Some guidance from the US government (including device security labels). Supply chain security. Developments in the cyber underworld (including a gang with some perverse integrity).
CyberWire Daily
00:00
How to Justify a Third-Party Risk and Lifecycle Program
The most successful third-party risk and lifecycle programs tend to be fixated on the internal focus as much as they are the external. Being able to build up that vendor inventory with the business, getting the business and the stakeholders involved is foundational. So there's sort of a seesaw approach where you need to have the buy-in and the vested capabilities and support of the business in order to drive the program effectively.
Play episode from 16:16
Transcript
