. Our proven methodologies and scalable solutions help our clients achieve maximum return on their investment.
Cloud Cybersecurity: Strategies for Managing Vendor RiskHealth Catalyst
As more organizations shift away from on-premise architectures toward the cloud or hybrid hosting models, critical cybersecurity concerns emerge. Organizations, especially health systems, should carefully examine the shared responsibility model in partnership with their cloud vendor.
Kevin Scharnhorst, Health Catalyst Chief Information Security Officer, shares perspectives on how your organization’s security program, through adherence to standards-based policy and procedures, can align with your cloud vendor on reduced organizational risk.
This presentation from the NTXISSA June 2015 Lunch and Learn meeting covers: “Survival in an evolving threat landscape” and “How to talk security in the boardroom”
A Summit to advance BAS cybersecurity
For the second year, the New Deal for Buildings is organizing a Cybersecurity Summit at AHR Expo. The event is designed to gather BAS leaders and facility practitioners to discuss and chart the way forward for the adoption of comprehensive cybersecurity policies, practices, and technologies in the BAS industry. Sponsors of this event are made up of the leading companies and organizations advocating for better cybersecurity in building automation systems.
The Summit comes at the heels of the release of BACnet/SC, a critical component to securing BAS networks.
Fortifying the Digital Sky: Exploring the Application of Cybersecurity for Cl...cyberprosocial
Cloud-Based Applications have become a key component of technical innovation in the dynamic world of modern computing, where scalability and agility are critical. Strong cybersecurity safeguards are becoming more and more important as enterprises move their core business processes to the cloud
Similar to Cybersec Supply Chain Risks and Governance v0.1.pdf (20)
Remote sensing and monitoring are changing the mining industry for the better. These are providing innovative solutions to long-standing challenges. Those related to exploration, extraction, and overall environmental management by mining technology companies Odisha. These technologies make use of satellite imaging, aerial photography and sensors to collect data that might be inaccessible or from hazardous locations. With the use of this technology, mining operations are becoming increasingly efficient. Let us gain more insight into the key aspects associated with remote sensing and monitoring when it comes to mining.
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...PaulBryant58
This article provides a comprehensive guide on how to
effectively manage the convert Accpac to QuickBooks , with a particular focus on utilizing online accounting services to streamline the process.
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptxmy Pandit
Explore the world of the Taurus zodiac sign. Learn about their stability, determination, and appreciation for beauty. Discover how Taureans' grounded nature and hardworking mindset define their unique personality.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Cybersec Supply Chain Risks and Governance v0.1.pdf
1. Cyber Security Supply Chain
Risks and Governance
By: David NJOGA – Cyber GRC Expert (NC3)
CONFIDENTIAL 1
2. CONFIDENTIAL
Aim
• Apprise the participants on the cybersecurity governance
principles, and their alignment towards effective supply chain risks
treatments to enhance national security.
CONFIDENTIAL 2
4. CONFIDENTIAL
Introduction
• Cyber Security Governance provides strategic visibility into
business risks based on cyber threats to:
• achieve compliance requirements
• improve the nation’s overall cyber security posture
CONFIDENTIAL 4
5. CONFIDENTIAL
Objectives of Cyber Security Governance
• To provide pivotal cyber governance activities
for effective and efficient national cyber
operations to improve national security.
CONFIDENTIAL 5
Fig. 1: NIST Cybersecurity Framework v1.1
6. CONFIDENTIAL
Objectives of Cyber Security Governance. . .
• Cyber Governance is concerned with
value delivery from digital transformation
and the mitigation of business risk that
results from digital transformation.
CONFIDENTIAL 6
Benefits
Realization
Risk
Optimization
Resource
Optimization
Fig. 2: COBIT 2019 Value Chain
10. CONFIDENTIAL
Supply Chain
• Cybersecurity in the supply chain cannot be viewed as an IT
problem only!
• Cyber supply chain risks touch sourcing, vendor management,
supply chain continuity and quality, transportation security
and many other functions across the enterprise.
• Cyber supply chain risks require a coordinated effort to address.
CONFIDENTIAL 10
12. CONFIDENTIAL
Some Cyber Attacks
NotPetya ransomware hit global businesses in approximately 59
countries in late June 2017; an attack which prevented one of the
largest container shippers, Maersk Line, from taking new orders
Superfish adware installed on Lenovo notebooks could intercept
encrypted https traffic (2014-2015)
Exploitation of internet of things (IoT) sensors
Bogus traffic attacks from Google Traffic Analytics
CONFIDENTIAL 12
13. CONFIDENTIAL
Cyber Supply Chain Security Principles
Develop your defenses based on the principle that your systems
will be breached.
Cybersecurity is never just a technology problem, it’s a people,
processes and knowledge problem.
Security is Security.
CONFIDENTIAL 13
“Sharing information with suppliers is essential, yet increases the risk of that
information being compromised” (Bowman 2013).
14. CONFIDENTIAL
Supply Chain Risks
• Cyber supply chain risks covers a lot of territory. Some of the concerns
include risks from:
Third party service providers or vendors to software engineering.
Poor information security practices by lower‐tier suppliers.
Compromised software or hardware purchased from suppliers.
Software security vulnerabilities in supply chain management or
supplier systems.
Counterfeit hardware or hardware with embedded malware.
Third party data storage or data aggregators.
CONFIDENTIAL 14
15. CONFIDENTIAL
Appreciation of suppliers’ cybersecurity practices
Is the vendor’s software / hardware design process documented?
Repeatable? Measurable?
Is the mitigation of known vulnerabilities factored into product
design?
How does the vendor stay current on emerging vulnerabilities?
What controls are in place to manage and monitor production
processes?
CONFIDENTIAL 15
16. CONFIDENTIAL
Appreciation of suppliers’ cybersecurity practices …
How is configuration management performed? Quality assurance?
What levels of malware protection and detection are performed?
What steps are taken to “tamper proof” products? Are backdoors
closed?
What physical security measures are in place? Documented?
Audited?
What access controls, both cyber and physical are in place? How are
they documented and audited?
CONFIDENTIAL 16
17. CONFIDENTIAL
Appreciation of suppliers’ cybersecurity practices …
What type of employee background checks are conducted and how
frequently?
What security practice expectations are set for upstream suppliers?
How is adherence to these standards assessed?
How secure is the distribution process?
Have approved and authorized distribution channels been clearly
documented?
What is the component disposal risk and mitigation strategy?
How does vendor assure security through product lifecycle?
CONFIDENTIAL 17
18. CONFIDENTIAL
Cyber Supply Chain Best Practices
Security requirements are included in every RFP and contract.
Onsite collaboration with vendors to address any vulnerabilities and
security gaps.
“One strike and you’re out” policies with respect to vendor products that
are either counterfeit or do not match specification.
Component purchases are tightly controlled; component purchases from
approved vendors are prequalified
CONFIDENTIAL 18
19. CONFIDENTIAL
Cyber Supply Chain Best Practices…
Secure Software Lifecycle Development Programs and training for all
engineers in the life cycle are established.
Source code is obtained for all purchased software.
Software and hardware have a security handshake.
Automation of manufacturing and testing regimes reduces the risk of
human intervention.
CONFIDENTIAL 19
20. CONFIDENTIAL
Cyber Supply Chain Best Practices…
Track and trace programs establish provenance of all parts, components
and systems.
Programs capture “as built” component identity data for each assembly
and automatically links the component identity data to sourcing
information.
Personnel in charge of supply chain cybersecurity partner with every
team that touches any part of the product during its development
lifecycle and ensures that cybersecurity is part of suppliers’ and
developers’ employee experience, processes and tools.
Legacy support for end-of‐life products and platforms; assure continued
supply of authorized IP and parts.
Tight controls on access by service vendors are imposed.
CONFIDENTIAL 20
21. CONFIDENTIAL
Strategic and Systemic transformation
The strategic dimension covers setting strategy, planning and
implementing high‐level steps, and initiating a program and
related portfolio of cybersecurity projects.
The systemic dimension addresses dependencies between parts
of the cybersecurity system that will have an impact on how
change will be achieved and what will be the immediate and
secondary effects.
CONFIDENTIAL 21
22. CONFIDENTIAL
Recommendations
• Adopt Local Robust IT security solutions
• Compliance and Governance of suppliers, vendors, third-party
actors, partners, traders, manufacturers and contractors.
• Certification of International Standards
CONFIDENTIAL 22
23. CONFIDENTIAL
Conclusion
• Cyber governance needs to acknowledge the fact that attacks, incidents
and breaches always target the weakest link in the security of value
chain of the enterprise.
• Consequently, the national cyber security governance design will
address the following two dimensions:
• Basic governance provisions, e.g., expressing the intentions and
overall goals of senior executives and management;
• Extended governance provisions, e.g., guidance for processes that
handle cybercrime and cyberwarfare attacks or links to business
assurance.
CONFIDENTIAL 23