Visible to the public Biblio

Filters: Keyword is risk assessment  [Clear All Filters]
2021-10-26
Jon Boyens, Angela Smith, Jeff Brewer.  2021.  Cyber Supply Chain Risk Management.

The NIST Cyber Supply Chain Risk Management (C-SCRM) program helps organizations to manage the increasing risk of cyber supply chain compromise, whether intentional or unintentional. The factors that allow for low-cost, interoperability, rapid innovation, a variety of product features, and other benefits also increase the risk of a compromise to the cyber supply chain, which may result in risks to the end user. Managing cyber supply chain risks require ensuring the integrity, security, quality and resilience of the supply chain and its products and services. Cyber supply chain risks may include insertion of counterfeits, unauthorized production, tampering, theft, insertion of malicious software and hardware, as well as poor manufacturing and development practices in the cyber supply chain.

2021-10-22
[Anonymous].  2020.  NCSC Unveils New Supply Chain Risk Management Guidance.

Exploitation of supply chains by foreign adversaries is a growing threat to America.

The National Counterintelligence and Security Center (NCSC) today released a new tri-fold document, Supply Chain Risk Management: Reducing Threats to Key U.S. Supply Chains, to help private sector and U.S. Government stakeholders mitigate risks to America’s critical supply chains.  As part of Cybersecurity Awareness Month, NCSC is working to raise awareness of supply chain attacks, including those that are cyber-enabled.

The tri-fold highlights supply chain risks, introduces a process for supply chain risk management, and establishes three focus areas to reduce threats to key U.S. supply chains.  The document also outlines key tools and technologies to protect each stage of the supply chain lifecycle, from design to retirement.

Jon Boyens.  2017.  The Cyber Risk Analytics Project Review Workshop. National Institute of Standards and Technology Site. 2017

The purpose of this workshop is to review with participants, sponsors, and key interested parties the findings and lessons learned from a two-year long NIST and GSA-sponsored Cyber Risk Analytics project. A team composed of professionals from the University of Maryland (UMD), Zurich Insurance, and Beecher Carlson completed the following activities:

  • Developed and field tested, with collaboration of NIST, a secure, online self-assessment tool, based on the Cybersecurity Framework; 
  • Created a breach database for survey participants by integrating the breach datasets from Advisen, RBS , the Identity Theft Resource Center, and the Center for Business and Ethics at the University of Maryland; 
  • Conducted a rigorous statistical analysis to search for significant relationships between performance results in different areas of the self-assessment tool and frequency of breaches (disaggregated by breach type). The objective was to determine specific actions initiated by the survey participants were directly associated with a reduced frequency of breach occurrence during the study period.