2      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778596 - Getting offensive with your third parties


Oct 19, 2021 1:45pm ‐ Oct 19, 2021 2:45pm



Credits: None available.

Description

Reading about supply chain attacks can cause anxiety when companies today procure much of their software and services from third parties. The tick-box approach of vetting suppliers with cursory audits misses many of the pain points that are often leveraged in real attacks. This session will cover integrating offensive security into traditional third party vetting approaches or using offensive security as its own benchmark prior to integrating third-party software and services into your environment. We'll cover examples of how to apply this approach to your own third-party vetting, and include some real-life success stories of vulnerabilities found in products already in use by many companies.

Learning Objectives:
  • Understand how and when to apply offensive security in third-party risk assessments.
  • Know and appreciate the limitations of current third-party onboarding.
  • Apply this knowledge within your own third-party onboarding.

Speaker(s):

Tags: Intermediate

Credits

  • 1.00 - CPE

You must be logged in and own this session in order to post comments.