CISSP Domain 1: Applying Effective Supply Chain Risk Management - podcast episode cover

CISSP Domain 1: Applying Effective Supply Chain Risk Management

InfosecTrain
Sep 16, 20245 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Understanding Supply Chain Risk Management (SCRM)

Supply Chain Risk Management (SCRM) involves identifying, assessing, and mitigating risks resulting in reliance on external vendors and service providers. The goal is to ensure that all components within the supply chain adhere to the organization’s security policies and do not introduce vulnerabilities. This blog explores a number of important topics, including software bill of materials, silicon root of trust, minimum security standards, third-party assessment and monitoring, and physically unclonable functions. Determining a service-level requirement (SLR) could be required if a supply chain component provider is creating software or offering a service, such as a cloud provider. An SLR is often provided by the customer/client before establishing the SLA, which should incorporate the elements of the SLR if the vendor expects the customer to sign the agreement. This ensures that the security expectations are clearly defined and agreed upon from the outset​​. View More: CISSP Domain 1: Applying Effective Supply Chain Risk Management

For the best experience, listen in Metacast app for iOS or Android