SOS10 - Understanding and Managing Supply Chain Risk (with Michael Caruso)

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/72/ff/d0/72ffd05c-54b6-2bac-b655-117bd646d754/mza_16596518184016210249.jpg/600x600bb.jpg

State of Security: Expert Insights on Cybersecurity Operations and the Business of Cyber

Access Point Consulting

28 episodes

5 days ago

State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice.

Learn more at accesspointconsulting.com.

Technology

RSS

All content for State of Security: Expert Insights on Cybersecurity Operations and the Business of Cyber is the property of Access Point Consulting and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Learn more at accesspointconsulting.com.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/42326551/c0fbf4049ae8f29c.jpg

SOS10 - Understanding and Managing Supply Chain Risk (with Michael Caruso)

State of Security: Expert Insights on Cybersecurity Operations and the Business of Cyber

25 minutes 41 seconds

1 year ago

SOS10 - Understanding and Managing Supply Chain Risk (with Michael Caruso)

Takeaways

Identify and assess the risks associated with third-party vendors and suppliers
Build strong relationships with critical vendors and continuously monitor their security posture
Understand the risks associated with the third parties used by your own third parties
Use tools like BitSight and UpGuard for scanning and monitoring vulnerabilities
Have management support, clear roles and responsibilities, and a focus on security posture

Chapters

00:00 Introduction and the Importance of Identifying Third Parties

03:02 Defining Supply Chain Risk Management

09:44 The Risks of Shadow IT Vendors

13:28 Building Relationships with Critical Vendors

17:18 The Challenges of Fourth-Party Risk Management

20:09 Tools for Scanning and Monitoring Vulnerabilities

23:03 Key Recommendations for CISOs and CIOs