Join us at RSA 2024—Booth 226
Schedule a Demo
X
Platform
Supply Chain Security
Supply Chain Intelligence
Solutions
Solutions Overview
Solutions
Digital Supply Chain
Security
Firmware Security
for Enterprises
Regulatory Compliance
Zero Trust
for Endpoints
Resources
Resources Overview
Resources
Blog
Events & Webinars
Podcasts
White Papers
Solution Briefs
Case Studies
Threat Reports
Newsletter
Support
Latest Blogs
Blog
How Healthcare Threats Are Going Low
Learn more
Blog
A New Approach to Defending Network Infrastructure from Ransomware Groups and APTs
Learn more
Research
Company
Company Overview
Company
Team
Newsroom
Careers
Partners
Contact
Get a demo
Take a Tour
Get a demo
Take a Tour
Platform
Supply Chain Security
Supply Chain Intelligence
Solutions
Solutions Overview
Solutions
Digital Supply Chain
Security
Firmware Security
for Enterprises
Regulatory Compliance
Zero Trust
for Endpoints
Resources
Resources Overview
Resources
Blog
Events & Webinars
Podcasts
White Papers
Solution Briefs
Case Studies
Threat Reports
Newsletter
Support
Latest Blogs
Blog
How Healthcare Threats Are Going Low
Learn more
Blog
A New Approach to Defending Network Infrastructure from Ransomware Groups and APTs
Learn more
Research
Company
Company Overview
Company
Team
Newsroom
Careers
Partners
Contact
Podcasts
BTS #27 - Governance, Compliance, and The Digital Supply Chain - Josh Marpet
By:
Eclypsium
April 10, 2024
n this episode, we disccuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadorian and Alan Alford. Specifically, we discuss:
The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework. The podcast highlighted the impact of EU regulations, like CRA, GDPR, and DORA, on global businesses, underscoring the shared responsibility model in data security. Vendors’ duties in open-source security and software vulnerability management were discussed, with a call for automation in software inventory and security, including the use of SBOMs. The conversation included strategies for effective supply chain risk management, advising regular updates, and understanding the interconnectedness of vulnerabilities. International compliance, particularly with EU data security laws, presents operational challenges and necessitates robust cybersecurity measures. Proactive vendor communication and automated processes are crucial for managing cybersecurity threats efficiently. Continuous risk assessment is preferred over periodic checks, with an emphasis on a nuanced approach to cybersecurity risk management.
(00:00) – Digital Supply Chain Governance Compliance
(14:08) – EU Regulations on Data Security
(21:38) – Responsibility of Vendors in Open Source
(27:49) – Supply Chain Risk Management Program Advice
(39:01) – Automating Software Inventory and Security
Show Notes
Watch
Subscribe
Back to Blog
Related Blogs
View all
Podcasts
BTS #28 - 5G Hackathons - Casey Ellis
Read more
Podcasts
BTS #26 - What We Don’t Know Will Hurt Us - Cheryl Biswas
Read more
Podcasts
BTS #25 - Supply Chain Threats and Regulations
Read more
Podcasts
BTS #24 - Managing Supply Chain Risk - Saša Zdjelar
Read more