http://cschwartz.net/posts/2025-07-17T07:00:00+00:00http://cschwartz.net/2025-07-17T07:00:00+00:00http://cschwartz.net/tags/risk-managment/2025-07-17T07:00:00+00:00http://cschwartz.net/tags/2025-07-17T07:00:00+00:00http://cschwartz.net/posts/2025-07-17-third-party-risk-management-know-when-to-walk-away/2025-07-17T07:00:00+00:00http://cschwartz.net/tags/third-party-risk/2025-07-17T07:00:00+00:00http://cschwartz.net/tags/controls/2025-07-10T06:30:00+00:00http://cschwartz.net/posts/optimizing-party-due-diligence-business-impact/2025-07-10T06:30:00+00:00http://cschwartz.net/posts/2025-07-02-third-party-risk-assessment-start-with-impact-not-questionnaires/2025-07-02T05:00:00+00:00http://cschwartz.net/tags/governance/2025-06-26T07:00:00+00:00http://cschwartz.net/posts/2025-06-26-streamlining-third-party-risk-governance-in-infosec/2025-06-26T07:00:00+00:00http://cschwartz.net/posts/2025-06-18-third-party-risk-management-beyond-vendor-questionnaires/2025-06-19T07:00:00+00:00http://cschwartz.net/tags/asset-inventories/2025-06-11T07:00:00+00:00http://cschwartz.net/tags/assets/2025-06-11T07:00:00+00:00http://cschwartz.net/posts/2025-06-11-operational-artifacts-managing-governance-bling-spots/2025-06-11T07:00:00+00:00http://cschwartz.net/posts/scaling-governance-secondary-assets/2025-06-05T06:00:00+00:00http://cschwartz.net/posts/slicing-secondary-assets-broadly-narrow-undermines-risk-management/2025-05-29T07:00:00+00:00http://cschwartz.net/tags/threats/2025-05-29T07:00:00+00:00http://cschwartz.net/posts/2025-05-22-if-everything-is-a-secondary-asset-nothing-is-manageable/2025-05-22T07:00:00+00:00http://cschwartz.net/tags/infosec/2025-05-22T07:00:00+00:00http://cschwartz.net/tags/risks/2025-05-15T07:00:00+00:00http://cschwartz.net/posts/2025-05-15-threat-ontologies-over-threat-lists-less-listicle-more-logic/2025-05-15T07:00:00+00:00http://cschwartz.net/posts/2025-05-9-not-all-controls-all-the-time/2025-05-09T09:00:00+02:00http://cschwartz.net/posts/2025-05-02-infosec-inventories-need-layers/2025-05-02T09:00:00+02:00http://cschwartz.net/tags/near-misses/2025-04-24T09:00:00+02:00http://cschwartz.net/posts/2025-04-24-near-misses-are-worth-talking-about/2025-04-24T09:00:00+02:00http://cschwartz.net/tags/security-incidents/2025-04-24T09:00:00+02:00http://cschwartz.net/posts/2025-04-17-incident-frequency-stats-are-mostly-useless/2025-04-17T09:00:00+02:00http://cschwartz.net/tags/statistics/2025-04-17T09:00:00+02:00http://cschwartz.net/legal-notice/http://cschwartz.net/talks/http://cschwartz.net/categories/