The Anti-Checklist Manifesto - Nick Selby
Third Party Risk (3PR) conversations have been center-tile on Buzzword Bingo cards for a few years now, but the way most firms approach 3PR hasn’t been effective at quantifying the risk a third-party provider actually presents. With several damaging software supply chain breaches in the course of a couple of months, executives are trying to understand how we got into this mess, and how we get out of it. There’s a lot wrong with how we strive to attain that understanding, typically reduced to handing vendors a spreadsheet groaning under the weight of baseline technology configuration questions written in the 1990s by accountants so that auditors may assess security – thus reducing “trust” to a checklist almost entirely unrelated to trustworthiness.
What is the way forward? How can we ask better questions that give us answers that are proxies for how much an organisation cares about trust and security? This talk proposes a new path forward, and a ten-question sample so you can get started.
Talk given on 23rd September 2021
#supplychain
#risk
#GRC