Understanding Supply Chain Risks
|
|
- Leona Skinner
- 6 years ago
- Views:
Transcription
1 Understanding Supply Chain Risks Brent Wildasin August 2016 HCHB IT Security Day
2 Supply Chain Risk Management 2 What is information and communications technology supply chain risk management (ICT SCRM)? ICT SCRM encompasses activities in the system development life cycle, including research and development (R&D), design, manufacturing, acquisition, delivery, integration, operations, and disposal/retirement of an organization s ICT products (i.e., hardware and software) and services. (NIST SP ) Security: Confidentiality, integrity and availability of information. Integrity: ICT Products or services are genuine, unaltered and perform to acquirer specifications. Resilience: ICT supply chain will provide required ICT Products and services under stress or failure. Quality: Reducing vulnerabilities that may limit product intended function, product failure, or provide opportunities for exploitation.
3 The ICT Supply Chain What is an ICT Supply Chain? ICT relies on a complex, globally distributed, and interconnected supply chain ecosystem that is long, has geographically diverse routes, and consists of multiple tiers of outsourcing. This ecosystem is composed of public and private sector entities (e.g., acquirers, system integrators, suppliers, and external service providers) and technology, law, policy, procedures, and practices that interact to design, manufacture, distribute, deploy, and use ICT products and services. (NIST SP ) How is an ICT Supply Chain Comprised? An occurrence within the ICT supply chain whereby an adversary jeopardizes the confidentiality, integrity, or availability of a system or the information the system processes, stores, or transmits. An ICT supply chain compromise can occur anywhere within the system development life cycle of the product or service. (NIST SP ) Counterfeits Suspicious Network Activity Foreign Ownership 3
4 Global ICT Threat Environment Why does a Supply Chain Compromise Occur? Globalization of the ICT sector is creating vulnerabilities that adversaries are exploiting to sabotage, or otherwise subvert the design, integrity, or operation of critical systems. Motivation Military Financial Political Capability Nation State Organization Individual Risk Vulnerability Weakness Flaw Level_of Control The combination of capability, motivation, and vulnerability create risk! How do I Protect my Supply Chain?.Supply Chain Risk Management (SCRM) ICT SCRM is an holistic approach to reducing ICT supply chain vulnerabilities by identifying and analyzing risks within a supply chain. 4
5 Who Practices ICT SCRM? ICT SCRM is an organization wide / shared activity Senior Executives: Create the right professional and cultural conditions necessary to implement effective SCRM policy. Senior Executives Program Manager IT Practitioner Program Manager: Develop actionable SCRM policies and procedures, guidance and operational constraints. IT Practitioner: Define system level ICT SCRM Requirements. 5
6 . Federal SCRM Policy Drivers Overview An Enterprise SCRM Program and Focal Point will satisfy CNSSD 505 requirements and support the Key Policy drivers listed below. Key Policy Drivers CNCI 11 GAO Audit CNSSD 505 ICD 731 EO NIST Section 515 (a) (b) Circular No. A 130 Revision 6
7 Understanding the Risks: Cyber Breach As the number of highly publicized cyber attacks has increased in recent years, the focus on cybersecurity and new risk management techniques have escalated rapidly. Many factors feed this growing demand, including: Intensified pressure on boards to demonstrate their fiduciary duty to assess cyber risk. Increased regulatory oversight and scrutiny of global data privacy practices. As more companies grow their operations, an expanded need for information sharing amongst colleagues and partners. 7
8 Understanding the Risks: Cyber Breach Case Study Example: BMC Software and HVAC Company Connected to Target Cyber Data Breach Attackers used third party vendor to discover Target s remote access credentials. From within the system, attackers used BMC s Performance Assurance IT Suite domain name, Best1_user, to insert malware. In addition, attackers installed another malware component that appeared to be the legitimate BMC Software Bladelogic. BMC Statement: There is no evidence to suggest that BMC Bladelogic or BMC Performance Assurance has a security flaw or was comprised as part of this attack. 8
9 Understanding the Risks: Counterfeit Parts Aerospace Industries Association (AIA) "a product produced or altered to resemble a product without authority or right to do so, with the intent to mislead or defraud by presenting the imitation as original or genuine" 9
10 Understanding the Risks: Counterfeit Parts What is the impact? Over a million suspect counterfeit electronic components were used in 1,800 cases affecting US military hardware, affecting military aircraft, missile, and electronic warfare systems. Large numbers of counterfeit parts mainly from China were making their way into critical defense systems, including the US Air Force s largest cargo plane and in assemblies for Special Operations helicopters and US Navy surveillance planes. Where do the counterfeit parts come from? China (and Taiwan) is responsible for more than 70% of the suspect components, followed by the United Kingdom and Canada; the committee identified instances were both countries were reselling counterfeit electronic components that originated in China. How do counterfeit parts enter the supply chain? The use of unvetted distributors to supply electronic parts meant that the DOD and defense contractors are frequently unaware of the ultimate source of parts used in defense systems. Findings from Inquiry into Counterfeit Electronic Parts in the Department of Defense Supply Chain Report, Senate Armed Services Committee, May 12,
11 Combating Risks: Open Source Intelligence Analysis Financial & Business Intelligence Supply Chain Illumination Entity Link Analysis Counterfeit Identification Manufacturing Locations 11
12 SCRM Program to NIST Cybersecurity Framework 12 SCRM Capability NIST Category NIST Control Identify Assessment Management Protect Maintenance Metrics & KPIs Identify Governance Business Environment Risk Management Strategy Program Administration Identify Business Environment Governance Risk Management Strategy Protect Information Protection Processes and Procedures Identify Risk Assessment SCRM Assessments Protect Protective Technology Information Protection Processes and Procedures Detect Security Continuous Monitoring SCRM Policy Identify Governance Protect Information Protection Processes and Procedures Identify Risk Assessment SCRM SME Protect Awareness and Training Respond Incident Management TOA Protect Awareness and Training Identify & Protect supports up front SCRM Assessments, being involved in Acquisition, C&A, Market Research
13 13 Questions?
14 Administrative and Contact Information For more information OSY SCRM SCRM Program: pply chain risk management 14
Change is a Constant. Effective Lean Operations when Sourcing Globally
Effective Lean Operations when Sourcing Globally Steve Shiffer PMP Change is a Constant Since the 1970s Mt Material ilrequirements Planning Manufacturing Resource Planning Just In Time Lean Manufacturing
More informationInformation Systems and Organizations
1.4.2 ICT Supply Chain Risk ICT supply chain risks include insertion of counterfeits, unauthorized production, tampering, theft, insertion of malicious software and hardware (e.g., GPS tracking devices,
More informationVol. 2 Management RFP No. QTA0015THA A2-2
Manufacturing and Assembly: All MetTel manufacturing and assembly activities are focused on the reduction of supply chain risk. MetTel s SCRM Plan and the associated Systems Acquisition (SA) controls for
More informationTeam #1: Information Technology Software. Team Leads: Ms. Amanda Graham, Boeing Mr. Jody Cox ODASD (SCI)
Team #1: Information Technology Software Team Leads: Ms. Amanda Graham, Boeing Mr. Jody Cox ODASD (SCI) 1. Information Technology: scenario description Scenario: As the Director of Communications (J6)
More informationInformation and Communications Technology Supply Chain Risk Management (ICT SCRM)
Information and Communications Technology Supply Chain Risk Management (ICT SCRM) Jon Boyens Computer Security Division IT Laboratory Na#onal Ins#tute of Standards and Technology June 24, 2015 Agenda Ø
More informationDOD MANUAL , VOLUME 1 DOD SUPPLY CHAIN MATERIEL MANAGEMENT PROCEDURES: OPERATIONAL REQUIREMENTS
DOD MANUAL 4140.01, VOLUME 1 DOD SUPPLY CHAIN MATERIEL MANAGEMENT PROCEDURES: OPERATIONAL REQUIREMENTS Originating Component: Office of the Under Secretary of Defense for Acquisition and Sustainment Effective:
More informationAchieving Competitive Advantage Through Supply Chain Management Challenges of a Services Organization
Achieving Competitive Advantage Through Supply Chain Management Challenges of a Services Organization Edward J. Sheehan, Jr. President & Chief Executive Officer Concurrent Technologies Corporation March
More informationSCRM for CDM Products
SCRM for CDM Products CDM Tools Approved Products List (APL) Supply Chain Risk Management Plan Overview Briefing for CISQ Cyber Resilience Summit October 19, 2017 Continuous Diagnostics and Mitigation
More informationSecurity and risk governance. An operational model
Security and risk governance An operational model Table of Contents Ecosystem not Enterprise Segregation of duties Operating model Organizational structure Governance The benefits Forward steps 2 3 4 5
More informationMANAGING SUPPLY CHAIN RISKSTO DOD SYSTEMS AND NETWORKS Thomas Barth, Michelle Albert, and Elizabeth McDaniel
MANAGING SUPPLY CHAIN RISKSTO DOD SYSTEMS AND NETWORKS Thomas Barth, Michelle Albert, and Elizabeth McDaniel The Problem Global supply chains are vulnerable to attack or manipulation. If an adversary compromises
More informationUpdate on Supply Chain Risk Management [SCRM] Standard
Update on Supply Chain Risk Management [SCRM] Standard Dr. Joseph B. Baugh Senior Compliance Auditor, Cyber Security WECC Compliance Workshop Portland OR November 14, 2017 Speaker Credentials Electrical
More informationEnsuring Organizational & Enterprise Resiliency with Third Parties
Ensuring Organizational & Enterprise Resiliency with Third Parties Geno Pandolfi Tuesday, May 17, 2016 Room 7&8 (1:30-2:15 PM) Session Review Objectives Approaches to Third Party Risk Management Core Concepts
More informationBEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT
BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Schweitzer Engineering Laboratories, Inc. Delivering Quality Products by Managing Supply Chain Risk INTERVIEWS Senior Management from Quality; Manufacturing;
More informationCounterfeit Material Prevention I. PURPOSE
I. PURPOSE REV. A Page 1 of 3 The purpose of this procedure is to document the necessary avoidance, detection, mitigation, and disposition process to prevent the purchase and/or use of counterfeit material.
More informationAddressing Counterfeits & Non-Conforming Components
Addressing Counterfeits & Non-Conforming Components Joe Jarzombek, Director for Software and Supply Chain Assurance Stakeholder Engagement & Cyber Infrastructure Resilience Supply Chain Risk Management
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationQUALITY ASSURANCE PROCEDURE: SUPPLIER QUALITY REQUIREMENTS
Originator: RCG Page 1 of 6 1. PURPOSE This document defines minimum quality requirements for suppliers of products or processes to Whelen Engineering Company, Inc. ( Whelen ), when the products or processes
More informationWHITE PAPER RSA RISK FRAMEWORK FOR DYNAMIC WORKFORCE MANAGING RISK IN A COMPLEX & CHANGING WORK ENVIRONMENT
RSA RISK FRAMEWORK FOR DYNAMIC WORKFORCE MANAGING RISK IN A COMPLEX & CHANGING WORK ENVIRONMENT INTRODUCTION Digital Transformation is a journey underway in organizations across the globe. Defined as an
More informationDAU-South Acquisition Update February 23, 2017 Session Topics and Descriptions (Presentations will be available for download after the event.
DAU-South Acquisition Update February 23, 2017 Session Topics and Descriptions (Presentations will be available for download after the event.) Session 1: 8:00 9:30 am (CENTRAL) 1.1: Understanding Government:
More informationBusiness Resilience: Proactive measures for forward-looking enterprises
IBM Global Services Business Resilience: Proactive measures for forward-looking enterprises protect deflect predict adapt Working with IBM, you can develop and implement a flexible business resilience
More informationHow to Stand Up a Privacy Program: Privacy in a Box
How to Stand Up a Privacy Program: Privacy in a Box Part III of III: Maturing a Privacy Program Presented by the IT, Privacy, & ecommerce global committee of ACC Thanks to: Nick Holland, Fieldfisher (ITPEC
More informationSystems Assurance, The Global Supply Chain, and Efforts To Increase Communication Between Acquisition and Development
Systems Assurance, The Global Supply Chain, and Efforts To Increase Communication Between Acquisition and Development Michele Moss NDIA CMMI Technology Conference November 17, 2010 1 Table Of Contents
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationTopics. Background Approach Status
16 th September 2014 Topics Background Approach Status Background e-governance in India National e-governance Plan 2006 31 Mission Mode Projects Quality Assurance in e-governance Quality Assessment of
More informationInformation Privacy and Cybersecurity in a King IV World
Information Privacy and Cybersecurity in a King IV World King IV The King IV Report on Corporate Governance for South Africa 2016, The Institute of Directors in Southern Africa. Released 1 November 2016
More informationOutsourcing is a common practice in several
Why Should We Care About Outsourcing? Brian Schultz Outsourcing: Practice used by companies to reduce costs by transferring portions of work to outside suppliers rather than completing it internally. (Investopedia)
More informationReview of Compliance. Review completed 30 June 2015 Unclassified summary released October 2015
Review of Compliance Review completed 30 June 2015 Unclassified summary released October 2015 Contents Introduction... 3 Summary of Review... 3 Recommendations of the Review:... 4 Director s Response...
More informationYour Product is Made WHERE?
Your Product is Made WHERE? SESSION ID: GRC-W03 David Doughty Director Product Security Engineering Intel Corporation Intel Corporation 2012 revenue of $53B USD Global commercial off the shelf products
More informationDEFENSE INFORMATION SYSTEMS AGENCY P. O. BOX 549 FORT MEADE, MARYLAND
DEFENSE INFORMATION SYSTEMS AGENCY P. O. BOX 549 FORT MEADE, MARYLAND 20755-0549 IN REPLY REFER TO: Chief Information Assurance Executive (CIAE) 3 May 2013 MEMORANDUM FOR DISTRIBUTION SUBJECT: Department
More informationCounterfeit Parts in DoD s Supply Chain: Presentation to ABA PCLS Small Business Committee on Section 818 of 2012 NDAA January 23, 2013
Counterfeit Parts in DoD s Supply Chain: Presentation to ABA PCLS Small Business Committee on Section 818 of 2012 NDAA January 23, 2013 Jeffery M. Chiow 750 Ninth Street, N.W., Ste 710 Washington, D.C.
More informationDepartment of Defense MANUAL
Department of Defense MANUAL NUMBER 4140.01, Volume 1 February 10, 2014 Incorporating Change 1, November 27, 2017 USD(AT&L) SUBJECT: DoD Supply Chain Materiel Management Procedures: Operational Requirements
More informationDoD Insider Threat Program Best Practice
DoD Insider Threat Program Best Practice 5.1 Processes: Getting Started Rev 1 01/08/2018 1 The Under Secretary of Defense for Intelligence is the Senior Official for Insider Threat Do you have any questions,
More informationFinancial Supply Chain Transactions: The Rising Importance of Information Protection and Secure Connectivity for Data Exchange
Financial Supply Chain Transactions: The Rising Importance of Information Protection and Secure Connectivity for Data June 18, 2007 Rising Complexity of Financial Supply Chain Transactions and the Role
More informationRSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, anti-virus, intrusion prevention systems, intrusion
More informationStrategic Plan
Information Technology Strategic Plan 2019-2021 Presented by Darin King Vice Chancellor for Information Technology/CIO Strategic Plan 2019-2021 Contents Executive Summary... 3 Goals...4 GOAL ONE...4 GOAL
More informationCENTURYLINK DRAFT SUPPLY CHAIN RISK MANAGEMENT (SCRM) PLAN
Enterprise Infrastructure Solutions Volume 2 Management Volume Draft SCRM Plan CENTURYLINK DRAFT SUPPLY CHAIN RISK MANAGEMENT (SCRM) PLAN DRAFT CDRL 77 November 4, 2016 Qwest Government Services, Inc.
More informationSOLUTION BRIEF HELPING ADDRESS GDPR CHALLENGES WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING ADDRESS GDPR CHALLENGES WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL ACROSS THE GLOBE The EU GDPR imposes interrelated obligations for organizations
More informationSection I: General Quality Assurance Requirements Applicable To All Purchase/Subcontract Orders;
Section I: General Quality Assurance Requirements Applicable To All Purchase/Subcontract Orders; A. Quality System The Supplier s Quality System shall comply with ISO 9001:2008. All sample inspection must
More informationBuying IoT Technology: How to Contract Securely. By Nicholas R. Merker, Partner, Ice Miller LLP
Buying IoT Technology: How to Contract Securely By Nicholas R. Merker, Partner, Ice Miller LLP More and more products are shipping with sensors and network connectivity to capitalize on the currency of
More informationCOMPLIANCE TRUMPS RISK
RSA ARCHER GRC Product Brief COMPLIANCE TRUMPS RISK Organizations are finding themselves buried in compliance activities and reacting to the latest laws and regulations. The ever-increasing volume, complexity
More informationPartnering With Outside Directors & Proxy Holders To Strengthen FOCI Boards: A White Paper AUGUST Table of Contents
Partnering With Outside Directors & Proxy Holders To Strengthen FOCI Boards: A White Paper AUGUST 2018 Table of Contents Executive Summary...2 I. Introduction...3 II. General Requirements...3 a. Purpose
More informationREGULATORY HOT TOPIC Third Party IT Vendor Management
REGULATORY HOT TOPIC Third Party IT Vendor Management 1 Todays Outsourced Technology Services Core Processing Internet Banking Mobile Banking Managed Security Services Managed Data Center Services And
More informationTOP 6 SECURITY USE CASES
Solution Brief: Top 6 Security Use Cases for Automated Asset Inventory page 1 SOLUTION BRIEF TOP 6 SECURITY USE CASES for Automated Asset Inventory Solution Brief: Top 6 Security Use Cases for Automated
More informationUNDERSTANDING CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ONLINE REPORT SPONSORED BY: CONTRACT GUIDE UNDERSTANDING CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) INSIDE 2 3 4 5 6 WHAT IS CDM AND WHY DO YOU NEED IT? CDM COULD BE A GAME-CHANGER HOW DOES CDM WORK? WITH
More informationGetting the most out of your SIEM technology
Getting the most out of your SIEM technology Co-management helps to maximize existing investments and rapidly advance security Whitepaper Make Security Possible Table of Contents Maximizing the SIEM s
More informationDigital & Technology Solutions Specialist Integrated Degree Apprenticeship (Level 7)
Digital & Technology Solutions Specialist Integrated Degree Apprenticeship (Level 7) Role Profile A Digital & Technology Solutions Specialist maintains digital and technology strategies through technology
More informationTHE CLOUD, RISKS AND INTERNAL CONTROLS. Presented By William Blend, CPA, CFE
THE CLOUD, RISKS AND INTERNAL CONTROLS Presented By William Blend, CPA, CFE AGENDA Cloud Basics Risks Related Cloud Use GOA on Service Level Agreements COSO ERM Internal Control Model 2 CLOUD BASICS Evolution
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Portfolio Management Portfolio Management is the process of analyzing, selecting, controlling, and evaluating needs
More informationSecuring Intel s External Online Presence
IT@Intel White Paper Intel IT IT Best Practices Information Security May 2011 Securing Intel s External Online Presence Executive Overview Overall, the Intel Secure External Presence program has effectively
More informationGROUP FRAUD RISK MANAGEMENT POLICY SUMMARY FOR THIRD PARTY SUPPLIERS
GROUP FRAUD RISK MANAGEMENT POLICY SUMMARY FOR THIRD PARTY SUPPLIERS RATIONALE Group Policy Rationale The definition of fraud used in this Policy is derived from the criminal definition in the Fraud Act
More informationPreparing for the Unexpected: Business Continuity and Information Security Trends and Tactics
Preparing for the Unexpected: Business Continuity and Information Security Trends and Tactics August 2018 By Kevin Kondo Assistant Vice President, Enterprise Security Kevin Kondo is Assistant Vice President
More informationAssessments for Certified and Non-Certified Vendors
Assessments for Certified and Non-Certified Vendors 3rd party Vendors Security Risk Profile 63% of all 2016 data breaches resulted from third party vendor s risk Small companies are high risk - security
More informationIT risks and controls
Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2017 Agenda I IT GOVERNANCE IT evolution, objectives, roles
More informationInsurance Accounting & Systems Association (IASA): NY/NJ Chapter Spring 2014
Insurance Accounting & Systems Association (IASA): NY/NJ Chapter Spring 2014 State of Information Security by Deloitte & Touche LLP May 20, 2014 As used in this document, Deloitte means Deloitte & Touche
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Hardward Device Hardware Device Inventory provides the Enterprise with the methods and schema necessary to identify
More informationRE: Response to NIST SP , DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations
November 1, 2013 Mr. Jon Boyens Senior Advisor, Computer Security Division National Institute of Standards and Technology 100 Bureau Drive, Mail Stop 893 Gaithersburg, MD 20819 Via e-mail to: scrm-nist@nist.gov
More informationISACA San Francisco Chapter
ISACA San Francisco Chapter The 2007 Privacy Panel Rena Mears, CISSP, CIPP, CPA, CISA Partner, Deloitte & Touche LLP March 23, 2007 San Francisco 0 What is Privacy and Why Now? Definition of PII The definition
More informationInformation Technology Risks in Today s Environment
Information Technology s in Today s Environment - Traci Mizoguchi Enterprise Services Senior Manager, Deloitte & Touche LLP Agenda Overview Top 10 Emerging IT s Summary Q&A 1 Overview Technology continues
More informationThird Party Risk Management ( TPRM ) Transformation
Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement
More informationIAEA Procurement Engineering and Supply Chain Activities John Moore Division of Nuclear Power
IAEA Procurement Engineering and Supply Chain Activities John Moore Division of Nuclear Power j.h.moore@iaea.org Vienna, September 8-10, 2014 (Technical Meeting TM-47114) Topics IAEA documents related
More informationEffective implementation of COSO s new anti-fraud guidance
Effective implementation of COSO s new anti-fraud guidance In September 2016, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a new Fraud Risk Management Guide (Anti-fraud
More informationCyber Supply Chain Risk Management: Toward a Global Vision of Transparency and Trust
Cyber Supply Chain Risk Management: Toward a Global Vision of Transparency and Trust Scott Charney, Eric T. Werner 1 July 26, 2011 1 This paper benefited from the many reviewers who provided substantive
More informationSupply Chain. Example Policy. Author: A Heathcote Date: 24/05/2017 Version: 1.0
Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationOverview of SAE s AS6500 Manufacturing Management Program. David Karr Technical Advisor for Mfg/QA AFLCMC/EZSM
Overview of SAE s AS6500 Manufacturing Management Program David Karr Technical Advisor for Mfg/QA AFLCMC/EZSM 937-255-7450 david.karr@us.af.mil 1 Agenda Background Objectives/Conformance/Definitions Requirements
More informationCounterfeit Parts: A Lockheed Martin perspective
Counterfeit Parts: A Lockheed Martin perspective Parts Standardization & Management Committee Conference Deputy Director Procurement Quality LM Space Systems Counterfeit Parts Agenda Industry involvement
More informationBoards and internal audit: Working together to strengthen risk management
Boards and internal audit: Working together to strengthen risk management Growing demands on boards The role of the board has always been an important and demanding one, but today s board members face
More informationINTELLIGENT IAM FOR DUMMIES. SecureAuth Special Edition
INTELLIGENT IAM FOR DUMMIES SecureAuth Special Edition TABLE OF CONTENTS Introduction... 3 Introducing Intelligent Identity and Access Management (IIAM)... 4 What Can IIAM Do for You?... 7 Analyzing Account
More informationFraud Controls to Tackle the Mobile Revolution
Fraud Controls to Tackle the Mobile Revolution TABLE OF CONTENTS Overview... 3 Today s Challenges for Financial Institutions... 3 Mobile-Enabled Fraud Mitigation... 5 Identify & Combat Mobile-Enabled Fraud
More informationCTI Capability Maturity Model
CTI Capability Maturity Model 2018 CTI-EU, Brussels November 2018 MARCO LOURENCO - ENISA Cyber Security Analyst Lead European Union Agency for Network and Information Security Whoami Started as data forensics
More informationProtecting your critical digital assets: Not all systems and data are created equal
JANUARY 2017 Hoxton/Tom Merton/Getty Images R i s k Protecting your critical digital assets: Not all systems and data are created equal Top management must lead an enterprise-wide effort to find and protect
More informationRisk Analysis (Project Impact Analysis)
Chapter 2 Risk Analysis (Project Impact Analysis) 2.1 Overview Risk management is a process that provides management with the balance of meeting business objectives or missions and the need to protect
More informationHoneywell Software Service Tools Help Manage Control System Performance, Security and Process Plant Outcomes
Honeywell Software Service Tools Help Manage Control System Performance, Security and Process Plant Outcomes Today s Honeywell LSS software service tools portfolio and the vision to optimize software tool
More informationModel Based System Engineering (MBSE) Applied to Program Oversight and Complex System of Systems Analysis
Model Based System Engineering (MBSE) Applied to Program Oversight and Complex System of Systems Analysis 10-30-2014 Agenda Introduction MBSE, UML & SysML mature approach with broad base of practitioners
More informationICAO WCO JOINT WORKSHOP AIR CARGO SECURITY AND FACILITATION
ICAO WCO JOINT WORKSHOP AIR CARGO SECURITY AND FACILITATION 1 MODULE 7 RISK MANAGEMENT MODELS 2 Module Objective Present Risk Management models used by ICAO and WCO 3 DEFINITIONS 4 Threat ICAO The probability
More informationIT Due Diligence in an Era of Mergers and Acquisitions
IT Due Diligence in an Era of Mergers and Acquisitions Session 49, March 6, 2018 Charlie Jones, Director of Project Management, University of Vermont Health Network 1 Conflict of Interest Charlie Jones;
More informationAcademic Partnerships Program Fiscal Year 2017 Proposal Solicitation
Objective LMI seeks to conduct sponsored research with university partners that supports LMI s mission of providing independent analysis and practical solutions to the challenges facing the federal government.
More informationEffects of GDPR and NY DFS on your Third Party Risk Management Program
Effects of GDPR and NY DFS on your Third Party Risk Management Program Please disable popup blocking software before viewing this webcast June 27, 2017 Grant Thornton LLP. All rights reserved. 1 CPE Reminders
More informationVol. 1 Technical RFP No. QTA0015THA
2.1.15 Service Related Equipment [C.2.10, Section D] 2.1.15.1 Compliance with Evaluation Criteria [L.29.2.1] The MetTel SRE solution fulfills the mandatory service requirements for SRE contained in SOW
More informationAutomating the Defense: Really Taking Advantage of Automated Sharing
Automating the Defense: Really Taking Advantage of Automated Sharing Michael Vermilye The Johns Hopkins University Applied Physics Laboratory 2017 by The Johns Hopkins Applied Physics Laboratory. Material
More informationSection 4. Efforts for Effective, Efficient, Open, and Transparent Procurement
Section 4. Efforts for Effective, Efficient, Open, and Transparent Procurement Appropriate and efficient procurement of defense equipment and materials is one of the most important elements for Japan s
More informationGovernment contracting hot topics
Government contracting hot topics NCMA Boston workshop 13 March 2019 Written by Agenda Other Transaction Authority current trends Section 809 Panel Business system updates Cybersecurity Audit guidance
More informationOutsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise
Outsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise @ComplianceWeek #CW2017 Release for answers to polling questions I understand that any data or information
More informationRole Profile. Role Details. Grade 4 Business unit. Date produced or updated March 2017
Role Profile Role Details Role Title Risk Officer Permanent Grade Business unit Risk Reporting to Head of Risk Date produced or updated March 2017 Purpose of Role To support the Head of Risk and Risk Director
More informationOutsourcing and the Need for Supplier Audits
Outsourcing and the Need for Supplier Audits John A. Gatto Retired April 3, 2017 Agenda Why Audit Suppliers Outsourcing Supplier Risks Minimum Security Standards Audit Focus 2 1 Definitions Third Party
More informationCYBERSECURITY INSIDER THREAT BEST PRACTICES GUIDE, 2 ND EDITION FEBRUARY 2018 PREPARED BY SIFMA WITH THE ASSISTANCE OF SIDLEY AUSTIN LLP
CYBERSECURITY INSIDER THREAT BEST PRACTICES GUIDE, 2 ND EDITION FEBRUARY 2018 PREPARED BY SIFMA WITH THE ASSISTANCE OF SIDLEY AUSTIN LLP INSIDER THREAT BEST PRACTICES GUIDE TABLE OF CONTENTS I. DISCLAIMER..............................................
More informationATTACHMENT B CORPORATE COMPLIANCE PROGRAM. In order to address any deficiencies in its internal controls, policies, and procedures
ATTACHMENT B CORPORATE COMPLIANCE PROGRAM In order to address any deficiencies in its internal controls, policies, and procedures regarding compliance with the Foreign Corrupt Practices Act ( FCPA ), 15
More informationGary Rubens Mitch Bishop
Gary Rubens IT Solutions Manager Mitch Bishop Chief Marketing Officer irise #1 IT Challenge in the 20th Century Operational efficiency 2 #1 IT Challenge in the 21st Century Innovation & Growth 3 Business
More informationWhy Hiring the Right CISO is so Hard And What You Can Do About It
Why Hiring the Right CISO is so Hard And What You Can Do About It AUTHORS: ERIK MATSON Managing Director, Global Head of Insurance & Cybersercurity JOHN BUDRISS Executive Director, Technology, Data Science
More informationFACE DOWN CYBERTHREATS WITH CDM INSIDE P2 CDM ROLLOUT PRESSURED BY INCREASING THREATS P3 WHAT S NEXT FOR CDM? P4 ALLIANT GWAC USED FOR SOME CDM NEEDS
ONLINE REPORT SPONSORED BY: FACE DOWN CYBERTHREATS WITH CDM INSIDE P2 CDM ROLLOUT PRESSURED BY INCREASING THREATS P3 WHAT S NEXT FOR CDM? P4 ALLIANT GWAC USED FOR SOME CDM NEEDS P5 PHASE 3 REQUIREMENTS
More informationRisk Management For and By the BOT. Secured BOT Series
Secured BOT Series 2018 Contents Risk Management For and By the BOT Setting context for RPA Risk Management Deloitte's Risk Framework For RPA Risk Management For the BOT Risk Management By the BOT How
More informationIntelligent Security Operations: A How-To Guide
White Paper Security Intelligent Security Operations: A How-To Guide Table of Contents page What Is the Purpose of a SOC?... 1 Building Versus Outsourcing... 2 Steps for building an intelligent SOC...
More informationPractical Risk Management: Framework and Methods
New SEI Course! Practical Risk Management: Framework and Methods September 23-24, 2009 Arlington, VA Register at: www.sei.cmu.edu/products/courses/p78.html 1 13 th International Software Product Line Conference
More informationEmerging Technology and Security Update
Emerging Technology and Security Update February 13, 2015 Jordan Reed Managing Director Agenda 2015 Internal Audit Capabilities and Needs Survey 2014 IT Priorities Survey Results 2014 IT Security and Privacy
More informationTier I assesses an institution's process for identifying and managing risks. Tier II provides additional verification where risk is eviden
Appendix A: Examination Procedures EXAMINATION OBJECTIVE: Determine the quality and effectiveness of the organization's business continuity planning process, and determine whether the continuity testing
More informationIntroduction. Case for SAP Cybersecurity Framework
Agenda 3 Introduction Case for SAP Cybersecurity Framework Current state 5 ENTERPRISE SECURITY VULNERABILITY MANAGEMENT CISO NO EFFECTIVE OVERSIGHT SAP SECURITY SEGREGATION OF DUTIES NO VISIBILITY SLIPPED
More informationINTEGRITY COMPLIANCE GUIDELINES
AFRICAN DEVELOPMENT BANK GROUP African Development Bank Group Integrity and Anti-Corruption Department INTEGRITY COMPLIANCE GUIDELINES 1 1. Prohibition of Misconduct A clearly articulated and visible prohibition
More informationSUPPLIER QUALITY REQUIREMENTS (SQR S)
SUPPLIER QUALITY REQUIREMENTS (SQR S) Q01 Q02 Q03 Q04 Q05 Q06 MANDATORY AMRO SOURCE INSPECTION When specified on individual Purchase Orders, AMRO Source Inspection shall be performed at supplier s facility
More informationEnterprise Mobility Suite
Enterprise Mobility Suite (EMS) MEEC-Team David Pearlman-Director Enterprise Mobility US Education David.Pearlman@microsoft.com 74% of higher education CIOs say mobility and BYOD has increased as strategic
More informationCounterfeit Drugs and Supply Chain Security
Counterfeit Drugs and Supply Chain Security Rick Mitzner Senior Director, Engineering Technology Pfizer, Inc. Interphex April 21, 2015 Tragic Consequences Not If But When and Where May 7, 2007 80 children
More information