Many organizations are struggling with how to reduce the risk of maliciously inserted functionality in the IT products they purchase. At the same time, there is an increasing buzz about US and International standards for addressing technology risks from the supply chain. The challenge is in understanding how each standard or a combination of standards might be used to reduce risks specific to an organization. Cyber Supply Chain Risk Management (SCRM) seeks to manage and mitigate cyber and supply chain risk throughout an acquisition lifecycle for an element or a system. It is a multi-disciplinary challenge which requires contributions and collaboration among many disciplines. Key areas include systems engineering, information security, application security, supply chain and logistics planning and management, IT resiliency, and risk management. Existing standards development efforts are creating a robust set of standards that can be used to address the various aspects of Cyber SCRM.
Without an understanding of the nuances of the standards, it is challenging for stakeholders to select the standards that mitigate the risk from organizational specific threats. This session will leverage the common supply chain threats that organizations are working to address to determine which anti-counterfeit, acquirer/supplier relationships, software assurance, and product certification standards are offer mitigations to your organization. This session will provide an overview of existing and emerging standards and recommendations for selecting the right standards for an organization.