Every security professional and every privacy professional understands that supply chain security is as important as in-house security. (If you don’t understand this, stop and read Maria Korolov’s January 25, 2019 article in CSO, What is a supply chain attack? Why you should be wary of third-party providers.)
So how do you marshal the resources that you need to implement effective supply chain security? Borrowing from the same motivation techniques that we use to keep ourselves going to the gym, I recommend a combination of sex appeal (highlighting attractive benefits), pain avoidance (highlighting the painful risks) and recruiting allies (finding support within and outside of your organization).
Your company is a supplier to your customers. If those customers are security- or privacy-aware, your company is undoubtedly already on the receiving end of a steady stream of vendor security questionnaires from your customers. These customers take their supply chain security seriously; they are measuring you (your attractiveness) based on the information that they collect about your security practices, including whether you actively manage your supply chain security.
What do your responses to the supply chain security questions look like? Are your practices as soft and flabby as a couch potato’s beer-belly? Or can you show off your company’s (toned and fit) SOC 2 Type 2 audit results that demonstrate your organization’s commitment to the security and privacy of your customers’ data?
Effective supply chain security can help strengthen your customers’ trust in you and can help your company to be a market driver. Ultimately, effective supply chain security helps increase sales and profitability.
Effective supply chain security is preventive medicine in that it helps your company reduce the likelihood of incurring the pain of fines and legal settlements, loss of intellectual property, diversion of scarce (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Amy Grant. Read the original post at: https://www.tripwire.com/state-of-security/risk-based-security-for-executives/risk-management/supply-chain-security-sex-appeal-pain-allies/