Cybersecurity Supply Chain Risk Management

Cybersecurity Supply Chain Risk Assessment
Cybersecurity Supply Chain Risk Management Program Development
Cybersecurity Supply Chain Risk Management Automation
Cybersecurity Supply Chain Risk Assessment

The performance of periodic risk assessments is integral to the on-going monitoring component in your  Cybersecurity Supply Chain Risk Management Program.  ERMProtect offers cybersecurity supply chain risk assessment services to ensure that your continuous monitoring objectives are met.  We use best practice monitoring tools including the Shared Assessments Standard Information Gathering Questionnaires (SIGs) (2018 Lite, Core, and Full) and the Cloud Security Alliance’s Cloud Control Matrix (CCM) and the Consensus Assessment Initiative Questionnaire (CAIQ) in designing or executing your risk assessment process.  These tools align with ISO 27002, FFIEC, PCI, COBIT 4.1, the NIST Cybersecurity Framework HIPAA, and GDPR regulations.

Cybersecurity Supply Chain Risk Management Program Development

 A Cybersecurity Supply Chain Risk Management Program is critical in protecting your organization from supply chain risk. Your Program should include a cybersecurity supply chain risk management framework and standardized criteria that are used to identify, classify, monitor, and manage supply chain risk on a consistent basis.  A Program ensures that supply chain risk is managed throughout the supplier’s lifecycle in accordance with NIST 800-161 Supply Chain Risk Management guidance that requires that supply chain risks be framed, assessed, responded to, and monitored.

Cybersecurity Supply Chain Risk Management Automation

Automating the processes defined in your Cybersecurity Supply Chain Risk Management Program is critical for keeping up with and coordinating risk management activities within your organization.  We can help you define your requirements and select, configure, and implement your cyber supply chain risk management solution. 

Contact Us

Intelligence and Insights

Effective Cyber Security Awareness Training for Employees in 2020

Effective Cyber Security Awareness Training for Employees in 2020

Cybersecurity is no longer a technical problem. It’s a people problem. And ensuring that people have the know-how to defend themselves and their organization against threats is a critical component of a robust cybersecurity program …
SOC 2 - Value Added Proposition

What is the real value of SOC 2 Compliance?

Major companies that outsource aspects of their data information operations can’t risk using vendors who don’t rigorously protect sensitive information. That’s why many organizations now demand that their vendors become SOC 2 compliant, a designation …
PCI DSS v4.0 – What you need to know now

PCI DSS v4.0 – What you need to know now

Some clients are already asking what to expect when the next version of the Payment Card Industry Data Security Standard is released next year. That’s no surprise, since decisions that are being made now by …