Recent ransomware and data breach attacks on retailers and manufacturers in the U.K. have highlighted both the importance of supply chains to everyday operations and the potential risks they can pose to organizations when supply chain cybersecurity falls short. These resources offer practical and actionable advice and learning opportunities for professionals dealing with supply chain cybersecurity.
ISC2 Reports
Information Sharing in Cyber Supply Chain Risk Management – A New Model
ISC2 convened an international volunteer task force to examine cybersecurity supply chain challenges. A key theme was the challenge around information sharing and how to increase the benefit to wider communities, notably small to medium-sized organizations, which are acutely impacted by the shortage of skilled cybersecurity professionals when supply chain security issues occur.
Securing SATCOM Amid Rising Demands and Threats
With the expansion of connectivity comes the expansion of the risk landscape. ISC2 has worked with 31 subject matter experts – including 29 CISSPs – to create a guide for practitioners to use when evaluating the cybersecurity risks, challenges and use cases for privatized satellite-based communications.
Tackling Supply Chain Security Risks
Securing Non-Human Identities in Production
Non-human identities (NHIs), such as supply chain access, service accounts, automation scripts and APIs can grow across a production environment without clear governance or visibility, weakening an organization’s identity and access management (IAM) position.
Following the Money: Insights on Critical Infrastructure Risk Management
Critical infrastructure attacks can have a substantial impact on public safety, with knock-on impacts that ripple through other CI sectors due to deeply intertwined supply chains.
Am I Logging the Right AWS Log Sources?
As organizations increasingly rely on external cloud platforms such as Amazon Web Services (AWS), maintaining a clear understanding of what’s going on with external services is essential.
Zero Trust Architecture: Building a Resilient Cybersecurity Framework with Key Technologies and Strategies
It's not just about guarding the perimeter anymore; It's about having security protocols at every door, elevator and server room – constant verification that each person is where they should be and accessing only what they need and are authorized to touch, at every moment they're on the premises.
Evaluation
Third-Party Risk Assessments in Cloud Security: Balancing Value and Challenges
As the IT supply chain – such as cloud environments – has become increasingly important for organizations, third-party risk assessments have emerged as a common practice to identify potential security issues. These assessments often include vulnerability scans and checks for misconfigurations.
Bolstering the Supply Chain with Vendor Contract Reviews
Reviewing and evaluating vendor agreements is an important task for cybersecurity teams and budget holders. Serving as an important supply chain stress test, it provides an opportunity to identify and address weaknesses and changing needs, ensuring that a good contract with clear deliverables and expectations is part of a cybersecurity defensive strategy alongside the people and the technology.
Technology and Risk: Elevating Cybersecurity Strategies to the C-Suite and Board
As organizations integrate sophisticated technologies and services into their core operations, they encounter various risks, ranging from cyber threats to compliance issues, that can impact their operational and strategic landscape. Cybersecurity risks, such as data breaches, can lead to substantial financial and reputational damage.
Understanding the European Cyber Resilience Act
With hardware and software, especially in connected environments, seen as avenues for cyberattacks, the EU has deemed it necessary to ensure that products sold in the region do not prematurely become a weak point that can be exploited by bad actors. A cybersecurity incident affecting one product can impact a wider organization, a supply chain or even a home.
Professional Development
Software Inventory and SBOM Course
Software Bill of Materials (SBOM) is transforming the ways organizations address software security in an increasingly complex supply chain ecosystem. As businesses rely more on third-party components, cybersecurity professionals must grasp SBOMs to effectively mitigate vulnerabilities and ensure compliance.
CGRC – Governance, Risk and Compliance Certification
CGRC professionals utilize frameworks to integrate security and privacy within organizational objectives, better enabling stakeholders to make informed decisions regarding data security, compliance, supply chain risk management and more.
ISSMP – Information Systems Security Management Professional
This cybersecurity management certification shows that you excel at establishing, presenting and governing information security programs. You also demonstrate deep management and leadership skills across critical security functions like incident response and recovery.