Security Posture by Example

Scenario 15 - Software Signatures

Amalgamated Capital is a financial services company which is a subsidiary of the Amalgamated Example Company. They loan money to large Amalgamated customers as part of the sale of other Amalgamated products.

After hearing stories from their peers on the success of Amalgamated Security, Amalgamated Capital implements a PACE system similar to Scenario 14.

Previously, based on advice from the FS-ISAC, all Amalgamated Capital software is signed, as well as all software from Amalgamated Capital suppliers is signed.

Amalgamated Capital includes software signatures as part of all SBOMs in their PACE system, as well as signs the SBOMs themselves. This further increases the PES ability to detect Solar Winds-like attacks.