SlideShare a Scribd company logo

Securing the Supply Chain

Ignyte Assurance Platform
Ignyte Assurance Platform

This webinar was hosted by Ignyte Assurance Platform and MAGNET: The Manufacturing Advocacy and Growth Network. Recorded on 15 June 2021, it was designed for small and medium businesses struggling with the copious amount of required cybersecurity regulations, where we’ll cover these questions and more such as: How to protect your assets from cyber threats and attacks Guidance on the latest and necessary cybersecurity requirements and legislations Find out what your business needs to comply with and what it takes to get there in the shortest possible time Learn what’s the most efficient way to maximize your efforts and resources in cybersecurity

Software
1 of 32
Download to read offline
LIVE WEBINAR 15 June 2021 Ignyte Assurance Platform hosted by MAGNET: The Manufacturing Advocacy and Growth Network Max Aulakh Founder & CEO Ignyte Assurance Platform Joe Vinciquerra Growth & Innovation Advisor MAGNET OHIO SUPPLY CHAIN SECURITY for Small-Medium Businesses Justus Scott Cybersecurity Awareness Advisor Ignyte Assurance Platform
Topics to Cover Today ● Introductions ● Current State of Industry ● Biden’s Executive Order ● Small Business Security ● CMMC Framework ● Educational Resources for Cybersecurity Maturity Model Certification (CMMC) ● Summary & Next Steps
MAGNET Introduction
Did you know… Average employee salary $72,000 #3 Ohio ranks third in the nation for manufacturing employment In Ohio, manufacturing accounts for more than 700,000 jobs 2016 Ohio Manufacturing Counts, Ohio Manufacturers Association Every manufacturing job drives 3.6 other jobs
Top 5 Growing Concerns Cyber Security and Online Hacking Costs of Healthcare Coverage Succession Planning and Future Leadership Managing Supply Chain Relationships Retirement of Skilled Workers 69% 47% 57% 40% 23% MAGNET 2018 NEO Manufacturing Survey, Under 250 employees, Q17 What are Northeast Ohio manufacturers most concerned about?
A not-for-profit consulting firm comprised of manufacturing experts who roll up our sleeves to transform smart ideas into top and bottom line company growth, resulting in good jobs for our cities and counties MAGNET’s aim is to add value and create economic impact so that: Jobs are being created The value of companies is increasing New products are being manufactured What is MAGNET?
Top-Line Growth Innovation/Technology Bottom-Line Efficiency MAGNET Growth Services …to create high quality jobs across Northeast Ohio that drive our economy forward, especially for small manufacturers MAGNET seeks to support manufacturers through hands-on consulting…
Business Growth Strategy Marketing Strategy and Execution Sales Enablement Top-Line Growth Innovation/Technolog y Bottom-Line Efficiency MAGNET Growth Services Recapture | Retain | Penetrate | Diversify Brand Identity, Differentiation, Market Messaging, Market Research, Product/Market Management, Lead Generation, Integrated Marketing Goal Setting, Pipeline Management, CRM, Sales Training, Sales Management, Target Account Strategy and Distributor Development MAGNET’s approach to top-line growth
MAGNET’s approach to innovation/technology Products, Processes and Automation New Product/Process Development Incorporating New Technologies Top-Line Growth Innovation/Technology Bottom-Line Efficiency MAGNET Growth Services Value engineering to take cost out User experience research to design better products Return on investment calculations Customer Discovery | Market Satisfaction Gap | Identification | Ideation | Market Validation | Prototyping Introductions to new technologies Assessments to identify uses and benefits of new technologies
MAGNET’s approach to bottom-line efficiency Top-Line Growth Innovation/Technolog y Bottom-Line Efficiency MAGNET Growth Services Skills Development Leadership and Culture Operational Excellence Focus on job skills and cross-training to promote standard work and workforce (link training to community colleges) Focus on systems improvement as set by leadership to increase customer value Focus on strategy and leadership of change efforts
MAGNET’s Goal: #3 #1 Toda y Tomorro w To support Ohio manufacturing in its journey to #1 in the USA
Meet Our Speakers Max Aulakh Founder & CEO As a Data Security and Compliance Leader, he delivers DoD-tested security strategies and compliance that safeguard mission-critical IT operations. Having trained and excelled in The United States Air Force, he maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global networks — both classified and unclassified. He drove the Information Assurance (IA) programs for the U.S. Department of Defense (DoD). In 2012, Max founded Ignyte Assurance Platform, a cybersecurity company powered by a transformative GRC software engine, and its newest educational subsidiary, Ignyte Institute, to help accelerate CMMC adaptation among DoD prime and subcontractors. Joe Vinciquerra Growth & Innovation Advisor With over 25 years of experience in engineering and manufacturing, Joe Vinciquerra has developed, sold, and delivered various growth and innovation services to companies in Northeast Ohio. Before joining the MAGNET team in 2016, he worked as a sales director and senior application engineer for Water Star Inc., a company specializing in the innovation, development, and manufacture of precious metal coated titanium anodes. Joe is an ASQ Certified Quality Engineer and holds a Bachelors of Science in Mechanical Engineering from The Ohio State University. S P E C I A L G U E S T Justus Scott CMMC Awareness Advisor Recently joining Ignyte, Justus brings previous experience working in BPM and RPA environments, helping Manufacturers adapt to the growing need for digital transformation. Justus' focus at Ignyte Assurance Platform is now helping Manufacturers with CMMC awareness and advisory.
From gas to meat, hackers are hitting the nation, and consumers, where it hurts • JBS Cyberattack • Colonial Pipeline • Microsoft Exchange Server Cyber Attack • Poisoning a Florida based water utility through Cyber Attack • Channel Nine 9 cyber attack • CNA Financial • Harris Federation • Acer • Airplane Manufacturer Bombardier • Accellion Supply Chain Attack • Sierra Wireless Attack
DHS CISA: 16 Critical Sectors of US Economy
Executive Order 14028 ∙ Sets goals and directions primarily for the Federal Civilian Executive Branch (FCEB) ∙ Aligns policy by updating the FAR, FedRAMP, and NIST Standards ∙ Moves the USG to a Zero Trust Architecture, Secure Cloud Services, and to protecting software supply chains ∙ Increases the sharing of information relating to cyber incidents ∙ Moves the USG to Sets standard for encryption at rest and transit; multi-factor authentication; and endpoint detection and response ∙ Builds a FECB Cyber Incident Response Playbook Improving the Nation’s Cybersecurity May 12, 2021 • Presidential Actions
EMERGING LEGISLATIONS 4 2 1 3 DFARS 252.204 7012: Safeguarding Covered Defense Information and Cyber Incident Reporting DFARS 252.204 7020: NIST SP 800 171 DoD Assessment Requirements DFARS 252.204 7019: Notice of NIST SP 800 171 DoD Assessment Requirements DFARS 252.204 7021: Cybersecurity Maturity Model Certification Requirements
Potential Business Impacts Inadequate security controls leading to internal breach of CUI and FCI. ● Engineering Data & Drawings ● Internal Data Theft Report Cyber Incidents to DoD at http://dibnet.dod.mil within 72 Hours Increasing cost of both Technology & Compliance ● Decrease quality and effectiveness of current technology implementations Potential issues with Prime for not following contract flow down requirement. ● Loss of business revenue 3 Major SMB Impacts 1 3 2
SMALL BUSINESS CYBERSECURITY
CYBER versus. IT Operations ● 80 to 90% of Small Businesses Procure IT through MSP or an outside provider ● IT Providers are part of the overall supplier base (they are critical to partner with) ● IT can help with around 30 to 40% of risk management areas ● Remaining areas require the following disciplines: ○ Legal advisory ○ Financial risk management ○ Business disruption & crisis planning ○ Technology Risks
SMB Internal Security Perspective Products • Inputs & Outputs (OV-5b) • Applications (SvcV-1, SvcV-2, SvcV-3a) • Tools (SvcV-9) • Data (DIV-1, DIV-2, DIV-3) • Dictionary (AV-2, CV-2) • Asset Visibility • Requirements Traceability • Associated Segments (PV-1) Technology • Solution Design (OV-1, OV-2) • Topology (SV-1) • Physical • Logical • Crypto/Security • Management • Modernization • Materiel • Facilities • Lifecycle Management Assessment • Metrics (SvcV-7) • Sunset / Review Criteria Corporate Risk • Impact • Threat Vectors • Security Engineering • Security Assessment and Testing • Security Operations • Threat Indicators and Warnings Processes • Policy • Business Processes (OV-6b) • Applicable Standards (StdV-1) • Management • Governance People • Organization (structure & equipment) • Training • Personnel (Manpower) • Training and Skills (SvcV-9) • Organizational Roles & Responsibilities • User Experience • Human Behavior • Complexity • Suppliers • Customers Priority • Operational Need • ROM • Resourcing / Resource Plan • Estimated time to implement @ level Architecture describes the relationships between: Processes Risk Assessment Products Priority Technology People
Small Business External Perspective | CMMC Based Supplier Program 1. Design & Architect Technology Supplier Program a. Policies & Procedures b. Risk Taxonomy & Classification 2. Inventory Critical Contracts (Highest value) 3. Inventory Critical Vendors (Data & Access) 4. Train & socialize the program w/suppliers 5. Develop assessments 6. Conduct assessment a. Manage data collection concerns 7. Automate the Program
LEVERAGING CMMC AS A STARTING POINT Level Description 1 Consists of the 15 basic safeguarding requirements from FAR clause 52.204-21. 2 Consists of 65 security requirements from NIST SP 800-171 implemented via DFARS clause 252.204-7012, 7 CMMC practices, and 2 CMMC processes. Intended as an optional intermediary step for contractors as part of their progression to Level 3. 3 Consists of all 110 security requirements from NIST SP 800- 171, 20 CMMC practices, and 3 CMMC processes. 4 Consists of all 110 security requirements from NIST SP 800- 171, 46 CMMC practices, and 4 CMMC processes. 5 Consists of all 110 security requirements from NIST SP 800- 171, 61 CMMC practices, and 5 CMMC processes.
CMMC Level 1 ● Meeting the basic requirements to protect Federal Contract Information (FCI): ○ an up-to-date antivirus software application, ○ strong passwords, ○ unauthorized third parties protection. ● FCI is not intended for public release. ● Minimal efforts required to strengthen the cybersecurity defenses. Which CMMC level is right for your business? CMMC Level 2 ● Introducing Controlled Unclassified Information (CUI). ● Standard cybersecurity practices, policies, and strategic plans. ● Major subset of the security requirements specified in NIST SP 800-171. ● 55 new practices for a total of 72 total practices. CMMC Level 3 ● Good cyber hygiene and controls necessary to protect CUI. ● Continuous review of all activities based on their cybersecurity policy. ● All requirements specified in NIST SP 800-171 and other similar standards. ● 130 required security controls, grouped into 17 domains. CMMC Level 4 and Level 5 ● Addressing the changing tactics, techniques, and procedures used by Advanced Persistent Threats (APTs). ● Proactive cybersecurity program and standardized processes to achieve consistency across the entire organization. ● 171 security controls, which are grouped into 17 domains.
Starting Cyber Journey
Small Business Cybersecurity Path Strategy Start with a strategy and a clear understanding of where you want to go Partner with risk advisory and suppliers throughout your ecosystem. Ensure to transfer risk properly. Leverage shared standards like CMMC
Ignyte Training Program Resources Resources are aligned with various stages of managing the CMMC program for Ohio small businesses Program Metrics & Management SSP & POA&M Deliverables Guided Assessment Training Program Deliverables ● DoD Training Website - https://securityhub.usalearning.gov/content/story.html ● Ignyte Institute Practitioner Level & Senior Management Training - https://www.ignyteinstitute.org/ ● CMMC System Security Plan Development - https://ignyteplatform.com/solutions/cmmc/ ● NIST 171 Documentaton - https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final ● SSP & Other Plan of Action & Milestones (POA&M) - https://ignyteplatform.com/solutions/cmmc/
CMMC Education & Training Ignyte Institute Courses Senior Management Course (20 Mins) Practitioner Level Course (1 hour) DoD Issued CUI Training What is CUI and How to recognize it?
Ignyte Assurance Team
Ignyte Assurance Platform Overview Compliance Policy Vendor Management Business Continuity Threat & Vulnerability Enterprise Risk Controls Catalogs Single Database Audit Ready Controls Notification Contextual Mapping Analytics & Benchmarks Workflow Engine Secure & Compliant Reports & Dashboards Scalable Infrastructure Knowledge Base Subject Matter Expert Support Consortia-Driven Ecosystem Unified Platform Micro-Apps
Summary
Key Takeaways ✔Ignyte Assurance Team & Platform ✔Multiple Attacks on Suppliers ✔Biden’s Executive Order ✔Training & ownership of knowledge ✔Start with a risk management program ✔Get Help ASAP & reach out
Next Steps & Questions? Thank you Point of Contact Joe Vinciquerra Growth & Innovation Advisor Justus Scott CMMC Awareness Advisor Point of Contact justus@ignyteplatform.com jvinciquerra@manufacturingsuccess.org

Recommended

CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
Ignyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
Ignyte Assurance Platform
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
Ignyte Assurance Platform
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
 
Educause+V4
Educause+V4Educause+V4
Educause+V4
ecarrow
 
Gpc case study_eng_0221
Gpc case study_eng_0221Gpc case study_eng_0221
Gpc case study_eng_0221
SALIH AHMED ISLAM
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a ciso
Max Justice
 
MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance Program
William McBorrough
 

Recommended

CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
Ignyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
Ignyte Assurance Platform
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
Ignyte Assurance Platform
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
 
Educause+V4
Educause+V4Educause+V4
Educause+V4
ecarrow
 
Gpc case study_eng_0221
Gpc case study_eng_0221Gpc case study_eng_0221
Gpc case study_eng_0221
SALIH AHMED ISLAM
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a ciso
Max Justice
 
MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance Program
William McBorrough
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
ControlCase
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Ignyte Assurance Platform
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Unanet
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
Government Technology and Services Coalition
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
newbie2019
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Cohesive Networks
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
Infosec
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
Donald E. Hester
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
William McBorrough
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
newbie2019
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Alan Yau Ti Dun
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
Tuan Phan
 
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatWhat's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security Threat
Alan Yau Ti Dun
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Alan Yau Ti Dun
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
Priyanka Aash
 
IT & the Auditor
IT & the AuditorIT & the Auditor
IT & the Auditor
Linda Forbes
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to know
Infosec
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service provider
paulharry03
 
CC&B SMECO Success Story
CC&B SMECO Success StoryCC&B SMECO Success Story
CC&B SMECO Success Story
vijaikrishnan
 
IFIP 8.2 Panel On The Service Economy
IFIP 8.2 Panel On The Service EconomyIFIP 8.2 Panel On The Service Economy
IFIP 8.2 Panel On The Service Economy
David S. Lipien, PMP, MCP
 

More Related Content

What's hot

CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
ControlCase
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Ignyte Assurance Platform
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Unanet
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
Government Technology and Services Coalition
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
newbie2019
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Cohesive Networks
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
Infosec
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
Donald E. Hester
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
William McBorrough
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
newbie2019
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Alan Yau Ti Dun
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
Tuan Phan
 
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatWhat's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security Threat
Alan Yau Ti Dun
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Alan Yau Ti Dun
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
Priyanka Aash
 
IT & the Auditor
IT & the AuditorIT & the Auditor
IT & the Auditor
Linda Forbes
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to know
Infosec
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service provider
paulharry03
 

What's hot (20)

CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatWhat's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security Threat
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
 
IT & the Auditor
IT & the AuditorIT & the Auditor
IT & the Auditor
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to know
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service provider
 

Similar to Securing the Supply Chain

CC&B SMECO Success Story
CC&B SMECO Success StoryCC&B SMECO Success Story
CC&B SMECO Success Story
vijaikrishnan
 
IFIP 8.2 Panel On The Service Economy
IFIP 8.2 Panel On The Service EconomyIFIP 8.2 Panel On The Service Economy
IFIP 8.2 Panel On The Service Economy
David S. Lipien, PMP, MCP
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
 
Leveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom lineLeveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom line
guidepostsolutions
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
PECB
 
Siecap Advisory Automation & Supply Chain Trends
Siecap Advisory Automation & Supply Chain TrendsSiecap Advisory Automation & Supply Chain Trends
Siecap Advisory Automation & Supply Chain Trends
Geoffrey Knowles
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Down
accenture
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Enterprise Management Associates
 
Digital and Innovation Strategies for the Infrastructure Industry: Tim McManu...
Digital and Innovation Strategies for the Infrastructure Industry: Tim McManu...Digital and Innovation Strategies for the Infrastructure Industry: Tim McManu...
Digital and Innovation Strategies for the Infrastructure Industry: Tim McManu...
Smart City
 
Thinking out of the toolbox full deck
Thinking out of the toolbox full deckThinking out of the toolbox full deck
Thinking out of the toolbox full deck
Susanna Harper
 
Stateofthe cio 2022 new sample slides
Stateofthe cio 2022 new sample slidesStateofthe cio 2022 new sample slides
Stateofthe cio 2022 new sample slides
IDG
 
Blockchain Audit Use Cases For All Types of Industries
Blockchain Audit Use Cases For All Types of IndustriesBlockchain Audit Use Cases For All Types of Industries
Blockchain Audit Use Cases For All Types of Industries
PrashantAU2
 
Sept 2008 Presentation Quality & Project Management
Sept 2008 Presentation Quality & Project ManagementSept 2008 Presentation Quality & Project Management
Sept 2008 Presentation Quality & Project Management
Haroon Abbu
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical Debt
CAST
 
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Enterprise Management Associates
 
Iot viewpoints. Ovum explores the IoT opportunity in 2018 and beyond
Iot viewpoints. Ovum explores the IoT opportunity in 2018 and beyondIot viewpoints. Ovum explores the IoT opportunity in 2018 and beyond
Iot viewpoints. Ovum explores the IoT opportunity in 2018 and beyond
Digital Policy and Law Consulting
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Ignyte Assurance Platform
 
Chief Inofrmation / Technology Summit
Chief Inofrmation / Technology SummitChief Inofrmation / Technology Summit
Chief Inofrmation / Technology Summit
guested3c50
 
Building a Safety Culture - Dodge Data and Analytics Report
Building a Safety Culture - Dodge Data and Analytics ReportBuilding a Safety Culture - Dodge Data and Analytics Report
Building a Safety Culture - Dodge Data and Analytics Report
Procore Technologies
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
accenture
 

Similar to Securing the Supply Chain (20)

CC&B SMECO Success Story
CC&B SMECO Success StoryCC&B SMECO Success Story
CC&B SMECO Success Story
 
IFIP 8.2 Panel On The Service Economy
IFIP 8.2 Panel On The Service EconomyIFIP 8.2 Panel On The Service Economy
IFIP 8.2 Panel On The Service Economy
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Leveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom lineLeveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom line
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
 
Siecap Advisory Automation & Supply Chain Trends
Siecap Advisory Automation & Supply Chain TrendsSiecap Advisory Automation & Supply Chain Trends
Siecap Advisory Automation & Supply Chain Trends
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Down
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
Digital and Innovation Strategies for the Infrastructure Industry: Tim McManu...
Digital and Innovation Strategies for the Infrastructure Industry: Tim McManu...Digital and Innovation Strategies for the Infrastructure Industry: Tim McManu...
Digital and Innovation Strategies for the Infrastructure Industry: Tim McManu...
 
Thinking out of the toolbox full deck
Thinking out of the toolbox full deckThinking out of the toolbox full deck
Thinking out of the toolbox full deck
 
Stateofthe cio 2022 new sample slides
Stateofthe cio 2022 new sample slidesStateofthe cio 2022 new sample slides
Stateofthe cio 2022 new sample slides
 
Blockchain Audit Use Cases For All Types of Industries
Blockchain Audit Use Cases For All Types of IndustriesBlockchain Audit Use Cases For All Types of Industries
Blockchain Audit Use Cases For All Types of Industries
 
Sept 2008 Presentation Quality & Project Management
Sept 2008 Presentation Quality & Project ManagementSept 2008 Presentation Quality & Project Management
Sept 2008 Presentation Quality & Project Management
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical Debt
 
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
 
Iot viewpoints. Ovum explores the IoT opportunity in 2018 and beyond
Iot viewpoints. Ovum explores the IoT opportunity in 2018 and beyondIot viewpoints. Ovum explores the IoT opportunity in 2018 and beyond
Iot viewpoints. Ovum explores the IoT opportunity in 2018 and beyond
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
Chief Inofrmation / Technology Summit
Chief Inofrmation / Technology SummitChief Inofrmation / Technology Summit
Chief Inofrmation / Technology Summit
 
Building a Safety Culture - Dodge Data and Analytics Report
Building a Safety Culture - Dodge Data and Analytics ReportBuilding a Safety Culture - Dodge Data and Analytics Report
Building a Safety Culture - Dodge Data and Analytics Report
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
 

More from Ignyte Assurance Platform

CMMC Day 2024 _ Ignyte _ Declassification.pptx
CMMC Day 2024 _ Ignyte _ Declassification.pptxCMMC Day 2024 _ Ignyte _ Declassification.pptx
CMMC Day 2024 _ Ignyte _ Declassification.pptx
Ignyte Assurance Platform
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
Ignyte Assurance Platform
 
Ignyte - US Sovereign Cloud Computing
Ignyte - US Sovereign Cloud ComputingIgnyte - US Sovereign Cloud Computing
Ignyte - US Sovereign Cloud Computing
Ignyte Assurance Platform
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
Ignyte Assurance Platform
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
Ignyte Assurance Platform
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
Ignyte Assurance Platform
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIB
Ignyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment GuidanceCMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment Guidance
Ignyte Assurance Platform
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Ignyte Assurance Platform
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
Ignyte Assurance Platform
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
Ignyte Assurance Platform
 

More from Ignyte Assurance Platform (12)

CMMC Day 2024 _ Ignyte _ Declassification.pptx
CMMC Day 2024 _ Ignyte _ Declassification.pptxCMMC Day 2024 _ Ignyte _ Declassification.pptx
CMMC Day 2024 _ Ignyte _ Declassification.pptx
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
 
Ignyte - US Sovereign Cloud Computing
Ignyte - US Sovereign Cloud ComputingIgnyte - US Sovereign Cloud Computing
Ignyte - US Sovereign Cloud Computing
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIB
 
CMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment GuidanceCMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment Guidance
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
 

Recently uploaded

SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
Yara Milbes
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Envertis Software Solutions
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
Requirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional SafetyRequirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional Safety
Ayan Halder
 
What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
aymanquadri279
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
Rakesh Kumar R
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 

Recently uploaded (20)

SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
Requirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional SafetyRequirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional Safety
 
What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 

Securing the Supply Chain

  • 1. LIVE WEBINAR 15 June 2021 Ignyte Assurance Platform hosted by MAGNET: The Manufacturing Advocacy and Growth Network Max Aulakh Founder & CEO Ignyte Assurance Platform Joe Vinciquerra Growth & Innovation Advisor MAGNET OHIO SUPPLY CHAIN SECURITY for Small-Medium Businesses Justus Scott Cybersecurity Awareness Advisor Ignyte Assurance Platform
  • 2. Topics to Cover Today ● Introductions ● Current State of Industry ● Biden’s Executive Order ● Small Business Security ● CMMC Framework ● Educational Resources for Cybersecurity Maturity Model Certification (CMMC) ● Summary & Next Steps
  • 4. Did you know… Average employee salary $72,000 #3 Ohio ranks third in the nation for manufacturing employment In Ohio, manufacturing accounts for more than 700,000 jobs 2016 Ohio Manufacturing Counts, Ohio Manufacturers Association Every manufacturing job drives 3.6 other jobs
  • 5. Top 5 Growing Concerns Cyber Security and Online Hacking Costs of Healthcare Coverage Succession Planning and Future Leadership Managing Supply Chain Relationships Retirement of Skilled Workers 69% 47% 57% 40% 23% MAGNET 2018 NEO Manufacturing Survey, Under 250 employees, Q17 What are Northeast Ohio manufacturers most concerned about?
  • 6. A not-for-profit consulting firm comprised of manufacturing experts who roll up our sleeves to transform smart ideas into top and bottom line company growth, resulting in good jobs for our cities and counties MAGNET’s aim is to add value and create economic impact so that: Jobs are being created The value of companies is increasing New products are being manufactured What is MAGNET?
  • 7. Top-Line Growth Innovation/Technology Bottom-Line Efficiency MAGNET Growth Services …to create high quality jobs across Northeast Ohio that drive our economy forward, especially for small manufacturers MAGNET seeks to support manufacturers through hands-on consulting…
  • 8. Business Growth Strategy Marketing Strategy and Execution Sales Enablement Top-Line Growth Innovation/Technolog y Bottom-Line Efficiency MAGNET Growth Services Recapture | Retain | Penetrate | Diversify Brand Identity, Differentiation, Market Messaging, Market Research, Product/Market Management, Lead Generation, Integrated Marketing Goal Setting, Pipeline Management, CRM, Sales Training, Sales Management, Target Account Strategy and Distributor Development MAGNET’s approach to top-line growth
  • 9. MAGNET’s approach to innovation/technology Products, Processes and Automation New Product/Process Development Incorporating New Technologies Top-Line Growth Innovation/Technology Bottom-Line Efficiency MAGNET Growth Services Value engineering to take cost out User experience research to design better products Return on investment calculations Customer Discovery | Market Satisfaction Gap | Identification | Ideation | Market Validation | Prototyping Introductions to new technologies Assessments to identify uses and benefits of new technologies
  • 10. MAGNET’s approach to bottom-line efficiency Top-Line Growth Innovation/Technolog y Bottom-Line Efficiency MAGNET Growth Services Skills Development Leadership and Culture Operational Excellence Focus on job skills and cross-training to promote standard work and workforce (link training to community colleges) Focus on systems improvement as set by leadership to increase customer value Focus on strategy and leadership of change efforts
  • 11. MAGNET’s Goal: #3 #1 Toda y Tomorro w To support Ohio manufacturing in its journey to #1 in the USA
  • 12. Meet Our Speakers Max Aulakh Founder & CEO As a Data Security and Compliance Leader, he delivers DoD-tested security strategies and compliance that safeguard mission-critical IT operations. Having trained and excelled in The United States Air Force, he maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global networks — both classified and unclassified. He drove the Information Assurance (IA) programs for the U.S. Department of Defense (DoD). In 2012, Max founded Ignyte Assurance Platform, a cybersecurity company powered by a transformative GRC software engine, and its newest educational subsidiary, Ignyte Institute, to help accelerate CMMC adaptation among DoD prime and subcontractors. Joe Vinciquerra Growth & Innovation Advisor With over 25 years of experience in engineering and manufacturing, Joe Vinciquerra has developed, sold, and delivered various growth and innovation services to companies in Northeast Ohio. Before joining the MAGNET team in 2016, he worked as a sales director and senior application engineer for Water Star Inc., a company specializing in the innovation, development, and manufacture of precious metal coated titanium anodes. Joe is an ASQ Certified Quality Engineer and holds a Bachelors of Science in Mechanical Engineering from The Ohio State University. S P E C I A L G U E S T Justus Scott CMMC Awareness Advisor Recently joining Ignyte, Justus brings previous experience working in BPM and RPA environments, helping Manufacturers adapt to the growing need for digital transformation. Justus' focus at Ignyte Assurance Platform is now helping Manufacturers with CMMC awareness and advisory.
  • 13. From gas to meat, hackers are hitting the nation, and consumers, where it hurts • JBS Cyberattack • Colonial Pipeline • Microsoft Exchange Server Cyber Attack • Poisoning a Florida based water utility through Cyber Attack • Channel Nine 9 cyber attack • CNA Financial • Harris Federation • Acer • Airplane Manufacturer Bombardier • Accellion Supply Chain Attack • Sierra Wireless Attack
  • 14. DHS CISA: 16 Critical Sectors of US Economy
  • 15. Executive Order 14028 ∙ Sets goals and directions primarily for the Federal Civilian Executive Branch (FCEB) ∙ Aligns policy by updating the FAR, FedRAMP, and NIST Standards ∙ Moves the USG to a Zero Trust Architecture, Secure Cloud Services, and to protecting software supply chains ∙ Increases the sharing of information relating to cyber incidents ∙ Moves the USG to Sets standard for encryption at rest and transit; multi-factor authentication; and endpoint detection and response ∙ Builds a FECB Cyber Incident Response Playbook Improving the Nation’s Cybersecurity May 12, 2021 • Presidential Actions
  • 16. EMERGING LEGISLATIONS 4 2 1 3 DFARS 252.204 7012: Safeguarding Covered Defense Information and Cyber Incident Reporting DFARS 252.204 7020: NIST SP 800 171 DoD Assessment Requirements DFARS 252.204 7019: Notice of NIST SP 800 171 DoD Assessment Requirements DFARS 252.204 7021: Cybersecurity Maturity Model Certification Requirements
  • 17. Potential Business Impacts Inadequate security controls leading to internal breach of CUI and FCI. ● Engineering Data & Drawings ● Internal Data Theft Report Cyber Incidents to DoD at http://dibnet.dod.mil within 72 Hours Increasing cost of both Technology & Compliance ● Decrease quality and effectiveness of current technology implementations Potential issues with Prime for not following contract flow down requirement. ● Loss of business revenue 3 Major SMB Impacts 1 3 2
  • 19. CYBER versus. IT Operations ● 80 to 90% of Small Businesses Procure IT through MSP or an outside provider ● IT Providers are part of the overall supplier base (they are critical to partner with) ● IT can help with around 30 to 40% of risk management areas ● Remaining areas require the following disciplines: ○ Legal advisory ○ Financial risk management ○ Business disruption & crisis planning ○ Technology Risks
  • 20. SMB Internal Security Perspective Products • Inputs & Outputs (OV-5b) • Applications (SvcV-1, SvcV-2, SvcV-3a) • Tools (SvcV-9) • Data (DIV-1, DIV-2, DIV-3) • Dictionary (AV-2, CV-2) • Asset Visibility • Requirements Traceability • Associated Segments (PV-1) Technology • Solution Design (OV-1, OV-2) • Topology (SV-1) • Physical • Logical • Crypto/Security • Management • Modernization • Materiel • Facilities • Lifecycle Management Assessment • Metrics (SvcV-7) • Sunset / Review Criteria Corporate Risk • Impact • Threat Vectors • Security Engineering • Security Assessment and Testing • Security Operations • Threat Indicators and Warnings Processes • Policy • Business Processes (OV-6b) • Applicable Standards (StdV-1) • Management • Governance People • Organization (structure & equipment) • Training • Personnel (Manpower) • Training and Skills (SvcV-9) • Organizational Roles & Responsibilities • User Experience • Human Behavior • Complexity • Suppliers • Customers Priority • Operational Need • ROM • Resourcing / Resource Plan • Estimated time to implement @ level Architecture describes the relationships between: Processes Risk Assessment Products Priority Technology People
  • 21. Small Business External Perspective | CMMC Based Supplier Program 1. Design & Architect Technology Supplier Program a. Policies & Procedures b. Risk Taxonomy & Classification 2. Inventory Critical Contracts (Highest value) 3. Inventory Critical Vendors (Data & Access) 4. Train & socialize the program w/suppliers 5. Develop assessments 6. Conduct assessment a. Manage data collection concerns 7. Automate the Program
  • 22. LEVERAGING CMMC AS A STARTING POINT Level Description 1 Consists of the 15 basic safeguarding requirements from FAR clause 52.204-21. 2 Consists of 65 security requirements from NIST SP 800-171 implemented via DFARS clause 252.204-7012, 7 CMMC practices, and 2 CMMC processes. Intended as an optional intermediary step for contractors as part of their progression to Level 3. 3 Consists of all 110 security requirements from NIST SP 800- 171, 20 CMMC practices, and 3 CMMC processes. 4 Consists of all 110 security requirements from NIST SP 800- 171, 46 CMMC practices, and 4 CMMC processes. 5 Consists of all 110 security requirements from NIST SP 800- 171, 61 CMMC practices, and 5 CMMC processes.
  • 23. CMMC Level 1 ● Meeting the basic requirements to protect Federal Contract Information (FCI): ○ an up-to-date antivirus software application, ○ strong passwords, ○ unauthorized third parties protection. ● FCI is not intended for public release. ● Minimal efforts required to strengthen the cybersecurity defenses. Which CMMC level is right for your business? CMMC Level 2 ● Introducing Controlled Unclassified Information (CUI). ● Standard cybersecurity practices, policies, and strategic plans. ● Major subset of the security requirements specified in NIST SP 800-171. ● 55 new practices for a total of 72 total practices. CMMC Level 3 ● Good cyber hygiene and controls necessary to protect CUI. ● Continuous review of all activities based on their cybersecurity policy. ● All requirements specified in NIST SP 800-171 and other similar standards. ● 130 required security controls, grouped into 17 domains. CMMC Level 4 and Level 5 ● Addressing the changing tactics, techniques, and procedures used by Advanced Persistent Threats (APTs). ● Proactive cybersecurity program and standardized processes to achieve consistency across the entire organization. ● 171 security controls, which are grouped into 17 domains.
  • 25. Small Business Cybersecurity Path Strategy Start with a strategy and a clear understanding of where you want to go Partner with risk advisory and suppliers throughout your ecosystem. Ensure to transfer risk properly. Leverage shared standards like CMMC
  • 26. Ignyte Training Program Resources Resources are aligned with various stages of managing the CMMC program for Ohio small businesses Program Metrics & Management SSP & POA&M Deliverables Guided Assessment Training Program Deliverables ● DoD Training Website - https://securityhub.usalearning.gov/content/story.html ● Ignyte Institute Practitioner Level & Senior Management Training - https://www.ignyteinstitute.org/ ● CMMC System Security Plan Development - https://ignyteplatform.com/solutions/cmmc/ ● NIST 171 Documentaton - https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final ● SSP & Other Plan of Action & Milestones (POA&M) - https://ignyteplatform.com/solutions/cmmc/
  • 27. CMMC Education & Training Ignyte Institute Courses Senior Management Course (20 Mins) Practitioner Level Course (1 hour) DoD Issued CUI Training What is CUI and How to recognize it?
  • 29. Ignyte Assurance Platform Overview Compliance Policy Vendor Management Business Continuity Threat & Vulnerability Enterprise Risk Controls Catalogs Single Database Audit Ready Controls Notification Contextual Mapping Analytics & Benchmarks Workflow Engine Secure & Compliant Reports & Dashboards Scalable Infrastructure Knowledge Base Subject Matter Expert Support Consortia-Driven Ecosystem Unified Platform Micro-Apps
  • 31. Key Takeaways ✔Ignyte Assurance Team & Platform ✔Multiple Attacks on Suppliers ✔Biden’s Executive Order ✔Training & ownership of knowledge ✔Start with a risk management program ✔Get Help ASAP & reach out
  • 32. Next Steps & Questions? Thank you Point of Contact Joe Vinciquerra Growth & Innovation Advisor Justus Scott CMMC Awareness Advisor Point of Contact justus@ignyteplatform.com jvinciquerra@manufacturingsuccess.org