Cyberweekly #195 - Do we understand our supply chain?
cyberweekly.substack.com
Betteridge's law should tell you the answer to this! Of course the answer here is no. We almost certainly do not understand our supply chains, and I suspect it's likely that we never will. The NIST have put out a standard for risk management of supply chains, which is a reasonable set of models to start thinking about supply chains. But for most organisations, we struggle to articulate the difference in threat between several different scenarios. For example, would you describe all of these as "supply chain risks"?
Cyberweekly #195 - Do we understand our supply chain?
Cyberweekly #195 - Do we understand our…
Cyberweekly #195 - Do we understand our supply chain?
Betteridge's law should tell you the answer to this! Of course the answer here is no. We almost certainly do not understand our supply chains, and I suspect it's likely that we never will. The NIST have put out a standard for risk management of supply chains, which is a reasonable set of models to start thinking about supply chains. But for most organisations, we struggle to articulate the difference in threat between several different scenarios. For example, would you describe all of these as "supply chain risks"?