BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//DIB SCC CyberAssist - ECPv6.2.4//NONSGML v1.0//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-ORIGINAL-URL:https://ndisac.org/dibscc
X-WR-CALDESC:Events for DIB SCC CyberAssist
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-Robots-Tag:noindex
X-PUBLISHED-TTL:PT1H
BEGIN:VTIMEZONE
TZID:America/New_York
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20260308T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20261101T060000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20260303T140000
DTEND;TZID=America/New_York:20260303T150000
DTSTAMP:20260418T235212
CREATED:20260226T144726Z
LAST-MODIFIED:20260226T144726Z
UID:17439-1772546400-1772550000@ndisac.org
SUMMARY:SANS - Trust Your Vendors\, Do You?
DESCRIPTION:Organizations increasingly depend on vast ecosystems of thirdparty vendors\, expanding their operational capacity—but also their attack surface and risk exposure. This talk challenges trustby-default approaches to vendor relationships and makes the case for a modern\, thirdparty risk management (TPRM) program. We begin by framing why vendor risk matters\, examine realworld breach case studies to illustrate how upstream dependencies and fourthparty links can amplify impact. The session will highlight regulatory drivers—NIS2\, DORA\, and GDPR—and translates them into practical expectations for supplychain security\, continuous oversight\, and incident reporting. We analyze limitations of traditional questionnaires (SIG/CAIQ)\, which are static\, selfreported\, and often out of date\, and propose a continuous TPRM lifecycle: riskbased vendor tiering\, due diligence proportional to criticality\, automated external posture monitoring\, corrective action tracking\, and secure offboarding.
URL:https://ndisac.org/dibscc/events/sans-trust-your-vendors-do-you/
LOCATION:Virtual Conference
END:VEVENT
END:VCALENDAR