Acquisition and Procurement Security (Domain 4)
No se pudo agregar al carrito
Add to Cart failed.
Error al Agregar a Lista de Deseos.
Error al eliminar de la lista de deseos.
Error al añadir a tu biblioteca
Error al seguir el podcast
Error al dejar de seguir el podcast
Acquisition and Procurement Security (Domain 4)
-
Narrado por:
-
De:
Acerca de esta escucha
Security doesn’t start when a system is installed—it begins during the procurement process. In this episode, we examine how secure acquisition strategies reduce long-term risk by vetting vendors, establishing supply chain transparency, and embedding cybersecurity requirements in contracts and service-level agreements (SLAs). We discuss how organizations should assess the security posture of suppliers, request evidence of internal controls or compliance certifications, and evaluate whether vendors follow secure development and patching practices. For hardware, this includes checking firmware integrity, sourcing from trusted distributors, and ensuring devices haven’t been tampered with in transit. For software, it means scrutinizing development environments, dependency management, and licensing concerns that could introduce vulnerabilities or legal risks. Secure procurement lays the foundation for every layer of the security stack that follows—it’s where the risk lifecycle begins, and getting it wrong at this stage can compromise everything that comes after.