- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Third Party Risk is Really About Access Controls
Third-party risk management often treats vendors like a mysterious external threat while internal access gets far more trust than it deserves.
In this video, I talk about vendor risk, SOC 2, access control, production access, cloud dependencies, open-source packages, CI/CD actions, and why “internal” does not automatically mean controlled.
The better model is dependency risk: what business process depends on it, what data or access does it touch, how should it be scoped, can it be isolated, what monitoring exists, and what evidence is actually useful based on the blast radius?
Third-party risk is real. But the category matters less than the access path.
Видео Third Party Risk is Really About Access Controls канала This is GRC
In this video, I talk about vendor risk, SOC 2, access control, production access, cloud dependencies, open-source packages, CI/CD actions, and why “internal” does not automatically mean controlled.
The better model is dependency risk: what business process depends on it, what data or access does it touch, how should it be scoped, can it be isolated, what monitoring exists, and what evidence is actually useful based on the blast radius?
Third-party risk is real. But the category matters less than the access path.
Видео Third Party Risk is Really About Access Controls канала This is GRC
Комментарии отсутствуют
Информация о видео
8 ч. 45 мин. назад
00:01:46
Другие видео канала
Can your phone’s facial recognition be bypassed? How? #hacking #shorts
GRC is technical #shorts #GRC #cybersecurity
Explain information security in the enterprise with a city analogy #cybersecurity #infosec #shorts
Hackers are using supply chain attacks to infect your favourite apps! Find out how! #infosec #shorts
Rise of Advanced Phishing Attacks: we’re in this together #shorts #phishing #infosec
The Hard Truth About Pivoting Into GRC Careers #grc #security #securityjobs
Security analysts: don’t do this! #shorts #vulnerabilitymanagement
How to automate IAM compliance audits? #grc #iso27001 #pcidss #soc2 #internalaudits #auditrisk
Are you prepared for deepfake phishing attacks? #cybersecurity #shorts
Cybersecurity done right without the bureaucracy #securitymanagement #grc #securityrisks #shorts
Learn why anti-cheating software can be a security issue #cybersecurity
Change my mind #it #itsecurity #compliance
RBAC in 60 seconds #cybersecurity #accessmanagement #activedirectory #rbac
How do ransomware gangs operate? Teens at risk of getting recruited #ransomware #shorts #hacking
How AI will affect your online security. Cybersecurity expert opinion. #infosec #cybersecurity #ai
GRC has a frameworks obsession problem #grc #soc2 #iso27001 #pcidss #fedramp
Cool tech stories to share with your friends! #ai #bing #tech #techexplained #technews #shorts
Explain DevOps like I’m five in 60 seconds! What is dev, what is ops, why do we merge them #devops
Pentesting is overrated. Cybersecurity has more to do with accounting #cybersecurity
Why Cybersecurity is a good career choice for people with Asperger #cybersecurity #asperger #shorts
Don’t build your cybersecurity program around “not getting breached” #infosec l#shorts
