removed emoji from filenames, Obsidian changed all relevant links
This commit is contained in:
parent
d316285a74
commit
68f1c38681
638 changed files with 710 additions and 3176 deletions
15
Corpus/Literature notes/Treating vendors as a risk.md
Normal file
15
Corpus/Literature notes/Treating vendors as a risk.md
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
Source version date: 4 oktober 2021
|
||||
Accessed: 14 oktober 2021
|
||||
https://danielmiessler.com/blog/its-time-for-vendor-security-2-0/
|
||||
|
||||
## It's Time for Vendor Security 2.0 - Daniel Miessler
|
||||
|
||||
Miessler proposes treating vendors and vendor solutions as a risk and perform a Vendor Risk Assessment on them: look for "an understanding of 1) the integration of that vendor into your business, 2) what could go wrong if/when they were/are compromised, and 3) what you can do to mitigate that risk".
|
||||
|
||||
Assume a breach will happen and take preventive measures to reduce the impact, by improving the risk visibility, and look for ways to reduce the scope, penetration, and access that the vendor tool has to minimum levels.
|
||||
|
||||
Related:
|
||||
- [Awareness](../🎇%20Sparks/Awareness.md)
|
||||
- [Vendor security MoC](../🎇%20Sparks/Vendor%20security%20MoC.md)
|
||||
- [Risk analysis](../🎇%20Sparks/Risk%20analysis.md)
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue