Far too many do far too little to assess and govern 3rd party security…it’s time for that to change.
My contribution to the reams written about the catastrophic OPM breach. Born out of weariness and the realisation that cybersecurity breach related news is sometimes repetitive for a reason…
She-ra. Space hosting. Status Quo. The Usual Suspects. TEA and Taylor Swift…what I said and didn’t have time to say at BSides London
Are you seriously going to ask your milkman the same security questions as your network hosting partner?
Of course not. But between those extremes, companies have a world of pain working out how much vendor and change assurance is enough…
…a potential provider that brags about how comprehensive their due diligence is doesn’t “get it”— it’s about ranking risks and targeting resources where they are needed.
Your confidential data should be seen as your baby. It may be (in the case of customer data and data from partner companies) your adopted baby, but you are accountable for the […]
My first piece for http://theanalogiesproject.org Using the hard decisions involved in choosing childcare, to focus in on the enormous and growing challenge governing 3rd party security. “Your confidential data can be seen […]