Podcasts about scrm

En este episodio, nuestro anfitrión y Agile Delivery Manager, Lesmes López, conversa con Rubén Mejías, CTO de SCRM, el Hub Internacional de Lidl encargado de la digitalización de toda la organización. Desde la optimización de procesos internos hasta la transformación de la experiencia del cliente, Rubén nos cuenta cómo impulsa la evolución digital en una de las empresas más grandes del sector retail. La conversación comienza explorando el propósito de SCRM en Lidl, para luego adentrarnos en los ways of working que han permitido a Rubén y su equipo impulsar la innovación dentro de una gran corporación. Un claro ejemplo de su impacto es Lidl Plus, la aplicación de fidelización que recientemente alcanzó 100 millones de descargas. Desde la experimentación, la organización de equipos y la alineación tecnológica con los objetivos de negocio y la experiencia del cliente, en este episodio te mostramos cómo este hub tecnológico ha logrado innovar de manera continua y ofrecer soluciones disruptivas en el sector. Enlaces de interés mencionados en el episodio: LinkedIn de Ruben Mejias, CTO de SCRM - Lidl International Hub Gestión de backlogs y mapas de Wardley ¿Estás disfrutando el programa? No olvides suscribirte y dejarnos una reseña de 5 estrellas! Tu apoyo nos ayuda a llegar a más oyentes y a mantener la conversación viva. Así que comparte lo que más te gusta, por que estaremos pendiente de tus comentarios ;)   Y, síguenos en nuestras redes para estar al tanto de nuestras novedades: LinkedIn X Instagram Newsletter en español

There is an outright conflict between cybersecurity and supply chain risk management (SCRM), and simply adding those together can lead to an increase in cyberattacks, a new report finds.Researchers found that cybersecurity and supply chain risk management are in many instances at odds with each other. There are trade-offs, and understanding what those trade-offs look like will allow the Defense Department to better secure its defense industrial products supply, according to the authors of the new RAND Corp. report.Against the backdrop of high-profile cyber attacks on the supply chains, the Air Force Research Laboratory asked the federally-funded think tank to help them understand how cyber risks compare to other risks in the defense-industrial supply chains and provide recommendations on how to have a comprehensive approach when addressing their needs together. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

There is an outright conflict between cybersecurity and supply chain risk management (SCRM), and simply adding those together can lead to an increase in cyberattacks, a new report finds. Researchers found that cybersecurity and supply chain risk management are in many instances at odds with each other. There are trade-offs, and understanding what those trade-offs look like will allow the Defense Department to better secure its defense industrial products supply, according to the authors of the new RAND Corp. report. Against the backdrop of high-profile cyber attacks on the supply chains, the Air Force Research Laboratory asked the federally-funded think tank to help them understand how cyber risks compare to other risks in the defense-industrial supply chains and provide recommendations on how to have a comprehensive approach when addressing their needs together. Learn more about your ad choices. Visit megaphone.fm/adchoices

Listen to this InfoSec Beat podcast for a conversation about supplier cyber risk management. Accenture CISO Kris Burkhardt and David Wright, the lead of supplier cyber risk management (SCRM) for the Information Security organization at Accenture discuss the importance of third-party supplier risk management and explore how Accenture launched its own centralized SCRM function.

Prepare to unravel the complexities of supply chain risk management (SCRM) and gain invaluable insights that could safeguard your business from massive disruptions. We're diving into the nerve-wracking challenges of SCRM, emphasizing just how crucial it is for every business in our hyper-connected age. Learn about the nuances of this formidable task as we explore real-life scenarios that underline the dire need for security professionals to lend their expertise to those who find themselves in the deep end of SCRM vulnerabilities.We're laying out the intricate tapestry of SCRM domains, from hardware and software to third-party services, casting light on the risks associated with outsourcing. We'll guide you through the maze of supply chain elements, helping you identify potential risks and understand the threats looming over your daily operations. It's not all gloom and doom though; we'll also equip you with proven strategies like engaging third-party services such as Showdan and Security Scorecard for supply chain reviews, and the critical role legal and compliance teams play in this intricate dance.As we wrap up, we'll tackle the ominous reality of ransomware attacks on businesses. Using the chilling example of the 2017 NotPetya attack, we journey into the shadowy underworld of cybercrime, where profit margins are hefty, and the risk to the perpetrators is minimal. With the projected cost of ransomware attacks set to hit a staggering $25 billion by 2025, we explore the dire implications of this trend. As somber as these realities might be, our intent is to arm you with the knowledge and resources to fortify your supply chain and protect your business. Join us, and let's navigate these choppy waters together.Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.

The Department of Defense (DoD) is implementing a 3rd Party Supply Chain Risk Management program that will require companies that receive their sensitive information to implement NIST SP 800-171 and then undergo a 3rd Party Cybersecurity Maturity Model Certification (CMMC) event. This podcast will discuss the ripple effects of the requirements and the extent of the impacts. Speakers: Matthew Titcombe, CEO, Peak InfoSec Kacy Zurkus, Senior Content Manager, RSAC

Environmental, Social, and Governance (ESG) is a high profile – and quickly evolving – set of standards by which organizations are being measured. Customers and the market as a whole are often watching closely to see what commitments they make and how they perform against those targets. For supply chain professionals, this means it is critical to understand all the risks covered by the ‘umbrella' of ESG, including environmental (e.g., climate change and emissions), social (human rights, labor), and governance (compliance, sanctions, and anti-corruption).Heiko Schwarz is the founder of riskmethods, now Sphera Supply Chain Risk Management. He has successfully led companies through the adoption of supply chain risk management (SCRM) technology for over a decade.In this livestream-based session, Heiko joins hosts Scott Luton and Enrique Alvarez from Vector Global Logistics to discuss:• Why ESG is an expanding part of global supply chains and how it factors into the ongoing effort to manage supply chain risk• The cross-functional collaboration required to build a sustainable ESG program that achieves its stated goals at scale• How technology is not only making it possible for supply chain teams to balance the demands of risk management and ESG targets, but also setting them up for success as wellAdditional Links & Resources:Learn more about Supply Chain Now: https://supplychainnow.comCheck out our new Supply Chain Now Media Kit: https://bit.ly/3emdLcKSubscribe to Supply Chain Now and all other Supply Chain Now programs: https://supplychainnow.com/subscribeJoin the NOW Community: http://bit.ly/41kpUSOLeveraging Logistics and Supply Chain for Ukraine: https://vectorgl.com/stand-with-ukraine/2023 Q1 U.S. Bank Freight Payment Index: https://bit.ly/3VuwnIkWEBINAR- “Decoding Digital Transformation” – Charting a path forward: https://bit.ly/3VvVc6VWEBINAR- 5 Reasons Network Design is Essential to Supply Chain Resiliency: https://bit.ly/3MxcCNsThis episode is hosted by Scott Luton and Enrique Alvarez. For additional information, please visit our dedicated show page at: https://supplychainnow.com/how-adapt-supply-chain-risk-programs-evolving-ESG-mandates-1120

Leadership ist ein kontroverses Thema. Nicht nur auf LinkedIn gehen die Meinungen auseinander, was Führung bedeutet und wie eine gute Führungskraft Leadership interpretiert. Agile Leadership ist der Versuch, agile Prinzipien und Werte auf das Thema Mitarbeiterführung zu bringen und genau darum geht es in dieser Folge. Mit Swantje Allmers und Natalia Krüger spreche ich darüber, was zeitgemäßes Führen eigentlich von altem Führen unterscheidet, ob und wie man agile Leadership lernen kann und wie vielschichtig das Thema ist. Mit einigen Beispielen aus Natalias, Swantjes und meinem Alltag driften wir dann noch etwas ab, was die Folge aus meiner Sicht aber noch spanender macht. Wer mehr über zeitgemäßes Führen lernen will, sollte sich die Angebote von Natalia und Swantje ansehen: Agile Leadership-Ausbildung von Natalia: https://www.helloagile.de/training/agile-leadership New Work Masterskills-Programm von Swantje: https://www.newworkmasterskills.com/

This week, The Buzz presents a session from ACT-IAC's January C-SCRM Forum. The federal government has identified Cybersecurity Supply Chain Risk Management (C-SCRM) as one of the pillars of a safe and secure IT environment. In the wake of the SolarWinds attack, the Biden Administration released EO 14028, mandating enhanced C-SCRM practices in the federal acquisitions process.In this panel, you'll hear how some agencies are instituting these policies and what they've learned throughout the process. Panelists:Shon Lyublonavits - C-SCRM Initiatives Lead, CISARajiv Uppal - Acting CIO, CMSKevin Cox - Deputy Chief Information Officer, DOJSubscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on Twitter @ACTIAC or visit http://www.actiac.org.

In this edition of the podcast, Katie Arrington, former CISO at the U.S. Department of Defense (DOD) and Owner of LD Innovations, LLC Cybersecurity, joins Matthew Davies, VP of Product at SureCloud, to discuss the scope of the Cybersecurity Maturity Model Certification (CMMC) program, her creation within the DOD. Additionally, Katie spoke about Supply Chain Risk Management (SCRM) and how companies should be looking at that. Katie shares great insights on cybersecurity best practices and explains how she handles the many challenges that this busy and demanding role involves.

Webcast URL: https://knowledgewebcasts.com/know-portfolio/supply-chain-risk-management/ Supply chain shortages and delays have cost companies millions of dollars and caused a slew of issues, making it harder for businesses to meet consumer demands. Hence, to keep pace with today's rapidly growing market, building efficiency and resilience across the entire supply chain is of paramount importance. However, as costly disruptions, high levels of volatility, and stricter government regulations continue, there is a need for organizations to invest in innovative supply chain risk management (SCRM) solutions and develop robust strategies to effectively minimize risks and address emerging challenges. Join a panel of key thought leaders and practitioners assembled by The Knowledge Group as they discuss how organizations can leverage technologies to transform their supply chain. Speakers will also provide the audience with strategies to mitigate potential risks and achieve operational excellence of their SCRM. For more information please click on the webcast URL at the top of this description.

En este episodio, charlamos y nos echamos unas risas con Natalia Gavaldà, Data Engineer en  SCRM,  y destacada divulgadora de machine learning.Conversamos sobre su trayectoria, su amor por la estadística, la divulgación y porqué prefiere la libertad versus cerrar o limitar la Inteligencia Artificial, así como la importancia de trabajar en equipo en proyectos de datos.Además, Natalia nos dará algunos consejos sobre cómo enseñar matemáticas y estadística en casa, usando catapultas, y comentaremos sobre su paso liderando Saturdays.ai en Alicante.Escucha el episodio y comparte si te ha parecido interesante, también no dudes en conversar con nosotros y Natalia en redes sociales.¡Que disfrutes!#ai4all #ai4good

If you are a new FSO, there is no reason to travel your journey alone. You may recruit fellow employees to assist with the tasks. Additionally, there are many resources available to assist with FSO responsibilities to include DCSA, NISPOM, professional organizations, consultants, books and training are available just for this purpose.Lately, contract language requires the contractor to conduct tasks in support of Program Protection Planning (PPP), Supply Chain Risk Management (SCRM), Criticality Analyses (CA), and providing Program Protection Plan Implementation Plans (PPIP). These requirements include language that requires developing PPIPs, protecting critical components, developing SCRM plans, quantifying risk to the supply chain, vetting vendors and so much more. The ISP and ISOC Master exam prep for NISPOM 32 CFR Part 117 is now available. If you plan to test in winter 2022 or later, make this version part of your study plans.Check it out. While this may not be an organic capability for most organizations, there are many small companies that can step up and provide the necessary guidance or share in the workload. Classified information should only be reproduced in response to a contractual requirement such as in the performance of a deliverable. Reproduction should not be made as a matter of convenience as it puts classified information at unnecessary risk and it requires dedicated resources. The FSO can enforce resource discipline with:1. Creating processes and procedures identifying reproduction only as necessary and using only approved equipment 2. Ensuring only trained and authorized personnel are able to reproduce classified information. 3. Identifying office equipment, copy machines, scanners and other reproduction equipment for classified information reproduction. All other enterprise equipment should be off limits to classified reproduction.Link to NISPOM and cleared contractor security books.Link to NISPOM required trainingRed Bike Publishing Providing security clearance books, training, and resources for cleared defense contractors.Bennett Institute Online security clearance webinars and coaching. Providing security training and resources.Mission Driven Research, Inc Mission Driven Research, Inc is a growing company providing technical services to the US government.Access Commander by MathCraft We support the mission of FSOs, CSOs and other security professionals. SIMS Software SIMS suite provides features/functionality you need to run automated industrial security programs. Support the show

Bindiya Vakil is a Supply chain risk management expert and innovator from Cisco, Flextronics and MIT. Credited with bringing SCRM solutions to the mainstream since starting Resilinc in 2010. CEO of Resilinc, the world leader for supply chain visibility and resiliency intelligence and analytics. Specialties: Entrepreneurship, Business & Supply Chain Strategy, Supply chain risk management, component risk mitigation, product resiliency, supply chain risk quantification (probabilistic simulation vs. scoring, revenue impact), EMS, program management, quantitative problem solving and data analysis, supplier relationship management. https://www.linkedin.com/in/bindiya-vakil-resilinc/ --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/pencilsandpistons/message Support this podcast: https://anchor.fm/pencilsandpistons/support

I was reading the CISA document "Defending Against Software Supply Chain" and was curious if the guidance within was helpful or informative for anyone who wants to start a S-SCRM program? What role do you feel compliance frameworks play in SCRM? We are seeing sources such as NIST 800-53 include SCRM specific controls now. Will it help?What would you say is the most resilient component an individual could add to their own organization to recover quickly in the event of a software supply chain attack?From the perspective of Cloud, do you feel cloud adoption can help, or hinder when it comes to driving down risk associated with the supply chain?What are the biggest concerns / risks when it comes to building a secure software supply chain programI know you've been involved with projects such as TUF and in-toto. Can you help folks understand what those are and why they are valuable?What does the term "Cyber Resilient" mean to you?Find out more from Cole at Testify Sec - https://www.testifysec.com/

In this episode of the ATARC Federal IT Newscast, members of the Application Development Working Group at ATARC sit down to discuss new techniques, best-practices and a prescriptive approach for how government agencies can reduce software supply chain risks within their applications as well as comply with new government regulations. We are joined by David Wray from Microfocus & Robert Ficcaglia from Sunstone Secure to discuss the need for the executive order and NIST guidance on Software Supply Chain Risks. This episode is moderated by WG Chair and Senior Application Developer at the National Museum of African American History and Culture, Rayvn Manuel.

Our most recent episode of the Fed Talks podcast discusses new policy directives related to supply chain risk management.On this episode of Fed Talks, we explore how new policy directives related to supply chain risk management (SCRM) are challenging federal contractors to adapt their legal strategies, with special guest Alex Canizares from Perkins Coie, and Baker Tilly subject matter specialists, Jeff Clayton and Leo Alvarez. Questions addressed include:• What is the nexus between SCRM and DoD's Cybersecurity Maturity Model Certification framework?• What are effective approaches to managing disputes and/or False Claims Act risks as it relates to SCRM or cyber related attestations?• How will the Biden Cybersecurity Executive Order impact federal contractors?

On this episode of Fed Talks, we discuss the growing importance of supply chain risk management (SCRM) in federal procurement with Baker Tilly subject matter specialists, Jeff Clayton and Leo Alvarez. Questions addressed include:• What is SCRM and why now?• How is SCRM affecting federal acquisitions?• How is the use of all-source intelligence platforms (“supply chain illumination”) changing risk governance?

Welcome to a special six-part podcast series, sponsored by Exiger, on the TRADES Framework, a conceptual, strategic and practical guide for Third-Party and Supply Chain Risk Management designed by Exiger to help organizations achieve supply chain resiliency and optimize risk management at any phase of maturity. In this concluding episode, I am joined by Brandon Daniels, President, Global Markets and Erika Peters, Managing Director, Global Markets Group Head of Tech Transformation to look at supplier monitoring and provide some concluding remarks. Highlights Include: S is for Supplier Monitoring. Program implementation. From ongoing monitoring to continuous improvement. Your Suppliers eco-system. The role of data aggregators and tech solutions. Resources Exiger TRADES Framework Exiger Website Brandon Daniels Erika Peters Texas Tax rate at 80% of 8.25%

As the Tokyo Olympics stumble out of the gate and Tom returns to the wilds of the Texas Hill Country, he and Jay are back to take a look at this week's stories top compliance and ethics stories which caught their interest on This Week in FCPA in the No Fan Olympics edition.  Stories Why co-creation is key to design thinking in compliance. Carsten Tams continues his 5-part series on LinkedIn. Check out Tams Part 1 and Part 2 of his great 5-part series. What's going on with ESG in Europe. Vera Cherepanova in the FCPA Blog. What is social risk? Lawrence Heim in com. What's the current job market for compliance professionals? Matt Kelly in Radical Compliance. SFO secures two DPAs. Neil Hodge in Compliance Week (sub req'd) Responding to parallel investigations. Nicole Sprinzen and Catherine Yun in CCI. Auditing of SPACs. Francine McKenna takes a deep dive on The Dig. (Sub Req'd) EU Whistleblower Initiative? Keith Taylor in Navex Global's Risk and Compliance Matters. FTC signals more aggressive enforcement. Alexander Paul Okuliar and David J. Shaw NYU's Compliance and Enforcement The Enactment of Purpose Initiative. Wachtell, Lipton lawyers in the Harvard Law School Forum on Corporate Governance. Podcasts and Events In a sponsored 6-part podcast series Tom visits with folks from Exiger on its ground-breaking TP&SCRM framework, the TRADES Framework. Part 1-Transparency; Part 2-Risk Mitigation; Part 3-Assessing Risk; Part 4-Determining Mitigations; Part 5-Evaluating Uplift; Part 6, Supplier Monitoring. Tom and Megan Dougherty conclude their series on Loki, in Episode 6, For All Time. Always. They review the concluding episode of Season 1, look back over the entire series, review it in the context of the MCU series WandaVision and the Winter Soldier and Falcon and where the MCMultiverse may be headed. A new month on The Compliance Life! In July I visit with Asha Palmer, CECO at Convercent. In Episode 1, from Claire Huxable to the DOJ. In Episode 2, ‘What do you think about Abu Dhabi?' In Episode 3, she moves into compliance consulting and is surprised with what she observed. Are you a #GWICee? If you are not you should be. Join the co-hosts Lisa Fine and Mary Shirley for their fan fav lightening-round of listener submitted questions in this episode of Great Women in Compliance. What is the budget process for a corp compliance function? Kortney Nordrum lays it out for your in this episode of Survive and Thrive. Check out the video version on YouTube. The Compliance Handbook, 2nd edition is released. Learn about it here. Purchase it here. Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

Welcome to a special six-part podcast series, sponsored by Exiger, on the TRADES Framework, a conceptual, strategic and practical guide for Third-Party and Supply Chain Risk Management designed by Exiger to help organizations achieve supply chain resiliency and optimize risk management at any phase of maturity. Today we consider the TRADES Framework uplift evaluation with Brandon Daniels, resident, Global Markets and Josh Thiel, Executive Intern (Former Commander of Special Operations Task Force). Highlights Include: E is for evaluation. Evaluation at the Strategic Level. The role of the Board. What is the role at the Program Level? The Tactical Level? What is the role of senior leadership? Join us for our concluding episode, when Brandon Daniels and Erika Peters give a review of supplier monitoring and an update on how government and critical industry are leading the charge using TRADES to out-pace threats and vulnerabilities while minimizing third party and supply chain risk management gaps.  Resources Exiger TRADES Framework Exiger Website Brandon Daniels   Texas Tax rate at 80% of 8.25%

Welcome to a special six-part podcast series, sponsored by Exiger, on the TRADES Framework, a conceptual, strategic and practical guide for Third-Party and Supply Chain Risk Management designed by Exiger to help organizations achieve supply chain resiliency and optimize risk management at any phase of maturity. In this episode,In this episode, I visited with Carrie Wibben, Senior Vice President, Exiger Federal Solutions   and Aaron Narva, Senior Vice President, Head of Corporate Markets on determining risk mitigations.  Highlights Include: D is for determine risk mitigation. Solving problems and taking action. Both critical and creative thinking required. Coordination with the compliance function. The Role of Due Diligence. Join us tomorrow, where we discuss the step, evaluate the TRADES Framework uplift with Brandon Daniels and Josh Thiel. Resources Exiger TRADES Framework Exiger Website Aaron Narva Carrie Wibben Texas Tax rate at 80% of 8.25%

Welcome to a special six-part podcast series, sponsored by Exiger, on the TRADES Framework, a conceptual, strategic and practical guide for Third-Party and Supply Chain Risk Management designed by Exiger to help organizations achieve supply chain resiliency and optimize risk management at any phase of maturity. In this episode, I visit with Laura Tulchin, ESG Solutions Lead and Peter Jackson, ESG Solutions Lead and Peter Jackson - Director of SCRM Data Management & Innovation on assessing your current risks. Highlights include: A is for assessing risks. What is the ESG angle? Why is the maturity of your program critical? How do you put this into practice? Source provenance and authentic markers. Resources Exiger TRADES Framework Exiger Website Laura Tulchin Peter Jackson Texas Tax rate at 80% of 8.25%

Welcome to a special six-part podcast series, sponsored by Exiger, on the TRADES Framework, a conceptual, strategic and practical guide for Third-Party and Supply Chain Risk Management designed by Exiger to help organizations achieve supply chain resiliency and optimize risk management at any phase of maturity. In this episode, I visit with Theresa Campobasso, Senior Account Manager, National Security and Intelligence and Matt Hayden, Deputy Lead of GovTech Solutions (Former Assistant Secretary of Homeland Security for Cyber, Infrastructure, Risk, and Resilience) on risk methodology. Highlights Include: R is for Risk Methodology. Look at risk from multiple levels. Determining your Crown Jewels. Look at Macro Risks. Join us in our next episode where we discuss how to assess current risks with Laura Tulchin and Peter Jackson. Resources Exiger TRADES Framework Exiger Website Theresa Campobasso Matt Hayden Texas Tax rate at 80% of 8.25%

Welcome to a special six-part podcast series, sponsored by Exiger, on the TRADES Framework, a conceptual, strategic and practical guide for Third-Party and Supply Chain Risk Management designed by Exiger to help organizations achieve supply chain resiliency and optimize risk management at any phase of maturity. Exiger was founded to fight financial crime, fraud and terrorist financing by introducing technology-enabled solutions to the market's biggest supply chain, risk, investigation, litigation, and compliance challenges. A global authority on risk and compliance, Exiger serves the world's largest banks, Fortune 1000 companies and government agencies and regulators. In this first episode, we consider transparency with Skyler Chi and Tim Stone.  Highlights include: T is for Transparency. Taking stock. Using internal and external elements. What is inherent risk? What is imposed risk? 3 Levels: Strategic, Program an Entry. Join us in our next episode, where we discuss the Risk Methodology with Theresa Campobasso and Matt Hayden. Resources Exiger TRADES Framework Exiger Website Skyler Chi Tim Stone Texas Tax rate at 80% of 8.25%

As the threat environment changes, SCRM programs must change too.  What structural and behavioral changes can an organization make to effectively guard against emerging supply chain threats and secure a more resilient future? The frequency and severity of supply chain disruptions are increasing.  Consider evidence of adversarial cyberattacks, sociopolitical unrest, and climate change from the past year alone.  Mission is Possible guest host Jason Dury speaks with Matt Halvorsen from the FBI and Lisa Barr from CISA about how organizations are preparing for this change and the actions agencies can take to drive the evolution of supply chain risk management to ensure holistic SCRM solutions geared to meet the challenges of tomorrow.   For more information on the series, visit: https://guidehouse.com/insights/national-security/2020/mission-is-possible-podcast-series. 

This week, we welcome Doug Barbin, Managing Partner at Schellman & Company, LLC, to discuss Supply Chain Management! Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportunities, like Software Bill of Materials. From consequences to code integrity, DevOps teams need to understand how to protect their own code from others' components.   In the AppSec News, Mike and John discuss Rust in Android and the Linux kernel, vuln disclosure policy changes from Project Zero, security and DevOps collaboration, XSS with NULL, & a BootHole follow-up!   Show Notes: https://securityweekly.com/asw147 Additional resources: - National Supply Chain Integrity Month, https://www.cisa.gov/supply-chain-integrity-month - SCRM vendor template, https://www.cisa.gov/publication/ict-scrm-task-force-vendor-template - CWE VIEW: Hardware Design, https://cwe.mitre.org/data/definitions/1194.html   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Doug Barbin, Managing Partner at Schellman & Company, LLC, to discuss Supply Chain Management! Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportunities, like Software Bill of Materials. From consequences to code integrity, DevOps teams need to understand how to protect their own code from others' components.   In the AppSec News, Mike and John discuss Rust in Android and the Linux kernel, vuln disclosure policy changes from Project Zero, security and DevOps collaboration, XSS with NULL, & a BootHole follow-up!   Show Notes: https://securityweekly.com/asw147 Additional resources: - National Supply Chain Integrity Month, https://www.cisa.gov/supply-chain-integrity-month - SCRM vendor template, https://www.cisa.gov/publication/ict-scrm-task-force-vendor-template - CWE VIEW: Hardware Design, https://cwe.mitre.org/data/definitions/1194.html   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportunities, like Software Bill of Materials. From consequences to code integrity, DevOps teams need to understand how to protect their own code from others' components. Additional resources: - National Supply Chain Integrity Month, https://www.cisa.gov/supply-chain-integrity-month - SCRM vendor template, https://www.cisa.gov/publication/ict-scrm-task-force-vendor-template - CWE VIEW: Hardware Design, https://cwe.mitre.org/data/definitions/1194.html   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw147

Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportunities, like Software Bill of Materials. From consequences to code integrity, DevOps teams need to understand how to protect their own code from others' components. Additional resources: - National Supply Chain Integrity Month, https://www.cisa.gov/supply-chain-integrity-month - SCRM vendor template, https://www.cisa.gov/publication/ict-scrm-task-force-vendor-template - CWE VIEW: Hardware Design, https://cwe.mitre.org/data/definitions/1194.html   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw147

As March Madness descends upon us in the bubble this year, Tom and Jay look at this week’s stories top compliance and ethics stories which caught their interest on This Week in FCPA.  Stories 1.     Retaliation against whistleblowers on the rise. Tom interviews Pat Harned on the FCPA Compliance Report.  2.     Novaris announces a new ABC compliance program. Harry Cassin in the FCPA Blog.  3.     Expect closer cooperation between DOJ and SFO. Neil Hodge in Compliance Week. (sub req’d)    4.     Developments in state of New York antitrust law. WilmerHale lawyers in NYU Compliance and Enforcement Blog. 5.     NatWest facing criminal charges in UK over money-laundering. Mengqi Sun in WSJ Risk and Compliance Journal. 6.     Due Diligence and SCRM. Matt Kelly in Navex Global’s Risk and Compliance Matters Blog.  7.     Braskem investigates bribery of Pemex official in Mexico. Dylan Tokar in WSJ Risk and Compliance Journal. 8.     Here be the Dragon for Internal Audit. Ali Noor in XpertsLeague.  9.     Continuous monitoring through continuous auditing. Jonathan Marks in Board and Fraud.  10.  What do BODs and senior execs see as the top risks for 2021. Jim Deloach in CCI. Charles Mitchell in the Harvard Law School Forum on Corp Governance.   Podcasts and Events 11.  On The Compliance Life, Rob Chesnut joins me for the month of March.  In the first episode, In Episode 1, Rob talks about his academic career at UVA and how its Honor Code influenced his thinking about ethics in his professional career and his his career as an AUSA. In Episode 2, Rob moves cross country to join eBay. In Episode 3, Rob talks about moving into the Chief Ethics Officer role at Airbnb. 12.  Microsoft has joined the Compliance Podcast Network, with two podcasts, Voice of Data Protection and Uncovering Hidden Risks. In Episode 3 of Voices of Data Protection, Bhavanesh Rengarajan discusses the value of information governance.  In Episode 3 of Uncovering Hidden Risks, Raman Kalyan Talhah Mir consider using HR data to uncover insider risk. 13.  Check out some hoops and ethics in the 2021 Ethics Madness during the first day of March  Information and registration here.  14.  In a special five-part podcast series, I visited with Pat Harned, President of Ethics & Compliance Initiative (ECI), about the organization’s 2021 Global Business Ethics Survey. In Episode 1, we review some of the key trends. In Episode 2, we review the key findings. In this Episode 3, we take up the most troubling finding in the GBES; that being the huge uptick in retaliation. In Episode 4, we consider the impact of Covid-19 on compliance. We conclude with Episode 5 on Conclusions and Recommendations. Full series available on iTunes here. 15.  Tom announces his latest book, The Compliance Handbook, 2nd edition is available for presale purchase. Use the code FOX25 and go here. The Compliance Handbook 2nd edition will be available in both print and eBook editions. This week on The Compliance Handbook podcast, the ladies from #GWIC join Tom for a deep dive into written standards.  Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

In a growing interdependent market place,it is nearly impossible to develop every part or component in house.  Electronics are nearly entirely manufactured offshore. Concerns have risen about the trust worthiness of electronics that may contain extra or potentially malicious functionality.  Traditional supply chain risk management only deals with the suppliers ability to deliver a product on time and within budget.  Cyber aspects focus on the trustworthiness of the product that was delivered.  Those vendor that they themselves are procuring products, such as test systems,subtractive or additive manufacturing, are now concerned that the products they are producing are affected by Cyber Supply Chain Risk Management (C-SCRM). About the speaker: Mr. Randall Brooks is a Principal Engineering Fellow for Raytheon Technologies (NYSE: RTX). He is the Director of the Raytheon Cyber Center of Excellence. Brooks represents the company within the U.S. International Committee for Information Technology Standards Cyber Security 1 (CS1) and the Cloud Security Alliance (CSA). He has more than20 years of experience in Cybersecurity with a recognized expertise in software assurance (SwA) and secure development life cycles (SDLCs). In addition to holding eight patents, Mr.Brooks is a CISSP, CSSLP, ISSEP, ISSAP, ISSMP, and CCSK. He graduated from Purdue University with a Bachelor's of Science from the School of Computer Science.

In a growing interdependent market place,it is nearly impossible to develop every part or component in house.  Electronics are nearly entirely manufactured offshore. Concerns have risen about the trust worthiness of electronics that may contain extra or potentially malicious functionality.  Traditional supply chain risk management only deals with the suppliers ability to deliver a product on time and within budget.  Cyber aspects focus on the trustworthiness of the product that was delivered.  Those vendor that they themselves are procuring products, such as test systems,subtractive or additive manufacturing, are now concerned that the products they are producing are affected by Cyber Supply Chain Risk Management (C-SCRM).

Listen to the Rebbe discuss a few Halachos in today's Rambam: פרק ח הלכה א Guarding the Beis Hamikdash, 15 Shevat 5732: https://ashreinu.page.link/hkA3 (until 12:47) פרק א הלכה יא Rambam and Rashi, 10 Shevat 5741: https://ashreinu.page.link/1KsS (until 20:00) פרק ב הלכה יב Carrying the Aron, Part 1, Motzei Shabbos Naso 5739: https://ashreinu.page.link/iYHb (until 8:30) Carrying the Aron, Part 2, Motzei Shabbos Naso 5739: https://ashreinu.page.link/ScRm (until 27:39)

Hablamos con Roberto Águila, preparador físico del Atlético Pinto, sobre la importancia de una buen planificación y preparación física durante el confinamiento. Después, Guille Casquero y Álvaro Ortega nos traen algunos de los fichajes que nunca llegaron a completarse pero hubieran sido, cuanto menos, curiosos.

Analizamos como puede afectar la iniciativa de la RFEF con Rubiales a la cabeza en la disputa o no disputa de las competiciones de Segunda B, Tercera, Primera Iberdrola y Reto Iberdrola. Hablamos con Rafa Mainez, Alejandro Pecci y Jaime Mateos.

El Athletic Club y Aduriz llegan a un acuerdo para renovar su contrato hasta que se dispute la Final de la Copa del Rey. Así, el club vasco guarda respeto a una de sus leyendas, que no merece un final que no signifique disputar esta final frente a la Real Sociedad.

Dar rienda suelta a la imaginación es gratis e incluso viene bien en estos días de confinamiento. Suenan varios movimientos para el próximo mercado de fichajes y analizamos el encaje de algunos nombres como el de Lautaro en equipos como el Barcelona o el Real Madrid.

En una noche más de fútbol en Soccer City en Radio Marca, hablamos con Fabi Sanz, nutricionista, que nos cuenta como llevar una buena alimentación durante la cuarentena y algunos ejercicios que podemos hacer para mantenernos en forma. Después, hablamos con Paco Mariscal y Guille Casquero sobre Antic y el XI de jugadores que entrenó la ya leyenda futbolera.

En una noche más de fútbol en Soccer City en Radio Marca hablamos de música y su relación con el fútbol, hablando del futuro de La Liga, el golpe del Barça y 3 perlas de Segunda para subir a Primera División.

En Soccer City en Radio Marca no queremos emplear el lenguaje bélico para hacer referencia a la crisis del coronavirus, preferimos el símil futbolístico. Por ello, llamamos 'centrales' a todos los sanitarios y personas que protegen nuestra portería y despejan los centros del rival más difícil. Hablamos y conocemos la historia de uno de estos defensas centrales, con Yago Guisasola, militar que se encuentra despejando balones en el Hospital Gómez Ulla.

Analizamos la trayectoria de Hans Dieter Flick al frente del Bayern de Múnich, después de que el club bávaro decidiera renovarle como técnico hasta 2023. También conocemos al joven central del Oporto, Diogo Leite, que según algunos medios, lo tiene hecho con el Valencia.

Buscamos los mejores quintetos del fútbol europeo en modo 'Fifa Street'. Podrán los Oblak, Messi y compañía con la todopoderosa Premier o el equipazo de la Serie A.

Analizamos un día más en Radio Marca el panorama fútbol desde casa en cuarentena. Hoy hablamos de los jóvenes talentos de La Liga.

Hoy toca mirar al fútbol internacional y repasar los mejores futbolistas de las principales ligas europeas. Hacemos un Top-5 de los mejores jugadores de esta temporada en Italia, Inglaterra y Alemania, a lo que sumamos un jugador revelación y una decepción.

¿Qué pasa entre directiva y futbolistas en el Barça? ¿Quién es Camavinga? ¿Os acordáis de Gravesen? ¿Fue el danés un fichaje 'random' de la época? Hablamos de históricos fichajes 'random' del mundo del fútbol. ¿Por qué fichan los clubes a estos futbolistas?

Analizamos las declaraciones de FIFA sobre el parón del fútbol por el coronavirus y hacemos un juego de futbolistas.

Seguimos hablando de fútbol en cuarentena. Hoy lo hacemos sobre ERTES en el futbol femenino y sobre cómo están viviendo nuestros compañeros y amigos de Soccer City en Radio Marca la cuarentena en casa.

Hoy charlamos con amigos. Hacemos una pequeña encuesta entre varios amigos de Soccer City Media. ¿Qué película has visto en cuarentena? ¿Qué libro estás leyendo? ¿Qué estás haciendo que no podías hacer antes? ¿Qué partido repetido has visto? ¿Qué es lo que más echas de menos?

SCRM stands for Supply Chain Risk Management. Supply chain risk is not just part of another government acronym. It is a critical risk that needs to be managed as part of our national security. In this episode, we sit-down with Trixie Brewer who is the Mission Readiness Supervisor in Air Force Materiel Command's Logistics Directorate. Trixie provides candid insight into the integral part we as acquisition professionals play in the important job of managing supply chain risk. If you're thinking about skipping over this episode, don't. The information inside is priceless and will make you rethink acquisition processes. Acronyms: IP – Information Protection R&D – Research and Development AFMC – Air Force Materiel Command AFMC/CV – Deputy Commander, Air Force Materiel Command A4 – Installations, Logistics, and Force Protection DoD – Department of Defense DOTMLPF – Doctrine, Organization, Training, Materiel, Leadership and Education, Personnel, and Facilities PK – Contracting FM – Financial Management A1 – Personnel OSI – Office of Special Investigations AFRL – Air Force Research Laboratory OEM – Original Equipment Manufacturer CFIUS – Committee on Foreign Investments in the United States POTUS – President of the United States DMS – Diminishing Manufacturing Sources DID – Data Item Description CDRL – Contract Data Requirements List Subs – Subcontractors AFIMSC – Air Force Installation and Mission Support Center To learn more about recent SCRM efforts, check out: https://www.afmc.af.mil/News/Article-Display/Article/1700969/afmc-capability-roadmap-key-to-evolutionary-supply-chain-risk-management/ If you would like to share feedback on the podcast, please submit via thecontractingexperience@gmail.com.