15      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778604 - SSCIM: An OSI-like model for Supply Chain Cyber Security


Oct 18, 2021 2:45pm ‐ Oct 18, 2021 3:45pm



Credits: None available.

Description

Supply chain security is challenging due to the inherent complexity of global supply chains. The challenge of supply chain security programs is the ability to manage the interdependencies of hardware, software, firmware, and the human relationships and factors that introduce the product into your environment. In Secure SCM, you are only seen as a snippet of code lifted from Github by a coder paid for by a junior developer through an odd-job posted on Fiverr. This same complexity was inherent when the Open Systems Interconnection (OSI) model set a standard communication and data processing structure that is used today. We will propose a model to articulate supply chain risk, mitigating controls, and a risk scoring methodology for the security of the supply chain.

Learning Objectives:
  • Articulate the complex process of supply chain management.
  • Identify a model to manage supply chain risk.
  • Define mitigating controls and a risk scoring methodology for supply chain security risk.

Speaker(s):

  • Jason J. Thomas, CISSP, CISA, Sr. Director, IT Security, Cystic Fibrosis Foundation
  • Spencer Wilcox, CISSP, SSCP, CISA, CPP, Executive Director Technology and CSO, PNM Resources
Tags: Intermediate

Credits

  • 1.00 - CPE

You must be logged in and own this session in order to post comments.

charles searl
10/21/21 12:22 pm

love the bow tie

Barry Dowell
10/25/21 11:25 pm

This session could have gone longer and I would have just kept on listening. Both speakers were really good, knew the material very well, and delivered it very well. Awesome session.

Spencer Wilcox
11/13/21 12:00 pm

Thank you Charles and Barry! We greatly appreciate the feedback, and will be publishing a research paper on the topic in the near future!