all InfoSec news
What is Shadow Liability - Where does it lurk, and how much does it contribute to 3rd Party Risk
Feb. 9, 2022, 5:11 p.m. | /u/Nopsledride
cybersecurity www.reddit.com
Shadow Liability is defined as Risk that a company absorbs as a result of using 3rd party software, services or APIs. This is an especially tricky bit of liability to quantify accurately. Most organizations use a combination of vendor
(1) network and infrastructure vulnerability reports (ala Tenable type scans)
(2) security scorecard/bitsight type external opinion scores
(3) independent pen testing reports
(4) cyber-insurance policy coverage
(5) SOC2 type process oriented or more detailed FedRAMP style compliance reports
However a chasm …
!-->More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Engineer 2
@ Oracle | BENGALURU, KARNATAKA, India
Oracle EBS DevSecOps Developer
@ Accenture Federal Services | Arlington, VA
Information Security GRC Specialist - Risk Program Lead
@ Western Digital | Irvine, CA, United States
Senior Cyber Operations Planner (15.09)
@ OCT Consulting, LLC | Washington, District of Columbia, United States
AI Cybersecurity Architect
@ FactSet | India, Hyderabad, DVS, SEZ-1 – Orion B4; FL 7,8,9,11 (Hyderabad - Divyasree 3)