From Direct to Distant: The Challenge of Third and Fourth-Party Digital Risk Management
intelligence2risk.substack.com
On July 31, The Information published an article titled “In an Unusual Move, Nvidia Wants to Know Its Customers’ Customers.” It occurred to me that Chief Information Security Officers (CISOs) would like to know their vendors’ vendors. Why? To help prevent or minimize legal or compliance failures. Our increasingly interconnected ecosystem of technology and security suppliers creates a dearth of visibility for risk implications. One vendor exposure or compromise can quickly create a cascade effect, such that third-party visibility may no longer suffice, even for the often evolving compliance frameworks. As
From Direct to Distant: The Challenge of Third and Fourth-Party Digital Risk Management
From Direct to Distant: The Challenge of…
From Direct to Distant: The Challenge of Third and Fourth-Party Digital Risk Management
On July 31, The Information published an article titled “In an Unusual Move, Nvidia Wants to Know Its Customers’ Customers.” It occurred to me that Chief Information Security Officers (CISOs) would like to know their vendors’ vendors. Why? To help prevent or minimize legal or compliance failures. Our increasingly interconnected ecosystem of technology and security suppliers creates a dearth of visibility for risk implications. One vendor exposure or compromise can quickly create a cascade effect, such that third-party visibility may no longer suffice, even for the often evolving compliance frameworks. As