1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IT Vendor Risk Management: Improving but Still Inadequate

Discussion in 'Network World' started by RSS, Nov 5, 2015.

  1. RSS

    RSS New Member Member

    One of the fundamental best practices of cyber supply chain security is IT vendor risk management. When organizations purchase and deploy application software, routers, servers, and storage devices, they are in essence placing their trust in the IT vendors that develop and sell these products.

    Unfortunately, this trust can be misplaced. Some IT vendors (especially startups) focus on feature/functionality rather than security when they develop products resulting in buggy vulnerable products. In other cases, hardware vendors unknowingly build systems using malicious components sourced through their own supply chain. IT products are also often purchased through global networks of third-party distributors that have ample opportunity to turn innocent IT products into malicious confederates for cybercrime.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page