![Software Engineering Institute (SEI) Podcast Series artwork](https://is5-ssl.mzstatic.com/image/thumb/Podcasts113/v4/74/4c/20/744c209c-570e-f609-f4ab-23ad6c680dc8/mza_2854736445903420738.jpg/100x100bb.jpg)
Supply Chain Risk Management: Managing Third Party and External Dependency Risk
Software Engineering Institute (SEI) Podcast Series
English - March 26, 2015 17:00 - 28 minutes - 12.9 MB - ★★★★★ - 18 ratingsTechnology Science futuretech softwareengineering cybersecurity Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Introduction to the Mission Thread Workshop
Next Episode: Data Driven Software Assurance
One caveat of outsourcing is that you can outsource business functions, but you cannot outsource the risk and responsibility to a third party. These must be borne by the organization that asks the population to trust they will do the right thing with their data.In this podcast, Matt Butkovic, the Technical Manager of CERT’s Cybersecurity Assurance Team, and John Haller, a member of Matt’s team, discuss approaches for more effectively managing supply chain risks, focusing on risks arising from "external entities that provide, sustain, or operate Information and Communications Technology (ICT) to support your organization." This is sometimes referred to as third party or external dependency risk. Listen on Apple Podcasts.