richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

removed emoji from filenames, Obsidian changed all relevant links

Browse source
This commit is contained in:
Richard Kranendonk 2026-05-07 15:01:04 +02:00
parent d316285a74
commit 68f1c38681
638 changed files with 710 additions and 3176 deletions
Download patch file Download diff file Expand all files Collapse all files

15
Corpus/📚️ Literature notes/Treating vendors as a risk.md
View file

@ -1,15 +0,0 @@
Source version date: 4 oktober 2021
Accessed: 14 oktober 2021
https://danielmiessler.com/blog/its-time-for-vendor-security-2-0/
## It's Time for Vendor Security 2.0 - Daniel Miessler
Miessler proposes treating vendors and vendor solutions as a risk and perform a Vendor Risk Assessment on them: look for "an understanding of 1) the integration of that vendor into your business, 2) what could go wrong if/when they were/are compromised, and 3) what you can do to mitigate that risk".
Assume a breach will happen and take preventive measures to reduce the impact, by improving the risk visibility, and look for ways to reduce the scope, penetration, and access that the vendor tool has to minimum levels.
Related:
- [Awareness](../🎇%20Sparks/Awareness.md)
- [Vendor security MoC](../🎇%20Sparks/Vendor%20security%20MoC.md)
- [Risk analysis](../🎇%20Sparks/Risk%20analysis.md)