Barracuda full logo

MITRE’s new supply-chain risk management tool

Temas:
16 jun 2022
|
Tony Burgess

The nonprofit research organization MITRE has long been associated with forward-thinking, data-driven solutions for managing security and risk at enterprise and government scale. Their ATT@CK matrix is a powerful tool for categorizing cyberattack tactics and techniques, and for assessing vulnerabilities. (I discussed MITRE ATT@CK’s uses and benefits in more detail in this January 2022 blog post.)

MITRE’s newest initiative, announced at the recent 2022 RSA conference, is called System of Trust (SoT), and once again it’s a free and open platform that any organization can use to evaluate and understand risks — in this case supply-chain risks based on cyber and other threats.

Data-driven risk mitigation


System of Trust provides a framework for assessing supply-chain risks across 14 defined risk areas, and it drills down into great detail with 2,200 supply-chain questions. As it builds its knowledge base with a flow of up-to-date community-provided input, its assessments remain precise and accurate over time.

Once you have a reliable assessment of risks in your supply chains, you can choose how to mitigate those risks — whether it’s replacing an unreliable supplier, adjusting your insurance coverage, or investing in your cybersecurity infrastructure, et cetera. SoT is also very useful in evaluating a potential acquisition, partnership, or other possible disruption to existing supply chains.

A common language of risk


This high-level depiction of the SoT framework shows how MITRE’s 14 risk categories are organized into three trust aspects relevant to supply chains. Each of these 14 categories are thoroughly evaluated as the system gathers answers to its questions.

MITRE system of trust

In addition to serving as a useful tool for risk assessment and mitigation, MITRE System of Trust provides a common, systematic vocabulary for communicating both within and among organizations about supply-chain risks — making efforts to mitigate those risks more efficient and productive.

Report: The state of application security

Tony Burgess

Tony Burgess is a twenty-year veteran of the IT security industry and is Barracuda’s Senior Copywriter for Content and Customer Marketing. In this role, he researches complex technical subjects and translates findings into clear, useful, human-readable prose.

You can connect with Tony on LinkedIn here.

Publicaciones relacionadas:
AI safety and security concerns are coming to the fore
AI safety and security concerns are coming to the fore
 Infrastructure defense: Water and wastewater systems
Infrastructure defense: Water and wastewater systems
 Secure your company with frameworks, functions, and tiers
Secure your company with frameworks, functions, and tiers
 Survey surfaces how insurance drives cybersecurity investments
Survey surfaces how insurance drives cybersecurity investments
Search the blog

Subscribe to the Barracuda Blog.

Sign up to receive threat spotlights, industry commentary, and more.

Sign up to receive threat spotlights, industry commentary, and more.

Get all the latest news, research, and analysis delivered right to your inbox.