Below the Surface (Audio) - The Supply Chain Security Podcast

Eclypsium

A lively discussion of the threats affecting supply chain, specifically focused on firmware and low-level code that is a blind spot for many organizations. This podcast will feature guests from the cybersecurity industry discussing the problems surrounding supply chain-related issues and potential solutions. Get the Supply Chain Security Toolkit from Eclypsium here: https://eclypsium.com/go read less
TechnologyTechnology

Episodes

Governance, Compliance, and The Digital Supply Chain - Josh Marpet - BTS #27
Apr 10 2024
Governance, Compliance, and The Digital Supply Chain - Josh Marpet - BTS #27
In this episode, we disccuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadorian and Alan Alford. Specifically, we discuss: The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework.The podcast highlighted the impact of EU regulations, like CRA, GDPR, and DORA, on global businesses, underscoring the shared responsibility model in data security.Vendors' duties in open-source security and software vulnerability management were discussed, with a call for automation in software inventory and security, including the use of SBOMs.The conversation included strategies for effective supply chain risk management, advising regular updates, and understanding the interconnectedness of vulnerabilities.International compliance, particularly with EU data security laws, presents operational challenges and necessitates robust cybersecurity measures.Proactive vendor communication and automated processes are crucial for managing cybersecurity threats efficiently. Continuous risk assessment is preferred over periodic checks, with an emphasis on a nuanced approach to cybersecurity risk management. (00:00) - Digital Supply Chain Governance Compliance (14:08) - EU Regulations on Data Security (21:38) - Responsibility of Vendors in Open Source (27:49) - Supply Chain Risk Management Program Advice (39:01) - Automating Software Inventory and Security This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more! Show Notes: https://securityweekly.com/bts-27