CISSP - Supply Chain Risk Management and Third-Party Controls
Watch on YouTube Supply chain attacks like NotPetya caused over $10 billion in damages by compromising a trusted software update channel - making vendor risk management one of the most critical areas in CISSP Domain 1. This video covers hardware, software, and service supply chain risks; SOC 2 Type I vs Type II; vendor minimum security requirements; SBOM and the 2021 federal mandate; and the NotPetya 2017 case study. Watch the next video: CISSP 1.13 - Security Awareness and Training Programs.
▶ Watch next: CISSP - The CIA Triad Beyond the Basics [1.2] https://www.youtube.com/watch?v=CA-A5miNiaU
Chapters
- 0:00 The Weakest Link You Did Not Build
- 1:36 The Supply Chain Attack Surface
- 3:13 Third-Party Assessment and Vendor Programs
- 5:19 Minimum Security Requirements and SLAs
- 7:18 SBOM: Knowing What Is Inside Your Software
- 9:38 NotPetya 2017: Ten Billion from a Software Update
- 11:38 Defense Playbook: Monitoring and Tiering
- 13:41 Exam Traps and Final Anchor
- 15:53 Quiz Time
Supply chain attacks like NotPetya caused over $10 billion in damages by compromising a trusted software update channel - making vendor risk management one of the most critical areas in CISSP Domain 1. This video covers hardware,...
Key Topics
- The Weakest Link You Did Not Build
- The Supply Chain Attack Surface
- Third-Party Assessment and Vendor Programs
- Minimum Security Requirements and SLAs
- SBOM: Knowing What Is Inside Your Software
- NotPetya 2017: Ten Billion from a Software Update
- Defense Playbook: Monitoring and Tiering
- Exam Traps and Final Anchor