Want to create an interactive transcript for this episode?
Podcast: InfosecTrain
Episode: CISSP Domain 1: Applying Effective Supply Chain Risk Management
Description: Understanding Supply Chain Risk Management (SCRM)
Supply Chain Risk Management (SCRM) involves identifying, assessing, and mitigating risks resulting in reliance on external vendors and service providers. The goal is to ensure that all components within the supply chain adhere to the organization’s security policies and do not introduce vulnerabilities. This blog explores a number of important topics, including software bill of materials, silicon root of trust, minimum security standards, third-party assessment and monitoring, and physically unclonable functions. Determining a service-level requirement (SLR) could be required if a supply chain component provider is creating software or offering a se...