When have you transferred too much risk? In this video, learn the tools available to evaluate risk at various points in the supply chain.
- [Presenter] Cybersecurity is a lifecycle, … and supply chain security comes with … its own lessons learned and adaptations of policies. … One of the most contentious lessons is when a business … is forced to ask whether they've transferred too much risk. … Let's have a recap of the asymmetry problem … in cybersecurity. … A business has an investment … in defending themselves against a threat. … The attacker is also prepared to invest, … and the small businesses contribution to cybersecurity … is caught in the middle. … The question to ask when we think about … whether a business is transferring too much risk - … what is the supplier's investment in proportion to? … If it's a very large business in the middle … with small businesses on the left hand side, … then it's likely that the supplier's investment … is greater than the small business could achieve. … So long as the big supplier's communicating … the quality of their service clearly, … the small business can be fairly confident …
- Recognize how business and technology together create a supply chain cybersecurity problem.
- Identify how cybersecurity defines and maintains boundaries.
- Analyze how common cybersecurity practices compare to supply chain security issues.
- Give examples of how cybersecurity is implemented throughout an organization.
- Differentiate between prescriptive-based requirements and goal-based cybersecurity, with an identified supply chain risk.
- Provide evidence for why communicating about cybersecurity between businesses can be daunting.