Supply chain security is not new, though it certainly feels as though it is. Thanks to globalization, supply chains are ever growing in their depth, complexity, and interconnectedness. Unfortunately, like so many other systems, security of supply chains hasn’t been at the top of the list of things to consider when evaluating supply chains. Understandably, economics led the way. A supply chain exists to foster economic growth and profit-making. None of these are bad but there’s a painful irony: the less security is considered, the greater the costs, which drives down growth and profit-making. Costs aren’t just financial, either. The cost of losing a competitive edge is significant but almost impossible to quantify in dollars. It runs much deeper. As data theft has proliferated on an unprecedented scale, the need for securing supply chains has begun it’s rise to the top of our consciousness. The intriguing thing about supply chain security is that it isn’t all that different than traditional risk management activities. Today’s guest is John Santore, Director of Cybersecurity Services here at Kratos. Together, we’ll dive into supply chain security. We’ll outline what a supply chain is, what to consider when evaluating your supply chain, some of the challenges you might encounter along the way and we’ll outline a basic supply chain risk management approach. Resources: The core tenants of a supply chain risk management approach: <ul> <li>Inventory your supply chain</li> <li>Ensure strong relationships are in place with those in your supply chain</li> <li>Develop criteria for evaluating the risk of suppliers within your organization</li> <li>Work with your suppliers to obtain the information necessary to perform the evaluation</li> <li>Develop a process for scrutinizing suppliers that are identified as high-risk</li> <li>Repeat the process on a defined frequency</li> <li>Ensure that it is applied as part of any supplier intake</li> </ul> Links: <ul> <li class="MsoNormal"><a href= "https://doi.org/10.6028/NIST.SP.800-161r1">NIST SP 800-161: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations</a></li> <li class="MsoNormal"><a style= "text-align: justify; text-indent: -0.25in;" href= "https://csrc.nist.gov/csrc/media/Projects/cyber-supply-chain-risk-management/documents/20240719_C-SCRMFactSheetFinal.pdf"> C-SCRM Factsheet</a></li> <li class="MsoNormal"><a style= "text-align: justify; text-indent: -0.25in;" href= "https://doi.org/10.6028/NIST.SP.800-218">NIST SP 800-218: Secure Software Development Framework</a></li> <li class="MsoNormal"><a style="text-indent: -0.25in;" href= "https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/"> Executive Order 14028</a></li> <li class="MsoNormal"><a style="text-indent: -0.25in;" href= "https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf"> OMB M-22-18</a></li> <li class="MsoNormal"><a style="text-indent: -0.25in;" href= "https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security-1.pdf"> OMB M-23-16</a></li> </ul>

Kratos

Welcome to “Cyber Compliance and Beyond,” a Kratos podcast that will bring clarity to compliance, helping put you in control of cybersecurity compliance in your organization. Kratos is a leading cybersecurity compliance advisory and assessment organization, providing services to both government and commercial clients across varying sectors including defense, space, satellite, financial services, and health care. Through "Cyber Compliance and Beyond," our cyber team of experts will share their insights on the latest compliance issues. We want to hear from you! What unanswered question would you like us to tackle? Is there a topic you’d like us to discuss? Or do you just have some feedback for us? Let us know on Linked and Twitter at Kratos Defense or by email at ccbeyond@kratosdefense.com.

13 - Cybercrime – Credential Theft – Part 2/4

cyber compliance & beyond

Cyber Compliance & Beyond

Supply chain security is not new, though it certainly feels as though it is. Thanks to globalization, supply chains are ever growing in their depth, complexity, and interconnectedness. Unfortunately, like so many other systems, security of supply...

Episode Summary

Clips