From the course: IoT Product Security
Unlock this course with a free trial
Join today to access over 23,100 courses taught by industry experts.
CPSO reporting structure: Part 1
From the course: IoT Product Security
CPSO reporting structure: Part 1
Hi, I'm Matthew Clark. And this is Lesson 2.4: CPSO Reporting Structures, Part 1. In this lesson, we will look at lines of defense and possible places to have the CPSO report into. So let's get started. A discussion with four CPSOs from Honeywell, Schneider Electric, GE, and Rockwell Automation at the 2020 RSA event outline this concept of lines of defense. The link to their discussion is in the resources section, and these were four highly intelligent individuals, and I completely recommend that you listen to that. They outline that the first line of defense is the business line, or in other words, the engineering organization. The individuals that are closest to the product, the ones that are responsible for implementation of product security controls. This is where security either happens or it doesn't. The second line of defense is the enterprise operations. They're responsible for ownership of the product security program, developing the strategy, and establishing controls to…
Contents
-
-
-
Foundations for success10m 6s
-
(Locked)
IoT product security program: Part 19m 16s
-
(Locked)
IoT product security program: Part 29m 21s
-
(Locked)
CPSO reporting structure: Part 16m 34s
-
(Locked)
CPSO reporting structure: Part 26m 26s
-
(Locked)
CPSO reporting structure: Part 310m 55s
-
(Locked)
Supplier risk9m 35s
-
(Locked)
Contracts9m 56s
-
(Locked)
Case study: CCleaner9m 39s
-
-
-
-
-
-