The first post called out fairly damning findings about the state of vendor security governance at most firms, and looked at the criticality of: Early engagement Doing triage Clarity about vendor selection […]
Who is viewed as formal owner of your cybersecurity risks? A poll for anyone in any organisation. This isn’t asking who should be risk owner, it’s asking who the majority of staff think owns these risks. […]
Does your #SupplyChain #Cybersecurity #RiskManagement reflect your security dependence on 3rd parties?
Out with the old and in with the new. Musing on a personal and #InfoSec transformation
Is this a valuable outing of a principle-free profit-obsessed security trade, careless stereotype reinforcement, something in between, or a harmless bit of #InfoSec name dropping?
Working out why handling of the upgrade made me so grumpy and how we hand over so much control to big vendors.