Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mobile Device Management
- The Modern Federal Threat Landscape
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- Satellite Communications: Acquiring SATCOM in Tight Times
- Transformative Technology: Desktop Virtualization in Government
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Government needs more risk management across cyber supply chain, report says
Wednesday - 2/15/2012, 10:33am EST
Now a collaboration between academia and NIST has produced a plan for supply chain policy.
The University of Maryland has published a report, in collaboration with NIST, on how the government and industry are addressing the cyber supply chain challenge.
"We know that accelerating globalization and outsourcing of both software code and hardware production is presenting tremendous assurance challenges to the government and to the vendor community," said Sandor Boyson, co-director and research professor of supply chain management at the University of Maryland, in an interview with The Federal Drive with Tom Temin.
In their first phase of research, NIST and the university found that nearly half of 200 federal IT vendors surveyed did not have any kind of risk management mechanism in place. The results, Boyson said, were "quite disturbing."
In the past couple of years, industry has increased focus on risk management internally and in acquisition, but Boyson said more focus needs to be dedicated to "enterprise risk management across the supply chain."