search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Supply Chain Risk Management: Managing Third Party and External Dependency Risk

Podcast
By
In this podcast, Matt Butkovic and John Haller discuss approaches for more effectively managing supply chain risks, focusing on risks arising from “external entities that provide, sustain, or operate Information and Communications Technology (ICT)."
Publisher

Software Engineering Institute

Subjects

Listen

Abstract

One caveat of outsourcing is that you can outsource business functions, but you cannot outsource the risk and responsibility to a third party. These must be borne by the organization that asks the population to trust they will do the right thing with their data.

In this podcast, Matt Butkovic, the Technical Manager of CERT’s Cybersecurity Assurance Team, and John Haller, a member of Matt’s team, discuss approaches for more effectively managing supply chain risks, focusing on risks arising from "external entities that provide, sustain, or operate Information and Communications Technology (ICT) to support your organization." This is sometimes referred to as third party or external dependency risk. 

About the Speaker

Headshot of John Haller

John Haller

John Haller is an SEI alumni employee.

John Haller is a member of the technical staff on the Cybersecurity Assurance team within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. As a member of this team, Haller performs research on …

Read more
Headshot of Matt Butkovic

Matthew J. Butkovic

Matthew Butkovic is the Technical Director of the Cyber Risk and Resilience Assurance Directorate in the CERT Division of the Carnegie Mellon University Software Engineering Institute (CMU SEI).

Matt performs critical infrastructure protection research and develops methods, tools, and techniques for evaluating capabilities and managing risk. This includes addressing the …

Read more
Headshot of Julia Allen.

Julia H. Allen

Julia Allen is an SEI alumni employee.

Julia Allen is a principal researcher within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Allen’s areas of interest include operational resilience, security governance, and measurement and analysis. Prior to this technical assignment, …

Read more
SHARE

Supplemental Materials

Download Audio
Download Notes
Download Transcript
Download PDF
Download PDF
Ask a question about this Podcast