On October 1-2, 2015, NIST will host a workshop to share information on Best Practices in Cyber Supply Chain Risk Management, which will provide insights on:
- State of practice in several industry sectors;
- Currently used tools, standards, and best practices;
- How to establish a business case for integrating cyber supply chain risk management into organization's overall risk management processes;
- How to communicate cyber supply chain concerns to executive leadership;
- Synergies between quality, continuity, cybersecurity and other areas of risk that together help reduce overall risks to the organization.
Relevant case studies from companies such as Cisco, NetApp, P&G, John Deere, and many others will be reviewed for discussion at the workshop.
The NIST Framework for Improving Critical Infrastructure Cybersecurity ("the Framework") released in February 2014 was published simultaneously with the companion Roadmap for Improving Critical Infrastructure Cybersecurity. The Roadmap identified Supply Chain Risk Management as an area for future focus. Since the release of the Framework and companion Roadmap, NIST has researched best practices in supply chain security, cybersecurity, continuity and quality through engagement with industry leaders. This workshop will assist NIST in validating and expanding the findings from its research and help inform future versions of the Framework and other cybersecurity and supply chain risk management initiatives.