CISA, NIST Release Guidance on Defending Against Supply Chain Attacks
In light of recent supply chain intrusions, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Agency (CISA) and National Institute for Standards and Technology (NIST) have released new guidance on defending supply chain software, using the NIST framework to identify and mitigate risks.
In addition to information about supply chain risks and common attack techniques, the resource helps guide users through identifying, assessing, and mitigating supply chain risks using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF).
“Network defenders are limited in their ability to quickly mitigate consequences after a threat actor has compromised a software supply chain. This is because organizations rarely control their entire software supply chain and lack authority to compel every organization in their supply chain to take prom
GFSI and the Compliance Challenge for Food Safety, Upcoming Webinar Hosted by Xtalks
Share Article
In this free webinar, the featured speakers will discuss the Global Food Safety Initiative (GFSI) as a food safety passport to the global market. They will discuss changes and trends in food safety standards, compliance failures and corresponding controls, as well as present risk management case studies from small, medium and large food companies. A review will cover software solutions, including how to prevent auto-failures and achieve one-minute mock recall compliance.
In a live panel conversation, the speakers will share insight from their positions at leading food producers, auditors and software providers.
NIST Publishes Key Practices in Cyber Supply Chain Risk Management | Patterson Belknap Webb & Tyler LLP jdsupra.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from jdsupra.com Daily Mail and Mail on Sunday newspapers.
Details of the 2020 SolarWinds attack continue to unfold, and it may be years before the final damages can be tallied.
While it is “hard to say” if the SolarWinds software supply-chain compromise will become known as the highest-impact cyber intrusion ever, it did catch “many people off guard” despite the security industry’s frequent warnings that supply chains pose substantial risks, according to Eric Parizo, principal analyst of security operations at Omdia, a global research firm.
The SolarWinds attack is unprecedented because of its capability to cause significant physical consequences, says University of Richmond management professor Shital Thekdi, an expert on risk management and industrial and operations engineering. The attack impacted critical infrastructure providers, potentially impacting energy and manufacturing capacities,” she said, and created an ongoing intrusion that “should be treated as a serious event with potential for great harm.”
New Leadership brings new hope for The Department of Commerce energycentral.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from energycentral.com Daily Mail and Mail on Sunday newspapers.