Vault restructure

Corpus/📚️ Literature notes/Treating vendors as a risk.md

@@ -0,0 +1,15 @@
+Source version date: 4 oktober 2021
+Accessed: 14 oktober 2021
+https://danielmiessler.com/blog/its-time-for-vendor-security-2-0/
+
+## It's Time for Vendor Security 2.0 - Daniel Miessler
+
+Miessler proposes treating vendors and vendor solutions as a risk and perform a Vendor Risk Assessment on them: look for "an understanding of 1) the integration of that vendor into your business, 2) what could go wrong if/when they were/are compromised, and 3) what you can do to mitigate that risk".
+
+Assume a breach will happen and take preventive measures to reduce the impact, by improving the risk visibility, and look for ways to reduce the scope, penetration, and access that the vendor tool has to minimum levels.
+
+Related:
+- [Awareness](../🎇%20Sparks/Awareness.md)
+- [Vendor security MoC](../🎇%20Sparks/Vendor%20security%20MoC.md)
+- [Risk analysis](../🎇%20Sparks/Risk%20analysis.md)
+