SOS10 - Understanding and Managing Supply Chain Risk (with Michael Caruso)
Jul 16, 2024•26 min
Episode description
Takeaways
- Identify and assess the risks associated with third-party vendors and suppliers
- Build strong relationships with critical vendors and continuously monitor their security posture
- Understand the risks associated with the third parties used by your own third parties
- Use tools like BitSight and UpGuard for scanning and monitoring vulnerabilities
- Have management support, clear roles and responsibilities, and a focus on security posture
Chapters
00:00 Introduction and the Importance of Identifying Third Parties
03:02 Defining Supply Chain Risk Management
09:44 The Risks of Shadow IT Vendors
13:28 Building Relationships with Critical Vendors
17:18 The Challenges of Fourth-Party Risk Management
20:09 Tools for Scanning and Monitoring Vulnerabilities
23:03 Key Recommendations for CISOs and CIOs
For the best experience, listen in Metacast app for iOS or Android
