Risk may not be seen the same way by a supplier and their customer. In this video, learn how to identify the impact of responsibility gaps, different sized businesses, and the value of contracts on the decisions you make.
- [Instructor] There's a reason that each business … has to do their own cyber security risk assessment, … and define their own risk appetite. … Each business has different needs, … and things that their board will worry about. … There's an inherent problem in attempting … to secure multiple businesses … with all of their interconnections. … When each defines the scope of their responsibility … they make that scope as narrow as possible. … They limit costs and complexity, … but that leaves gaps - gray areas where nobody … is certain who is responsible. … Once we've clarified responsibilities each organization … will have to ask why two organizations might see … the same problem but react differently. … So let's think about money. … Cyber security best practice says the investment … should be pragmatic, proportionate to risk, … and put in order of prioritization to get … the most security for our money. … But that might change the way … that businesses invest based on size. … The big organization has much greater revenue …
- Recognize how business and technology together create a supply chain cybersecurity problem.
- Identify how cybersecurity defines and maintains boundaries.
- Analyze how common cybersecurity practices compare to supply chain security issues.
- Give examples of how cybersecurity is implemented throughout an organization.
- Differentiate between prescriptive-based requirements and goal-based cybersecurity, with an identified supply chain risk.
- Provide evidence for why communicating about cybersecurity between businesses can be daunting.