Managing Third-Party Meltdown & Spectre Risk Exposure Strategic Recommendations Beyond Patching

Posted by RiskRecon on Jan 17, 2018 6:49:26 PM

Summary

The Meltdown and Spectre vulnerabilities represent an entirely new class of security flaws that are deeply rooted in long-standing CPU architecture. As such, Meltdown and Spectre are likely the first of many issues that will have to be dealt with quickly as research in CPU security flaws intensifies. Tactically, it is important that you ensure your third-parties implement the necessary patches. Strategically, it is essential that you reassess your standards governing third-party use of cloud-hosting providers and implement measures to bring your third-parties into compliance with the updated standards. 

In this document, we provide a brief explanation of the Meltdown and Spectre vulnerabilities and why they are so impactful, particularly to cloud computing. We also suggest a tactical plan for addressing the issue with your third-parties, and recommend strategic considerations for your larger third-party risk-governance program.

 

Read More

Topics: Continuous Monitoring, 3rd party risk management, Security Ratings, Vendor Security, 3PRM, Third Party Risk

New Call-to-action

Subscribe to Email Updates

Recent Posts