866 B
866 B
Source version date: 4 oktober 2021 Accessed: 14 oktober 2021 https://danielmiessler.com/blog/its-time-for-vendor-security-2-0/
It's Time for Vendor Security 2.0 - Daniel Miessler
Miessler proposes treating vendors and vendor solutions as a risk and perform a Vendor Risk Assessment on them: look for "an understanding of 1) the integration of that vendor into your business, 2) what could go wrong if/when they were/are compromised, and 3) what you can do to mitigate that risk".
Assume a breach will happen and take preventive measures to reduce the impact, by improving the risk visibility, and look for ways to reduce the scope, penetration, and access that the vendor tool has to minimum levels.
Related: