IT Vendor Risk Management: Improving but Still Inadequate

One of the fundamental best practices of cyber supply chain security is IT vendor risk management. When organizations purchase and deploy application software, routers, servers, and storage devices, they are in essence placing their trust in the IT vendors that develop and sell these products. 

Topics: Cybersecurity cyber supply chain security

U.S. Critical Infrastructure Continue to Make Risky IT Bets

When the term “critical infrastructure” is mentioned in conversation, thoughts immediately turn to things like electrical power plants, oil and gas pipelines, food, water, etc. You know, the foundational services of modern life that we all take for granted. These are the same industries that former Defense Secretary Leon Panetta was referring to when he warned of the possibility of a “cyber-Pearl Harbor” back in 2012.  Panetta stated:

Topics: Cybersecurity cyber supply chain security

U.S. Critical Infrastructure under Cyber-Attack

ESG recently published a new research report titled, Cyber Supply Chain Security Revisited, focused on cyber supply chain security practices and challenges at U.S.-based critical infrastructure organizations.  The term “critical infrastructure” is associated with 16 industries designated by the U.S. Department of Homeland Security (DHS), “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof” (source: DHS).

Some experts believe that a cyber-attack on one or several critical infrastructure organizations could result in a “Cyber Pearl Harbor,” disrupting society and the economy for weeks or months. This places critical infrastructure organizations firmly in the national security bucket.

Topics: Cybersecurity cyber supply chain security Critical Infrastructure

Cyber Supply Chain Security Is Increasingly Difficult for Critical Infrastructure Organizations

As the old cybersecurity adage states, "The cybersecurity chain is only as strong as its weakest link." Smart CISOs also understand that the proverbial weak link may actually be out of their control. 

Topics: Cybersecurity cyber supply chain security

Enterprises Need Outside-In Continuous Monitoring for Risk Management

Ask any CISO what their job entails and they are likely to respond with a common mantra: Assess IT risk, communicate IT risk to business executives, and then create and execute a mutually agreed upon plan to address risk.

Topics: IBM Cloud Computing Cybersecurity Information and Risk Management Security and Privacy Security risk management DHS Booz Allen Hamilton Lockheed Martin RiskIQ BitSight Target CSC CDM cyber supply chain security Public Cloud Service