Have you considered threat modeling to support security efforts within your supply chain management?
Introduction
Following an increase in attacks within supply chains, new measures and advice have arisen to support businesses, such as The National Cyber Security Centre (NCSC) who published new guidance in October 2022 to help organizations effectively assess and gain confidence in the cyber security of their supply chains. Due to several high-profile supply chain attacks, President Biden issued a cybersecurity executive order (EO) detailing guidelines for how federal departments, agencies, and contractors doing business with the government must secure their software. These are just two examples of more recent activities, but let's not forget the 2018 Software Bill Of Materials (SBOM) as one of the key elements toward the security of the supply chain in software development. Here we explore what else organizations can implement to ensure maximum security within complex supply chains.
Threat Modeling your Supply Chain
Consistent threat modeling is a vital activity in securing supply chains. Supply chains are always in a state of flux and evolution, interfacing with a myriad of third-party services, and to a malicious party, all these interconnected systems produces a tempting and vulnerable attack surface. Depending on your supply chain, it is typical to take multiple threat representations: perhaps a holistic picture, and a quantity of intrinsic threat models focusing on key elements and components. This could be considering redundancy, whether time, hardware, or information, APIs, SSH connections, commercial-of-the-shelf software, and all the other appendages/mechanisms that comprise your supply chain, (in regards to producing a threat model), will help you identify what can go wrong, what is the risk, and what’s the necessary remediation or mitigation.
Take a look at our easy-to-use interface, risk review and associated countermeasures in order of priority. Use threat modeling to support remediation efforts across your software architecture.
Events
Webinar So, your supply chain is secure... Are you sure?
Register for our interactive discussion about implementing and managing security across your supply chain, a topic that has dominated the news and moved up on the business security agenda. Join experts in Cybersecurity and Risk Architecture to learn some key activities your organization can use.
Community Join Threat Modeling Connect, a global threat modeling community
If you would like additional advice from others experiencing the same challenges, head over to Threat Modeling Connect, a global community where threat modeling practitioners collaborate, share, and grow. Here you will find some conversations have already begun regarding supply chain security.
This study commissioned by IriusRisk, Forrester evaluates the Total Economic Impact(™) of IriusRisk’s Threat Modeling platform - the industry leading automated threat modeling platform for Secure Design. Download the free study to learn how automated threat modeling can:
- Return 203% ROI in efficiency over manual modeling - Save you $5m in software remediation costs - Save $4m in reporting and compliance - Reduce time to Threat Model from 80 hours to only 8 hours
We believe threat modeling is the best way to operationalize guidelines or frameworks for greater visibility and security within the software supply chain. Read on to find out more.
Threat Modeling, What, Why and How?
The key principle underpinning threat modeling is “secure design” which means in practice addressing design flaws. Find out more about how to utilize threat modeling, in this eBook.
Schedule your demo
Arrange your own demo and see for yourself how our threat modeling platform can benefit your organization.
