search menu icon-carat-right cmu-wordmark

Addressing Supply Chain Risk and Resilience for Software-Reliant Systems

February 2023 Webinar
Carol Woody, PhD, Charles M. Wallen

In this webcast, Carol Woody and Charles Wallen discuss the Acquisition Security Framework (ASF) and how the ASF provides a roadmap to help organizations build security and resilience into a system.

Watch

Abstract

All technology acquired by an organization requires the support of (or integration with) components, tools, and services delivered by a diverse set of supply chains. However, the practices critical to addressing supply chain risks are typically scattered across many parts of the acquiring organization, and they are performed in isolated stovepipes. This situation causes inconsistencies, gaps, and slow response to crises. The Acquisition Security Framework (ASF) addresses this problem by combining leading cyber practices that help organizations manage supply chain risk and define the collaborations critical to securely acquiring, engineering, and operating software-reliant systems. The goals, practices, and processes that structure the ASF have been demonstrated as effective for managing risk and improving resilience. The ASF is consistent with published guidelines for supply chain risk management from ISO, NIST, and DHS.

What attendees will learn:

This webcast will introduce attendees to the ASF and demonstrate the ways in which the ASF provides a roadmap to help organizations build security and resilience into a system rather than “bolt on” these characteristics after deployment. The webcast will also examine how, following deployment, the ASF guides the ongoing management of system risk and resilience as the technology, threats, and requirements evolve over the system’s lifecycle.

ASF includes

  • leading security and resilience practices critical to supply chain risk management
  • a pathway for proactive process management that fosters effective collaboration across the range of stakeholders responsible for acquiring, developing, and deploying software-reliant systems

About the Speaker

Carol Woody, PhD

Carol Woody, PhD

Dr. Carol Woody has been a senior member of the technical staff since 2001. Currently she is the technical manager for the Cyber Security Engineering (CSE) team, whose research focuses on meeting the ...

Dr. Carol Woody has been a senior member of the technical staff since 2001. Currently she is the technical manager for the Cyber Security Engineering (CSE) team, whose research focuses on meeting the challenges of cyber security in acquisition, system and software engineering.  CSE is building capabilities in defining, acquiring, developing, measuring, managing, and sustaining secure software for highly complex networked systems as well as systems of systems.

Woody is an experienced technical researcher whose work has focused on government agencies, higher education, and medical organizations. She has helped them identify effective security risk management solutions, develop approaches to improve their ability to identify security and survivability requirements, and field software and systems with greater assurance.

As a consultant for ImageWork Technologies Corp., Woody managed the user testing for CITYTIME, a timekeeping application being developed for New York City. She also consulted with the Queens County District Attorney's Office of New York City to design and implement an electronic document management system. New York City's Administration for Child Services chose her to integrate financial information among state, city, and agency financial systems and also to construct a financial data warehouse and implement web-enabled processes for managing social service payments. As project manager at Yale University, Woody served as architect and implementing project manager for an integrated ID card solution, developed technical specifications and assisted users in vendor review and selection for a procurement package, designed and implemented expert system technology for distributed data collection, and managed a team of technicians supporting the financial operations of the university.

Woody holds a PhD in information science from Nova Southeastern University, an MBA from Wake Forest University, and a BS in mathematics from William and Mary.

Contact: Carol Woody

Read more
Charles M. Wallen

Charles M. Wallen

Charles M. Wallen has been a thought leader in operations and IT risk management for over 20 years. He has provided consulting to public and private organizations, led industry-wide initiatives, and ...

Charles M. Wallen has been a thought leader in operations and IT risk management for over 20 years. He has provided consulting to public and private organizations, led industry-wide initiatives, and managed global operations risk management and governance programs at American Express and Bank of America.  

Charles works closely with the CERT Division of Carnegie Mellon University’s Software Engineering Institute as a Senior Member of the Technical Staff. His work at CERT focuses on resilience management, external dependency risk management, and critical infrastructure protection. He is a Principal with Spectrum Consulting Services, in Dallas, Texas, which he formed in 2004. Spectrum provides management consulting to a variety of industries, specializing in operations risk management, cybersecurity, business continuity, supplier oversight, and governance.

Read more