The first post called out fairly damning findings about the state of vendor security governance at most firms, and looked at the criticality of: Early engagement Doing triage Clarity about vendor selection […]
Does your #SupplyChain #Cybersecurity #RiskManagement reflect your security dependence on 3rd parties?
Far too many do far too little to assess and govern 3rd party security…it’s time for that to change.
An old fashioned tale of reporting lines impacting effective communication, missing due diligence, disgruntled insiders, social engineering, technical risk blinkers, political incident response and risk owners not being armed with the information they need.
She-ra. Space hosting. Status Quo. The Usual Suspects. TEA and Taylor Swift…what I said and didn’t have time to say at BSides London
Defender mentality or Attacker mentality? Can a natural leaning towards one position or the other have an unhelpful blinker effect and are they mutually exclusive?
Are you seriously going to ask your milkman the same security questions as your network hosting partner?
Of course not. But between those extremes, companies have a world of pain working out how much vendor and change assurance is enough…
….its the all new Trustwave Security Pressures Report. Last year 80% IT pros felt pressure to deliver insecure IT solutions. What’s changed?