An organization implements supply chain risk management (SCRM) into all phases of the Systems Development Life Cycle (SDLC). What methodology is MOST important to ensure that SCRM requirements are met?
Answer C) Vulnerability Assessment
Effectively managing cyber supply chain risk requires a comprehensive view of threats and vulnerabilities. Although it is good practice to have 3rd party review the product, it does not help if a vulnerability assessment hasn't been done to show what needs to be addressed/fixed.
https://csrc.nist.gov/csrc/media/Projects/cyber-supply-chain-risk-management/documents/C-SCRM_Fact_Sheet.pdf
I would have to agree with the chosen answer here, to ensure the requirements are met, a third-party assessment is needed. C is a vulnerability assessment, while best practice to conduct these often, it can be flawed and biased
i think the answer should be C: The most important methodology to ensure that supply chain risk management (SCRM) requirements are met throughout the Systems Development Life Cycle (SDLC) is the "threat modeling" methodology.
Threat modeling is a structured approach for identifying and evaluating potential threats and vulnerabilities in a system, including those that may arise from the supply chain. By systematically analyzing the system architecture, data flows, and potential attack vectors, threat modeling can identify areas where SCRM controls need to be implemented to mitigate risks.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
YesPlease
11 months, 1 week agobabaseun
1 year, 6 months agojackdryan
1 year, 6 months agoBodatiousbob
1 year, 8 months agoArsh_2022
1 year, 9 months ago