Cyber Defense eMagazine May Edition for 2022
Cyber Defense eMagazine May Edition for 2022 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine May Edition for 2022 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
the chances of an organization checking “No” to these are slim to none.<br />
operational issues, and distrust with your suppliers.<br />
Thus, leading to potential<br />
Another common way organizations secure their supply chain is through conducting supplier audits. This<br />
will ensure that their suppliers are meeting the minimum requirements to continue conducting business<br />
together. While this en<strong>for</strong>ces trust between you and your supplier, the problem is that either the cost is<br />
high, not only to you, but also to your supplier leading to push back and ultimately you are only touching<br />
a subset of your suppliers. Additionally, it is important not to overload your suppliers as this can have a<br />
negative impact.<br />
The above two scenarios are the same problem that the Card Brands ran into when trying to implement<br />
cybersecurity measures to their merchant network. So, learning from history we can look at what other<br />
sectors are doing to build the foundation of a framework.<br />
ISO 27001 is the most widely used In<strong>for</strong>mation Security Framework in the world, and <strong>for</strong> good reason. It<br />
allows organizations to demonstrate they have the basic pillars and buy-in from upper management to<br />
maintain in<strong>for</strong>mation integrity. This can be used in place of multiple supplier audits minimizing the<br />
overheard of your supplier. Not only that, but it also allows you to share a globally accepted accredited<br />
certificate to your customers rather than a report. Finally, this is a language many within the<br />
manufacturing industry already speak. Such as:<br />
• Internal Audit<br />
• Management Review<br />
• Corrective Action<br />
These are all things that our industry is used to speaking about, and part of their everyday life, through<br />
their ISO 9001 certification. As cybersecurity professionals, we consistently strive to find ways to tie<br />
security into other parts of the organization, and by doing so will provide the coverage we dream about.<br />
By utilizing a framework like ISO 27001 it allows security teams to collaborate with teams such as quality,<br />
operations, management as well as create efficiencies through integration of internal audits, and building<br />
consistent corrective actions as a team to gain buy-in from the entire organization. Additionally, with this<br />
framework you can add in additional compliance requirements, and it can be easily cross-walked to other<br />
common frameworks such as NIST 800-171, and COBIT. Those are widely used successful frameworks,<br />
however unlike ISO 27001 they cannot provide a trusted accredited certificate.<br />
As the market develops, TÜV SÜD is starting to see requests <strong>for</strong> standards around Supply Chain (ISO<br />
28000) and Business Continuity (ISO 22301). This is to ensure that organizations can continuously run<br />
even in the chance of disruption, and we anticipate that these standards will continue to grow as we find<br />
more flaws in the supply chain.<br />
As each industry is unique so are their desires <strong>for</strong> supplier security, this has led to industry specific<br />
standards across the Supply Chain. These are based upon the two major markets, and I anticipate this<br />
will continue to be replicated by other industries throughout their supply chains.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>May</strong> <strong>2022</strong> <strong>Edition</strong> 140<br />
Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.