cybersecurity

14 readers

1 users here now

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

founded 2 years ago

MODERATORS

How do you do Vendor Risk Management, when people use their google workspace email to create tons of social network, uber, spotify, "bestPDF" and other accounts (zerobytes.monster)

submitted 5 days ago by [email protected] to c/[email protected]

0 comments fedilink hide all child comments

The original post: /r/cybersecurity by /u/Different-Car6898 on 2025-06-25 11:44:00.

Hello fellow cyber security experts!

My company is currently in the process of acquiring ISO 27001 certification. We are using a compliance software, and while doing Vendor Discovery, we got a match on around 300 small apps (max 3 accounts each), where the account was created using the google workspace work email.

Accounts include: facebook, instagram, youtube, spotify, some free online PDF managers, some quick post or image editors etc.

How am I supposed to rank these? We do offer trainings for security best practices, but cannot really monitor 24/7 people and what they do with their laptop. In theory an employee could have uploaded a pdf report with sensitive data to freePDFEditor online or similar... Does that make the tool "high risk"?