Problem
Overview:
You are the CISO of a critical infrastructure company which also provides essential services to the federal government (as well as local and state governments). You need to respond to the President's Executive Order of May 12, 2021, with respect to section 4 of the EO - "Enhancing Software Supply Chain Security" for your company.
Instructions:
Using everything you've read and experienced in this class, what will you change in the way that your company develops software, purchases software, or utilizes cloud-based software-as-a-service?
What security practices (from NIST SSDF or any of the maturity models or SDLCs) will you add to your software development methodology as well as your software procurement process to respond to the President's order to improve cybersecurity in an industry that is a vital critical infrastructure and part of the nation's supply chain?
The response should include a reference list. Double-space, using Times New Roman 12 pnt font, one-inch margins, and APA style of writing and citations.