SOS10 - Understanding and Managing Supply Chain Risk (with Michael Caruso) - podcast episode cover

SOS10 - Understanding and Managing Supply Chain Risk (with Michael Caruso)

Jul 16, 202426 min
--:--
--:--
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Takeaways

  • Identify and assess the risks associated with third-party vendors and suppliers
  • Build strong relationships with critical vendors and continuously monitor their security posture
  • Understand the risks associated with the third parties used by your own third parties
  • Use tools like BitSight and UpGuard for scanning and monitoring vulnerabilities
  • Have management support, clear roles and responsibilities, and a focus on security posture

Chapters

00:00 Introduction and the Importance of Identifying Third Parties

03:02 Defining Supply Chain Risk Management

09:44 The Risks of Shadow IT Vendors

13:28 Building Relationships with Critical Vendors

17:18 The Challenges of Fourth-Party Risk Management

20:09 Tools for Scanning and Monitoring Vulnerabilities

23:03 Key Recommendations for CISOs and CIOs

For the best experience, listen in Metacast app for iOS or Android