3rd Party Risk Management , Events , Governance & Risk Management

SBOM: Will It Actually Help Manage Supply Chain Risk?

Adam Isles of Chertoff Group on Cybersecurity Performance, Automation Approaches
Adam Isles, principal, The Chertoff Group

How do we manage the risk of global supply chain attacks? Will a shift in cybersecurity liability to software providers help improve the problems of software vulnerabilities? Adam Isles, principal of The Chertoff Group, said mandating software bill of materials measures has its own challenges.

See Also: Identity-Based Cyberattacks in the Age of AI Proliferation

But Isles is confident that the executive authorities will be able to drive people toward more software-specific security standards because of the added pressure facing large organizations today.

"If we were talking five years ago, we would have had six to 10 SAAS applications there," Isles said. "Today, we are managing 130. We might have 40 billion IoT devices by 2025. The lines of codes have also increased. This adds to enormous layers of complexity. There is enough guidance out there, but the challenge is: How do we take this guidance and map it to the threat?"

In this video interview with Information Security Media Group at RSA Conference 2023, Isles also discusses:

  • How to measure cybersecurity performance;
  • How to understand where the defenses are working;
  • Automation beyond SOAR.

Prior to joining The Chertoff Group, Isles was the director of strategy and policy consulting for homeland security at Raytheon Company. Prior to that, he served as deputy chief of staff at the U.S. Department of Homeland Security, where he was responsible for coordinating policy decisions, including technology standards, regulations, and business rules, for numerous border, travel security and critical infrastructure protection programs.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.