Addressing Supply Chain Risk and Resilience for Software-Reliant Systems

All technology acquired by an organization requires the support of (or integration with) components, tools, and services delivered by a diverse set of supply chains. However, the practices critical to addressing supply chain risks are typically scattered across many parts of the acquiring organization, and they are performed in isolated stovepipes. This situation causes inconsistencies, gaps, and slow response to crises. The Acquisition Security Framework (ASF) addresses this problem by combining leading cyber practices that help organizations manage supply chain risk and define the collaborations critical to securely acquiring, engineering, and operating software-reliant systems. The goals, practices, and processes that structure the ASF have been demonstrated as effective for managing risk and improving resilience. The ASF is consistent with published guidelines for supply chain risk management from ISO, NIST, and DHS.

What attendees will learn:

This webcast will introduce attendees to the ASF and demonstrate the ways in which the ASF provides a roadmap to help organizations build security and resilience into a system rather than “bolt on” these characteristics after deployment. The webcast will also examine how, following deployment, the ASF guides the ongoing management of system risk and resilience as the technology, threats, and requirements evolve over the system’s lifecycle.

Speaker and Presenter Information

Dr. Carol Woody is principal researcher for the CERT Division of the Software Engineering Institute. She focuses on cybersecurity engineering for building capabilities and competencies to measure, manage, and sustain cybersecurity and software assurance for highly complex software-reliant systems and systems of systems. She has been a member of the CERT technical staff for over 20 years. Dr. Woody coauthored a book Cyber Security Engineering: A Practical Approach for Systems and Software Assurance published as part of the SEI Series in Software Engineering. The CERT Cybersecurity Engineering and Software Assurance Professional Certificate, a self-paced online training program, is based on research she led.

Charles M. Wallen has been a thought leader in operations and risk management for over 25 years. He has provided consulting to public and private organizations, led industry-wide risk initiatives and managed global operations risk management and governance programs for financial services organizations. Today, Charles works closely with Carnegie Mellon University’s Software Engineering Institute CERT Division on initiatives to strengthen the resilience of critical infrastructure, to improve software assurance, and to enhance and/or refine techniques for managing supply chain risk.