This message was posted by a user wishing to remain anonymous
I would suggest crafting something based on the scope of your program that aligns with the current organizations risk framework. Read
NIST SP 800-161 (Chapter 1), foundation risks are the same, channel is different.
Risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation
Original Message:
Sent: 02-06-2020 03:38 PM
From: Dan Graham
Subject: Vendor Risk Definition
Can you share a definition of Vendor Risk that you are madly in love with?