- CISO Series Newsletter
- Posts
- VIDEO: More of What Sets Off a CISO's BS Detector
VIDEO: More of What Sets Off a CISO's BS Detector
VIDEO: More of What Sets Off a CISO's BS Detector
What Do Security Vendors Say or Do That Sets Off Your BS Detector? - REVISITED
Due to the popularity of my article, "30 Behaviors of Security Vendors That Set Off a CISO's BS Detector" I decided to ask the same question to security experts at the Security BsidesSF conference, just ahead of the RSA Conference this year.
This week's episode of Defense in Depth
Tools for Managing 3rd Party Risk
On this episode of Defense in Depth:
Co-host Allan Alford, CISO of Mitel, and our guest Eric Cowperthwaite, director of information security at Esterline, discuss the following:
We question if there's some type of pseudo-protection racket going on with auditors offering to increase vendors' security scores if they go into business with them.
The basic model is to help you identify issues and resolve them in order to reduce your risk and protect yourself from certain types of risk.
While our risk changes on a daily basis, we're not measuring the risk other 3rd parties may be introducing at the same iteration level. Often it's only annual which doesn't coincide with how we measure our own risk.
As a result, there's a desire for ongoing real-time assessment of third party risk. CISOs want the depth of an audit combined with real-time monitoring.
Best of breed approach often introduces new risk at the lines of integration.
Special thanks to this week's Defense in Depth podcast sponsor, Praetorian.
As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.