In this video, learn the limitations of measuring cybersecurity requirements in unmapped ecosystems, such as those employed by vendors in the supply chain.
- [Instructor] One of the biggest problems … in supply chain security is the level … of complexity it introduces. … Knowing what's in a system is one of a CISO's … biggest challenges. … Many businesses have such complex IT systems … and supplier ecosystems, … that they haven't managed to map out their assets … and supplier interactions. … If you don't know what your supply chain looks like, … you can't measure cybersecurity risk, … you can't communicate requirements to suppliers … or internal teams, … and you don't know if the system is resilient enough … in the case of a breach. … There could be a single point of failure … that you just can't see. … So there's a role that we haven't spent … much time discussing, the enterprise architecture function, … where the business defines its long term … technology strategy. … This is where big organizations standardize IT processes, … which limits suppliers and manages supply chain security. … The enterprise architecture function tries to reduce …
- Recognize how business and technology together create a supply chain cybersecurity problem.
- Identify how cybersecurity defines and maintains boundaries.
- Analyze how common cybersecurity practices compare to supply chain security issues.
- Give examples of how cybersecurity is implemented throughout an organization.
- Differentiate between prescriptive-based requirements and goal-based cybersecurity, with an identified supply chain risk.
- Provide evidence for why communicating about cybersecurity between businesses can be daunting.