- Nov 7, 2020 6:31 pm GMT
Best Practices for Software Supply Chain Risk Assessments Richard Brooks
Software supply chain risk, especially the risk of foreign influence, has received high visibility in the Energy industry. Software objects should never be installed, without performing a comprehensive risk assessment to determine the trustworthiness of a software object to perform its function without increasing or introducing cyber risks. This session describes best practices using a seven step software supply chain risk assessment based on the NIST Cybersecurity Framework V1.1 to protect the bulk electric system from cyber risks inherent in software used for command and control.
This session also includes a brief introduction to the OWASP CycloneDX SBOM standard using materials provided by Steve Springett.
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.