SlideShare une entreprise Scribd logo

2 ppt final dan shoemaker dd1 stockholm presentation

Télécharger en tant que PPTX, PDF
G
GlobalForum
1  sur  6
Getting the Workforce to Factor Enterprise Risk into Outsourcing Decisions
What is Supply Chain Risk Management? • Supply chain risk management (SCRM) ensures that the enterprise’s sourced products (HW&SW) and services are functionally correct • SCRM encompasses five different categories of risk* 1. Installation of malicious logic in hardware or software 2. Installation of counterfeit hardware or software 3. Failure or disruption in the production or distribution of a critical product or service 4. Reliance upon a malicious or unqualified supplier 5. Installation of unintentional vulnerabilities * US General Accounting Office (GAO) March 23, 2012 p. 12
What is Supply Chain Risk Management? • The key outcome of -SCRM is that it guarantees that an organization’s sourced products do what they are intended to do and only that • SCRM is enforced through a system-of-systems Enterprise Security Framework (ESF) of controls • Mitigations are designed and deployed through a formal criticality analysis and prioritization scheme (defense in depth) • The aim of SCRM is to ensure that we fully understand all meaningful risks (to the enterprise) when arriving at a make-buy decision?
Building a Unified Body Practice for SCRM • Practices from a ange of conventional fields could conceivably be part of a unified body of practice for ICT supply chain risk management – hardware and software engineering – systems engineering – information systems security engineering – Safety – Reliability – Testing – information assurance – project management – Intelligence – Legal – International relations
A Short Conclusion • The problem addressed by our initiative is, how to manage enterprise-risk from globally sourced ICT sub-components- that may not function as anticipated and may in fact have undesired functionality” • It is critical to get enterprise risk under control since most of of society’s functionality/capability is dependent on ICT sub-components • We hope that we can enlist your help and support in developing and finalizing a correct and relevant unified concept
THANK YOU FOR YOUR ATTENTION Dan Shoemaker, PhD, Director and Senior Research Scientist Global EdICT - Supporting Don Davidson, Chief of Outreach Globalization Task Force (GTF) OASD-NII / DoD CIO dan.shoemaker@att.net

Recommandé

Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Managementtschraider
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Information Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeInformation Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeResolver Inc.
 
Physical Security Information Management Solution for the Enterprise
Physical Security Information Management Solution for the EnterprisePhysical Security Information Management Solution for the Enterprise
Physical Security Information Management Solution for the EnterpriseVidSys, Inc.
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Risk monitoring and response
Risk monitoring and responseRisk monitoring and response
Risk monitoring and responseZyrellLalaguna
 

Recommandé

Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Managementtschraider
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Information Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeInformation Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeResolver Inc.
 
Physical Security Information Management Solution for the Enterprise
Physical Security Information Management Solution for the EnterprisePhysical Security Information Management Solution for the Enterprise
Physical Security Information Management Solution for the EnterpriseVidSys, Inc.
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Risk monitoring and response
Risk monitoring and responseRisk monitoring and response
Risk monitoring and responseZyrellLalaguna
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testingavioren1979
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringResolver Inc.
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability ManagementRahul Neel Mani
 
Taking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityTaking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityResolver Inc.
 
Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk ManagementSocial Tables
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Information Security Risk Management Overview
Information Security Risk Management OverviewInformation Security Risk Management Overview
Information Security Risk Management OverviewWesley Moore
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay DynamicsMeg Vorland
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk AssessmentsJoAnna Cheshire
 
Information Systems Security Review 2004
Information Systems Security Review 2004Information Systems Security Review 2004
Information Systems Security Review 2004Donald E. Hester
 
Physical Security Information Management (PSIM) Solution for the Government
Physical Security Information Management (PSIM) Solution for the GovernmentPhysical Security Information Management (PSIM) Solution for the Government
Physical Security Information Management (PSIM) Solution for the GovernmentVidSys, Inc.
 
The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...adeel hamid
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsArun Prabhakar
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
3 ppt eleanor stewart global forum stockholm es
3 ppt eleanor stewart global forum stockholm es3 ppt eleanor stewart global forum stockholm es
3 ppt eleanor stewart global forum stockholm esGlobalForum
 
Web annika branstrom global forum nov2012long
Web annika branstrom global forum nov2012longWeb annika branstrom global forum nov2012long
Web annika branstrom global forum nov2012longGlobalForum
 

Contenu connexe

Tendances

Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testingavioren1979
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringResolver Inc.
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability ManagementRahul Neel Mani
 
Taking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityTaking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityResolver Inc.
 
Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk ManagementSocial Tables
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Information Security Risk Management Overview
Information Security Risk Management OverviewInformation Security Risk Management Overview
Information Security Risk Management OverviewWesley Moore
 
Information Systems Security Review 2004
Information Systems Security Review 2004Information Systems Security Review 2004
Information Systems Security Review 2004Donald E. Hester
 
Physical Security Information Management (PSIM) Solution for the Government
Physical Security Information Management (PSIM) Solution for the GovernmentPhysical Security Information Management (PSIM) Solution for the Government
Physical Security Information Management (PSIM) Solution for the GovernmentVidSys, Inc.
 
The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...adeel hamid
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsArun Prabhakar
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 

Tendances (20)

Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testing
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social Engineering
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability Management
 
Taking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityTaking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business Continuity
 
Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk Management
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
Information Security Risk Management Overview
Information Security Risk Management OverviewInformation Security Risk Management Overview
Information Security Risk Management Overview
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 
Information Systems Security Review 2004
Information Systems Security Review 2004Information Systems Security Review 2004
Information Systems Security Review 2004
 
Physical Security Information Management (PSIM) Solution for the Government
Physical Security Information Management (PSIM) Solution for the GovernmentPhysical Security Information Management (PSIM) Solution for the Government
Physical Security Information Management (PSIM) Solution for the Government
 
The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification Solutions
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent Cybersecurity
 

En vedette

3 ppt eleanor stewart global forum stockholm es
3 ppt eleanor stewart global forum stockholm es3 ppt eleanor stewart global forum stockholm es
3 ppt eleanor stewart global forum stockholm esGlobalForum
 
Web annika branstrom global forum nov2012long
Web annika branstrom global forum nov2012longWeb annika branstrom global forum nov2012long
Web annika branstrom global forum nov2012longGlobalForum
 
3. w.cellary privacy stockholm_v5
3. w.cellary privacy stockholm_v53. w.cellary privacy stockholm_v5
3. w.cellary privacy stockholm_v5GlobalForum
 
4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fd4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fdGlobalForum
 
Web samia mehlem open data and wb main presentation
Web samia mehlem open data and wb main presentationWeb samia mehlem open data and wb main presentation
Web samia mehlem open data and wb main presentationGlobalForum
 
5. global forum sg grumbach
5. global forum sg grumbach5. global forum sg grumbach
5. global forum sg grumbachGlobalForum
 
4 ppt myeongki baek
4 ppt myeongki baek4 ppt myeongki baek
4 ppt myeongki baekGlobalForum
 

En vedette (7)

3 ppt eleanor stewart global forum stockholm es
3 ppt eleanor stewart global forum stockholm es3 ppt eleanor stewart global forum stockholm es
3 ppt eleanor stewart global forum stockholm es
 
Web annika branstrom global forum nov2012long
Web annika branstrom global forum nov2012longWeb annika branstrom global forum nov2012long
Web annika branstrom global forum nov2012long
 
3. w.cellary privacy stockholm_v5
3. w.cellary privacy stockholm_v53. w.cellary privacy stockholm_v5
3. w.cellary privacy stockholm_v5
 
4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fd4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fd
 
Web samia mehlem open data and wb main presentation
Web samia mehlem open data and wb main presentationWeb samia mehlem open data and wb main presentation
Web samia mehlem open data and wb main presentation
 
5. global forum sg grumbach
5. global forum sg grumbach5. global forum sg grumbach
5. global forum sg grumbach
 
4 ppt myeongki baek
4 ppt myeongki baek4 ppt myeongki baek
4 ppt myeongki baek
 

Similaire à 2 ppt final dan shoemaker dd1 stockholm presentation

MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
111.pptx
111.pptx111.pptx
111.pptxJESUNPK
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!Heather Salmons Newswanger
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Software
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-levelDonald Tabone
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 

Similaire à 2 ppt final dan shoemaker dd1 stockholm presentation (20)

Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
111.pptx
111.pptx111.pptx
111.pptx
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, Entreda
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
Eng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestEng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-Latest
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 

Plus de GlobalForum

7. brigitte d'heygere
7. brigitte d'heygere7. brigitte d'heygere
7. brigitte d'heygereGlobalForum
 
Corporate urban f presentation europe
Corporate urban f presentation europeCorporate urban f presentation europe
Corporate urban f presentation europeGlobalForum
 
7 ppt thunus global forum
7 ppt thunus global forum7 ppt thunus global forum
7 ppt thunus global forumGlobalForum
 
6 ppt hoddevik short final
6 ppt hoddevik short final6 ppt hoddevik short final
6 ppt hoddevik short finalGlobalForum
 
5 ppt johannes wimmer global forum session_6_bbg
5 ppt johannes wimmer global forum session_6_bbg5 ppt johannes wimmer global forum session_6_bbg
5 ppt johannes wimmer global forum session_6_bbgGlobalForum
 
Wormeli global forum 2012
Wormeli global forum 2012Wormeli global forum 2012
Wormeli global forum 2012GlobalForum
 
12 11-11 global forum sto thomas myrup kristensen facebook
12 11-11 global forum sto thomas myrup kristensen facebook12 11-11 global forum sto thomas myrup kristensen facebook
12 11-11 global forum sto thomas myrup kristensen facebookGlobalForum
 
2. 2012 11-11 global forum sto thomas myrup kristensen facebook
2. 2012 11-11 global forum sto thomas myrup kristensen facebook2. 2012 11-11 global forum sto thomas myrup kristensen facebook
2. 2012 11-11 global forum sto thomas myrup kristensen facebookGlobalForum
 
Steven adler ibm big data predictions
Steven adler ibm big data predictionsSteven adler ibm big data predictions
Steven adler ibm big data predictionsGlobalForum
 
Ppt shark global forum session 3 2012 v4
Ppt shark global forum session 3 2012 v4Ppt shark global forum session 3 2012 v4
Ppt shark global forum session 3 2012 v4GlobalForum
 
Ppt samia mehlem global forum samia m session 3
Ppt samia mehlem global forum samia m session 3Ppt samia mehlem global forum samia m session 3
Ppt samia mehlem global forum samia m session 3GlobalForum
 
Latif ladid gen6 overview
Latif ladid gen6 overviewLatif ladid gen6 overview
Latif ladid gen6 overviewGlobalForum
 
Annika branstrom short global forum nov.2012
Annika branstrom short global forum nov.2012Annika branstrom short global forum nov.2012
Annika branstrom short global forum nov.2012GlobalForum
 
20121112 global forum_ntt_niwano_fin
20121112 global forum_ntt_niwano_fin20121112 global forum_ntt_niwano_fin
20121112 global forum_ntt_niwano_finGlobalForum
 
Global forum 2012 pascal poitevin v2
Global forum 2012 pascal poitevin v2Global forum 2012 pascal poitevin v2
Global forum 2012 pascal poitevin v2GlobalForum
 
1 ppt h lindskog rev
1 ppt h lindskog rev1 ppt h lindskog rev
1 ppt h lindskog revGlobalForum
 
Global Forum 2012: Francisco Garcia Moran
Global Forum 2012: Francisco Garcia MoranGlobal Forum 2012: Francisco Garcia Moran
Global Forum 2012: Francisco Garcia MoranGlobalForum
 
Global forum 2012: Gaetano Santucci
Global forum 2012: Gaetano SantucciGlobal forum 2012: Gaetano Santucci
Global forum 2012: Gaetano SantucciGlobalForum
 
Global Forum 2012 Presentation: Nesar Maroof, Bahrain Government Authority
Global Forum 2012 Presentation: Nesar Maroof, Bahrain Government AuthorityGlobal Forum 2012 Presentation: Nesar Maroof, Bahrain Government Authority
Global Forum 2012 Presentation: Nesar Maroof, Bahrain Government AuthorityGlobalForum
 

Plus de GlobalForum (20)

7. brigitte d'heygere
7. brigitte d'heygere7. brigitte d'heygere
7. brigitte d'heygere
 
Corporate urban f presentation europe
Corporate urban f presentation europeCorporate urban f presentation europe
Corporate urban f presentation europe
 
7 ppt thunus global forum
7 ppt thunus global forum7 ppt thunus global forum
7 ppt thunus global forum
 
6 ppt hoddevik short final
6 ppt hoddevik short final6 ppt hoddevik short final
6 ppt hoddevik short final
 
5 ppt johannes wimmer global forum session_6_bbg
5 ppt johannes wimmer global forum session_6_bbg5 ppt johannes wimmer global forum session_6_bbg
5 ppt johannes wimmer global forum session_6_bbg
 
Wormeli
WormeliWormeli
Wormeli
 
Wormeli global forum 2012
Wormeli global forum 2012Wormeli global forum 2012
Wormeli global forum 2012
 
12 11-11 global forum sto thomas myrup kristensen facebook
12 11-11 global forum sto thomas myrup kristensen facebook12 11-11 global forum sto thomas myrup kristensen facebook
12 11-11 global forum sto thomas myrup kristensen facebook
 
2. 2012 11-11 global forum sto thomas myrup kristensen facebook
2. 2012 11-11 global forum sto thomas myrup kristensen facebook2. 2012 11-11 global forum sto thomas myrup kristensen facebook
2. 2012 11-11 global forum sto thomas myrup kristensen facebook
 
Steven adler ibm big data predictions
Steven adler ibm big data predictionsSteven adler ibm big data predictions
Steven adler ibm big data predictions
 
Ppt shark global forum session 3 2012 v4
Ppt shark global forum session 3 2012 v4Ppt shark global forum session 3 2012 v4
Ppt shark global forum session 3 2012 v4
 
Ppt samia mehlem global forum samia m session 3
Ppt samia mehlem global forum samia m session 3Ppt samia mehlem global forum samia m session 3
Ppt samia mehlem global forum samia m session 3
 
Latif ladid gen6 overview
Latif ladid gen6 overviewLatif ladid gen6 overview
Latif ladid gen6 overview
 
Annika branstrom short global forum nov.2012
Annika branstrom short global forum nov.2012Annika branstrom short global forum nov.2012
Annika branstrom short global forum nov.2012
 
20121112 global forum_ntt_niwano_fin
20121112 global forum_ntt_niwano_fin20121112 global forum_ntt_niwano_fin
20121112 global forum_ntt_niwano_fin
 
Global forum 2012 pascal poitevin v2
Global forum 2012 pascal poitevin v2Global forum 2012 pascal poitevin v2
Global forum 2012 pascal poitevin v2
 
1 ppt h lindskog rev
1 ppt h lindskog rev1 ppt h lindskog rev
1 ppt h lindskog rev
 
Global Forum 2012: Francisco Garcia Moran
Global Forum 2012: Francisco Garcia MoranGlobal Forum 2012: Francisco Garcia Moran
Global Forum 2012: Francisco Garcia Moran
 
Global forum 2012: Gaetano Santucci
Global forum 2012: Gaetano SantucciGlobal forum 2012: Gaetano Santucci
Global forum 2012: Gaetano Santucci
 
Global Forum 2012 Presentation: Nesar Maroof, Bahrain Government Authority
Global Forum 2012 Presentation: Nesar Maroof, Bahrain Government AuthorityGlobal Forum 2012 Presentation: Nesar Maroof, Bahrain Government Authority
Global Forum 2012 Presentation: Nesar Maroof, Bahrain Government Authority
 

2 ppt final dan shoemaker dd1 stockholm presentation

  • 1. Getting the Workforce to Factor Enterprise Risk into Outsourcing Decisions
  • 2. What is Supply Chain Risk Management? • Supply chain risk management (SCRM) ensures that the enterprise’s sourced products (HW&SW) and services are functionally correct • SCRM encompasses five different categories of risk* 1. Installation of malicious logic in hardware or software 2. Installation of counterfeit hardware or software 3. Failure or disruption in the production or distribution of a critical product or service 4. Reliance upon a malicious or unqualified supplier 5. Installation of unintentional vulnerabilities * US General Accounting Office (GAO) March 23, 2012 p. 12
  • 3. What is Supply Chain Risk Management? • The key outcome of -SCRM is that it guarantees that an organization’s sourced products do what they are intended to do and only that • SCRM is enforced through a system-of-systems Enterprise Security Framework (ESF) of controls • Mitigations are designed and deployed through a formal criticality analysis and prioritization scheme (defense in depth) • The aim of SCRM is to ensure that we fully understand all meaningful risks (to the enterprise) when arriving at a make-buy decision?
  • 4. Building a Unified Body Practice for SCRM • Practices from a ange of conventional fields could conceivably be part of a unified body of practice for ICT supply chain risk management – hardware and software engineering – systems engineering – information systems security engineering – Safety – Reliability – Testing – information assurance – project management – Intelligence – Legal – International relations
  • 5. A Short Conclusion • The problem addressed by our initiative is, how to manage enterprise-risk from globally sourced ICT sub-components- that may not function as anticipated and may in fact have undesired functionality” • It is critical to get enterprise risk under control since most of of society’s functionality/capability is dependent on ICT sub-components • We hope that we can enlist your help and support in developing and finalizing a correct and relevant unified concept
  • 6. THANK YOU FOR YOUR ATTENTION Dan Shoemaker, PhD, Director and Senior Research Scientist Global EdICT - Supporting Don Davidson, Chief of Outreach Globalization Task Force (GTF) OASD-NII / DoD CIO dan.shoemaker@att.net