Governance, Compliance, and The Digital Supply Chain – Josh Marpet – BTS #27
Full Audio
View Show IndexSegments
1. Governance, Compliance, and The Digital Supply Chain – Josh Marpet – BTS #27
In this episode, we discuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadoorian and Allan Alford. Specifically, we discuss:
- The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework.
- The podcast highlighted the impact of EU regulations, like CRA, GDPR, and DORA, on global businesses, underscoring the shared responsibility model in data security.
- Vendors' duties in open-source security and software vulnerability management were discussed, with a call for automation in software inventory and security, including the use of SBOMs.
- The conversation included strategies for effective supply chain risk management, advising regular updates, and understanding the interconnectedness of vulnerabilities.
- International compliance, particularly with EU data security laws, presents operational challenges and necessitates robust cybersecurity measures.
- Proactive vendor communication and automated processes are crucial for managing cybersecurity threats efficiently.
Continuous risk assessment is preferred over periodic checks, with an emphasis on a nuanced approach to cybersecurity risk management.
(00:00) - Digital Supply Chain Governance Compliance
(14:08) - EU Regulations on Data Security
(21:38) - Responsibility of Vendors in Open Source
(27:49) - Supply Chain Risk Management Program Advice
(39:01) - Automating Software Inventory and Security
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more!
Announcements
Below the surface listeners can learn more about Eclypsium by visiting eclypsium.com/go - there you will find the “Ultimate guide to supply chain security”, an on-demand webinar I presented called “Unraveling Digital Supply Chain Threats and Risk”, a paper on the relationship between ransomware and the supply chain, and a customer case study with Digital Ocean. If you are interested in seeing our product in action you can also sign up for a demo, you can get all that at eclypsium.com/go!
Guest
IANS Faculty
Compliance and Standards SME
CMMC Author
Entrepreneurship Curmudgeon
Board Member BSidesDE
Board Member BSidesDC
Skytalks Board Member
Global BSides Board Member
Ex-cop and Fireman