How should an organization assess and manage security risks associated with third-party vendors? Describe the vendor risk management lifecycle and key controls.

Sample answer preview

Third-party vendor relationships extend an organization's risk profile beyond its direct control. Data breaches at vendors, service outages from suppliers, and security weaknesses in software dependencies can all impact the organization.