CISSP Domain 1: Applying Effective Supply Chain Risk Management
An episode of the InfosecTrain podcast, hosted by InfosecTrain, titled "CISSP Domain 1: Applying Effective Supply Chain Risk Management" was published on September 16, 2024 and runs 5 minutes.
September 16, 2024 ·5m · InfosecTrain
Summary
Understanding Supply Chain Risk Management (SCRM) Supply Chain Risk Management (SCRM) involves identifying, assessing, and mitigating risks resulting in reliance on external vendors and service providers. The goal is to ensure that all components within the supply chain adhere to the organization’s security policies and do not introduce vulnerabilities. This blog explores a number of important topics, including software bill of materials, silicon root of trust, minimum security standards, third-party assessment and monitoring, and physically unclonable functions. Determining a service-level requirement (SLR) could be required if a supply chain component provider is creating software or offering a service, such as a cloud provider. An SLR is often provided by the customer/client before establishing the SLA, which should incorporate the elements of the SLR if the vendor expects the customer to sign the agreement. This ensures that the security expectations are clearly defined and agreed upon from the outset. View More: CISSP Domain 1: Applying Effective Supply Chain Risk Management
Episode Description
Understanding Supply Chain Risk Management (SCRM)
Supply Chain Risk Management (SCRM) involves identifying, assessing, and mitigating risks resulting in reliance on external vendors and service providers. The goal is to ensure that all components within the supply chain adhere to the organization’s security policies and do not introduce vulnerabilities. This blog explores a number of important topics, including software bill of materials, silicon root of trust, minimum security standards, third-party assessment and monitoring, and physically unclonable functions. Determining a service-level requirement (SLR) could be required if a supply chain component provider is creating software or offering a service, such as a cloud provider. An SLR is often provided by the customer/client before establishing the SLA, which should incorporate the elements of the SLR if the vendor expects the customer to sign the agreement. This ensures that the security expectations are clearly defined and agreed upon from the outset. View More: CISSP Domain 1: Applying Effective Supply Chain Risk Management
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.