Important RFI, and I note the US banking regulators have paid increasing attention to C-SCRM among their regulated populations.
www.federalregister.gov/documents/20...
www.federalregister.gov/documents/20...
Request for Information Regarding Community Banks' Engagement With Core Service Providers and Other Essential Third-Party Service Providers
The OCC is issuing a request for information (RFI) on community bank engagement with their core service providers and other essential third-party service providers. The RFI seeks to better understand ...
www.federalregister.gov
December 1, 2025 at 3:58 AM
Important RFI, and I note the US banking regulators have paid increasing attention to C-SCRM among their regulated populations.
www.federalregister.gov/documents/20...
www.federalregister.gov/documents/20...
Apart from his overall thesis about focusing on operationally disruptive hacks > data breaches, I appreciate his criticism of how national C-SCRM policy has, essentially, been limited to ‘Ban China’ and ignored the cobwebs in _Western_ vendors’ gear.
November 2, 2025 at 8:44 AM
Apart from his overall thesis about focusing on operationally disruptive hacks > data breaches, I appreciate his criticism of how national C-SCRM policy has, essentially, been limited to ‘Ban China’ and ignored the cobwebs in _Western_ vendors’ gear.
I can finally start collecting data for my study exploring the impact of frameworks and policies on internal Cyber supply chain risk management (C-SCRM). If you'd like to participate, click the link provided.
ncu.co1.qualtrics.com/jfe/form/SV_...
#PhdStudy #CSCRM #riskmanagement #Cybersecurity
ncu.co1.qualtrics.com/jfe/form/SV_...
#PhdStudy #CSCRM #riskmanagement #Cybersecurity
Online Survey | Examining the Impact of Cybersecurity Frameworks on Internal Supply Chain Cyber Risk Management
I am conducting an online survey to study the impact of the available cybersecurity frameworks, policies, and procedures on the ability of cybersecurity and IT procurement professionals to produce ade...
ncu.co1.qualtrics.com
August 30, 2025 at 2:51 PM
I can finally start collecting data for my study exploring the impact of frameworks and policies on internal Cyber supply chain risk management (C-SCRM). If you'd like to participate, click the link provided.
ncu.co1.qualtrics.com/jfe/form/SV_...
#PhdStudy #CSCRM #riskmanagement #Cybersecurity
ncu.co1.qualtrics.com/jfe/form/SV_...
#PhdStudy #CSCRM #riskmanagement #Cybersecurity
'Machine tools maker DMG Mori sends IT personnel along with procurement staff on visits to supplier factories'.
Good companies have great C-SCRM/vendor due diligence teams. The question is: are those teams well-resourced and respected _at Board level_?
archive.md/JCzOi
Good companies have great C-SCRM/vendor due diligence teams. The question is: are those teams well-resourced and respected _at Board level_?
archive.md/JCzOi
archive.md
August 8, 2025 at 9:13 PM
'Machine tools maker DMG Mori sends IT personnel along with procurement staff on visits to supplier factories'.
Good companies have great C-SCRM/vendor due diligence teams. The question is: are those teams well-resourced and respected _at Board level_?
archive.md/JCzOi
Good companies have great C-SCRM/vendor due diligence teams. The question is: are those teams well-resourced and respected _at Board level_?
archive.md/JCzOi
Our key takeaways:
➡️ High cybersecurity awareness alone does not significantly improve performance.
➡️ When awareness translates into C-SCRM practices, financial performance improves
➡️ C-SCRM is the key link between awareness and better results, especially in financial terms.
➡️ High cybersecurity awareness alone does not significantly improve performance.
➡️ When awareness translates into C-SCRM practices, financial performance improves
➡️ C-SCRM is the key link between awareness and better results, especially in financial terms.
June 10, 2025 at 6:21 AM
Our key takeaways:
➡️ High cybersecurity awareness alone does not significantly improve performance.
➡️ When awareness translates into C-SCRM practices, financial performance improves
➡️ C-SCRM is the key link between awareness and better results, especially in financial terms.
➡️ High cybersecurity awareness alone does not significantly improve performance.
➡️ When awareness translates into C-SCRM practices, financial performance improves
➡️ C-SCRM is the key link between awareness and better results, especially in financial terms.
Cyber threats are one of the top global business risks and
SMEs are especially exposed. So what helps SMEs most?
We explore how cybersecurity awareness and cybersecurity supply chain risk management (C-SCRM) impact financial and commercial performance in small and medium-sized manufacturers.
SMEs are especially exposed. So what helps SMEs most?
We explore how cybersecurity awareness and cybersecurity supply chain risk management (C-SCRM) impact financial and commercial performance in small and medium-sized manufacturers.
June 10, 2025 at 6:21 AM
Cyber threats are one of the top global business risks and
SMEs are especially exposed. So what helps SMEs most?
We explore how cybersecurity awareness and cybersecurity supply chain risk management (C-SCRM) impact financial and commercial performance in small and medium-sized manufacturers.
SMEs are especially exposed. So what helps SMEs most?
We explore how cybersecurity awareness and cybersecurity supply chain risk management (C-SCRM) impact financial and commercial performance in small and medium-sized manufacturers.
What links cybersecurity awareness and supply chain risk management, and why does it matter for small manufacturers?
We explore how these factors shape firm performance in our latest paper doi.org/10.1108/SCM-... in the journal Supply Chain Management.
#Cybersecurity #SupplyChain #C-SCRM #SMEs
We explore how these factors shape firm performance in our latest paper doi.org/10.1108/SCM-... in the journal Supply Chain Management.
#Cybersecurity #SupplyChain #C-SCRM #SMEs
June 10, 2025 at 6:21 AM
What links cybersecurity awareness and supply chain risk management, and why does it matter for small manufacturers?
We explore how these factors shape firm performance in our latest paper doi.org/10.1108/SCM-... in the journal Supply Chain Management.
#Cybersecurity #SupplyChain #C-SCRM #SMEs
We explore how these factors shape firm performance in our latest paper doi.org/10.1108/SCM-... in the journal Supply Chain Management.
#Cybersecurity #SupplyChain #C-SCRM #SMEs
La semana que viene estaremos en las oficinas de SCRM con mi compañero Joan López de la Franca compartiendo con la comunidad de Grafana & Friends las últimas novedades de las versiones k6 1.0 y Grafana 12 🎉
🗓️ 4 de junio 2025, 18:30
📍c/ Bergara 13, Barcelona
📎 RSVP www.meetup.com/grafana-and-...
🗓️ 4 de junio 2025, 18:30
📍c/ Bergara 13, Barcelona
📎 RSVP www.meetup.com/grafana-and-...
May 27, 2025 at 9:12 PM
La semana que viene estaremos en las oficinas de SCRM con mi compañero Joan López de la Franca compartiendo con la comunidad de Grafana & Friends las últimas novedades de las versiones k6 1.0 y Grafana 12 🎉
🗓️ 4 de junio 2025, 18:30
📍c/ Bergara 13, Barcelona
📎 RSVP www.meetup.com/grafana-and-...
🗓️ 4 de junio 2025, 18:30
📍c/ Bergara 13, Barcelona
📎 RSVP www.meetup.com/grafana-and-...
Cybersecurity supply chain risk management (C-SCRM) assessments start with due diligence. csrc.nist.gov/pubs/sp/1326...
NIST Special Publication (SP) 1326 (Draft), NIST Cybersecurity Supply Chain Risk Management: Due Diligence Assessment Quick-Start Guide
Due diligence research is the minimum amount of understanding that an acquirer should have on a supplier and should be done with most of the acquiring organization’s suppliers, regardless of criticali...
csrc.nist.gov
October 30, 2024 at 2:18 PM
Cybersecurity supply chain risk management (C-SCRM) assessments start with due diligence. csrc.nist.gov/pubs/sp/1326...
NIST Releases the C-SCRM Due Diligence Assessment Quick-Start Guide for Public Comment https://buff.ly/4fmlO2W
NIST Releases the C-SCRM Due Diligence Assessment Quick-Start Guide for Public Comment
View As Web Page
buff.ly
October 30, 2024 at 2:12 PM
NIST Releases the C-SCRM Due Diligence Assessment Quick-Start Guide for Public Comment https://buff.ly/4fmlO2W
CISA publishes Software Acquisition Guide to add software assurance in C-SCRM lifecycle
CISA publishes Software Acquisition Guide to add software assurance in C-SCRM lifecycle
CISA publishes Software Acquisition Guide to add software assurance in C-SCRM lifecycle to help navigate requirements.
buff.ly
August 8, 2024 at 10:12 AM
CISA publishes Software Acquisition Guide to add software assurance in C-SCRM lifecycle
C-SCRM in CNI matters, folks.
Orgs like Energy One are juicy targets for intelligence services wanting to drop logic bombs in the OT run by their customers.
www.csoonline.com/article/6499...
Orgs like Energy One are juicy targets for intelligence services wanting to drop logic bombs in the OT run by their customers.
www.csoonline.com/article/6499...
Cyberattack on Energy One affects corporate systems in Australia and the UK
Global software provider disables links between corporate and customer facing systems as it investigates extension of cyberattack.
www.csoonline.com
August 22, 2023 at 12:43 AM
C-SCRM in CNI matters, folks.
Orgs like Energy One are juicy targets for intelligence services wanting to drop logic bombs in the OT run by their customers.
www.csoonline.com/article/6499...
Orgs like Energy One are juicy targets for intelligence services wanting to drop logic bombs in the OT run by their customers.
www.csoonline.com/article/6499...
Most of the report could be summarised like so:
- Have good MFA (already knew that)
- Telcos need to lift their game (ditto)
- Do good C-SCRM (ditto)
- Focus on resilience (ditto)
- Rehearse IR (ditto)
- Manage (non-)malicious insider risk (ditto)
- Talk to the feds (ditto)
- Have good MFA (already knew that)
- Telcos need to lift their game (ditto)
- Do good C-SCRM (ditto)
- Focus on resilience (ditto)
- Rehearse IR (ditto)
- Manage (non-)malicious insider risk (ditto)
- Talk to the feds (ditto)
August 12, 2023 at 12:52 AM
Most of the report could be summarised like so:
- Have good MFA (already knew that)
- Telcos need to lift their game (ditto)
- Do good C-SCRM (ditto)
- Focus on resilience (ditto)
- Rehearse IR (ditto)
- Manage (non-)malicious insider risk (ditto)
- Talk to the feds (ditto)
- Have good MFA (already knew that)
- Telcos need to lift their game (ditto)
- Do good C-SCRM (ditto)
- Focus on resilience (ditto)
- Rehearse IR (ditto)
- Manage (non-)malicious insider risk (ditto)
- Talk to the feds (ditto)
C-SCRM/Software SCRM is clearly on the minds of many many CISOs, per this survey (n = 208) by Censys.
Full survey: https://censys.io/the-2023-state-of-security-leadership/
Full survey: https://censys.io/the-2023-state-of-security-leadership/
July 19, 2023 at 6:22 AM
C-SCRM/Software SCRM is clearly on the minds of many many CISOs, per this survey (n = 208) by Censys.
Full survey: https://censys.io/the-2023-state-of-security-leadership/
Full survey: https://censys.io/the-2023-state-of-security-leadership/
Mr Pescatore in the latest edition of SANS NewsBites on the Microsoft cloud:
'... a good reminder that using cloud services does not eliminate the need to monitor them continually for abnormal activity'.
Folks, using a cloud service behoves you to do robust C-SCRM.
If you don't, you're mugs.
'... a good reminder that using cloud services does not eliminate the need to monitor them continually for abnormal activity'.
Folks, using a cloud service behoves you to do robust C-SCRM.
If you don't, you're mugs.
July 15, 2023 at 12:09 AM
Mr Pescatore in the latest edition of SANS NewsBites on the Microsoft cloud:
'... a good reminder that using cloud services does not eliminate the need to monitor them continually for abnormal activity'.
Folks, using a cloud service behoves you to do robust C-SCRM.
If you don't, you're mugs.
'... a good reminder that using cloud services does not eliminate the need to monitor them continually for abnormal activity'.
Folks, using a cloud service behoves you to do robust C-SCRM.
If you don't, you're mugs.
'According to JP Morgan, it only became aware of this in October of 2019 when the company’s legal discovery team found that electronic communications were missing from the early 2018 time period. It reported the incident to the SEC in January 2020'.
C-SCRM matters in CNI, people
C-SCRM matters in CNI, people
June 28, 2023 at 1:01 AM
'According to JP Morgan, it only became aware of this in October of 2019 when the company’s legal discovery team found that electronic communications were missing from the early 2018 time period. It reported the incident to the SEC in January 2020'.
C-SCRM matters in CNI, people
C-SCRM matters in CNI, people
The stupidity of superficial labeling on full display re. #crm (#scrm) vs #socialmedia. C: http://bit.ly/aeLTaa . #linkeddata will fix!
November 20, 2024 at 10:46 PM
The stupidity of superficial labeling on full display re. #crm (#scrm) vs #socialmedia. C: http://bit.ly/aeLTaa . #linkeddata will fix!