Approved for 1 CompTIA CEU: A+, Network+, Security+, CASP
Supply chain risks have continued to grow dramatically as a result of expanded outsourcing of technology and infrastructure. This has resulted in increasingly complex risk landscape. Managing these risks has become an organizational imperative as customers and stockholders have registered their concern over failures that have affected millions of individuals.
Emerging requirements to identifying and managing cybersecurity within all layers of the defense industrial supply chain are creating new challenges for both suppliers and those responsible for acquisition. In this session the CERT Division of the Software Engineering Institute will describe a method for managing the cybersecurity requirements of DFARS in complex supply chains.
Participants will have the opportunity to discuss a prototype that was recently constructed as a proof of concept for the assessment approach.
Session Topics
- Identifying key dependencies
- Threats to cyber-dependent supply chains
- The consequences of losing control
- Limitations of “outsourcing cyber risk” and management by service level agreement
- Methods for building and managing resilient supply chains
Learning Objectives
- Understand the fundamental concepts of managing risks to cyber-dependent supply chains
- Explore sources of risk in cyber-dependent supply chains
- Enumerate common problematic elements of third-party contracts
- Differentiate between operational resilience and traditional third-party performance requirements
- Identify practical tools, technique, and methods for managing external dependencies and supply chain risk.