๐ Governance, Compliance, and The Digital Supply Chain - Josh Marpet - BTS #27
๐ก Newskategorie: IT Security Video
๐ Quelle: youtube.com
Author: Security Weekly - Bewertung: 0x - Views:8
In this episode, we discuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadoorian and Allan Alford. Specifically, we discuss:
* The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework.
* The podcast highlighted the impact of EU regulations, like CRA, GDPR, and DORA, on global businesses, underscoring the shared responsibility model in data security.
* Vendors' duties in open-source security and software vulnerability management were discussed, with a call for automation in software inventory and security, including the use of SBOMs.
* The conversation included strategies for effective supply chain risk management, advising regular updates, and understanding the interconnectedness of vulnerabilities.
* International compliance, particularly with EU data security laws, presents operational challenges and necessitates robust cybersecurity measures.
* Proactive vendor communication and automated processes are crucial for managing cybersecurity threats efficiently.
* Continuous risk assessment is preferred over periodic checks, with an emphasis on a nuanced approach to cybersecurity risk management.
* (00:00) - Digital Supply Chain Governance Compliance
* (14:08) - EU Regulations on Data Security
* (21:38) - Responsibility of Vendors in Open Source
* (27:49) - Supply Chain Risk Management Program Advice
* (39:01) - Automating Software Inventory and Security
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more!
Show Notes: https://securityweekly.com/bts-27