Risk can be tricky to evaluate when working within a supply chain. In this video, learn how to identify who holds risk, responsibility, or control in your supply chains.
- [Instructor] Part of the problem with cybersecurity … is that it relies on creating boundaries. … But those boundaries depend on … controlling a number of factors, … some of which will have been shared … or outsourced to suppliers. … Owning the supply chain cybersecurity problem … will mean different things to different people. … There's three main requirements for managing risk. … Firstly, the actual risk we're worried about. … Secondly, there's the responsibility for the security. … And third, the control of the IT system platforms, … or people, that the security measures involve. … So let's look at an example organization. … Quite a large organization, … they have their own tower block … and obviously they're connected to the internet. … They might have satellite offices, … which to the casual observer look … like they're connected separately to the internet, … but most multi-site organizations will now be using VPN … so the computers are isolated from the wider internet … and they all think that they're actually in the same office. …
- Recognize how business and technology together create a supply chain cybersecurity problem.
- Identify how cybersecurity defines and maintains boundaries.
- Analyze how common cybersecurity practices compare to supply chain security issues.
- Give examples of how cybersecurity is implemented throughout an organization.
- Differentiate between prescriptive-based requirements and goal-based cybersecurity, with an identified supply chain risk.
- Provide evidence for why communicating about cybersecurity between businesses can be daunting.