Episode 106 — Third-Party Risk: Vendor Selection, RFP, RFI, RFQ, EOI, Due Diligence, and Conflicts (5.3)
This episode explains third-party risk and why vendors, partners, suppliers, service providers, and contractors can extend an organization’s attack surface and compliance obligations. Students should understand vendor selection as a security-relevant process that evaluates capability, reliability, controls, cost, and fit. Requests for information gather general details, requests for proposal ask vendors to explain how they would meet a need, requests for quote focus on pricing, and expressions of interest help identify potential participants. Due diligence reviews security posture, financial stability, compliance history, and operational risk before relying on a third party. For Security+ scenarios, students should also consider conflicts of interest that could weaken trust, fairness, or objectivity. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with. And dont forget Cyberauthor.me for the companion study guide and flash cards!
