📚 Governance, Compliance, and The Digital Supply Chain - Josh Marpet - BTS #27

Author: Security Weekly - Bewertung: 0x - Views:8

In this episode, we discuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadoorian and Allan Alford. Specifically, we discuss: * The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework. * The podcast highlighted the impact of EU regulations, like CRA, GDPR, and DORA, on global businesses, underscoring the shared responsibility model in data security. * Vendors' duties in open-source security and software vulnerability management were discussed, with a call for automation in software inventory and security, including the use of SBOMs. * The conversation included strategies for effective supply chain risk management, advising regular updates, and understanding the interconnectedness of vulnerabilities. * International compliance, particularly with EU data security laws, presents operational challenges and necessitates robust cybersecurity measures. * Proactive vendor communication and automated processes are crucial for managing cybersecurity threats efficiently. * Continuous risk assessment is preferred over periodic checks, with an emphasis on a nuanced approach to cybersecurity risk management. * (00:00) - Digital Supply Chain Governance Compliance * (14:08) - EU Regulations on Data Security * (21:38) - Responsibility of Vendors in Open Source * (27:49) - Supply Chain Risk Management Program Advice * (39:01) - Automating Software Inventory and Security This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more! Show Notes: https://securityweekly.com/bts-27