Abstract Details

<< Back to Schedule

10/13/2015  |   1:15 PM - 2:00 PM   |  Pacific II

Do you have the right practices in your Cyber Supply Chain Tool Box?

Many organizations are struggling with how to reduce the risk of maliciously inserted functionality in the IT products they purchase. At the same time, there is an increasing buzz about US and International standards for addressing technology risks from the supply chain. The challenge is in understanding how each standard or a combination of standards might be used to reduce risks specific to an organization. Cyber Supply Chain Risk Management (SCRM) seeks to manage and mitigate cyber and supply chain risk throughout an acquisition lifecycle for an element or a system. It is a multi-disciplinary challenge which requires contributions and collaboration among many disciplines. Key areas include systems engineering, information security, application security, supply chain and logistics planning and management, IT resiliency, and risk management. Existing standards development efforts are creating a robust set of standards that can be used to address the various aspects of Cyber SCRM. Without an understanding of the nuances of the standards, it is challenging for stakeholders to select the standards that mitigate the risk from organizational specific threats. This session will leverage the common supply chain threats that organizations are working to address to determine which anti-counterfeit, acquirer/supplier relationships, software assurance, and product certification standards are offer mitigations to your organization. This session will provide an overview of existing and emerging standards and recommendations for selecting the right standards for an organization.

Presentation:
This presentation has not yet been uploaded.

Handouts:
No handouts have been uploaded.

Michele Moss (Primary Presenter), Booz Allen Hamilton, moss_michele@bah.com;
Ms. Michele Moss has over 15 years of experience in implementing the assurance processes and practices in a variety of project lifecycles. Ms. Moss is an industry recognized expert in application security processes and practices, Information and Telecommunication Technology (ICT) supply chain risk management (SCRM), process improvement, and software assurance measurement. Ms. Moss assists government organizations with tailoring industry best practices, national and international standards, and maturity models to evolve their systems/software development, operational, information assurance, project management, and support practices. Ms. Moss is providing senior subject matter expert and strategic planning support to the DoD CIO in the area of ICT SCRM and assurance, commercial global sourcing, and standardization and industry best practices. Ms. Moss collaborates with government, academic, and industry leaders in security integration and measurement, international standards development, and emerging initiatives to address the software assurance challenges. She represents Booz Allen within the U.S. International Committee for Information Technology Standards Cyber Security 1 (CS1) technical committee and the U.S. Technical Advisory Group (TAG) for ISO/IEC JTC1/SC7. She is the liaison from SC7 TAG to CS1 and from CS1 to the SC7 TAG.

2013 Sponsors: IEEE and IEEE Computer Society