Category


Latest Blogs

All Blogs »

March 22, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Setting Requirements for Vendors Storing Sensitive Data

Vetting and managing vendors has become increasingly important for organizations in recent years, particularly for those that are storing, processing or transmitting sensitive data. In this Ask-an-Expert written response, IANS Faculty Josh More walks through a simplified approach to assessing, qualifying, classifying and verifying vendors to ensure they can be trusted to handle sensitive data. 

Read More »


February 27, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Managing Vendors With Disparate Frameworks

Vendor due diligence becomes even more challenging when there are a variety of information security frameworks in play. In this Ask-an-Expert written response, IANS Faculty Josh More details two approaches to the problem: a formalized mapping process using the COBIT framework and an ad-hoc approach designed to prioritize the specific risks facing the organization. 

Read More »


November 7, 2016 | Vendor and Partner Management
By Marty Gomberg, IANS Faculty

 Identifying Vendor Risk Red Flags

When it comes to evaluating vendors, there are a number of factors organizations need to keep in mind, from integration costs to uptime guarantees. In this Ask-an-Expert written response, IANS Faculty Martin Gomberg lays out some of the major red flags organizations should look out for when evaluating vendors, from the due diligence phase to the questionnaire process.

Read More »


May 23, 2016 | Vendor and Partner Management
By Adam Ely, IANS Faculty

 Automating the Vendor Evaluation Process

Evaluating the security posture of third-party vendors can sometimes devolve into a cumbersome process of distributing security questionnaires, pestering vendors for data and then manually combing through responses to determine overall risk. In this Ask-an-Expert live interaction, IANS Faculty Adam Ely suggests ways to streamline the process.

Read More »


May 5, 2016 | Managed Security Services
By Dave Shackleford, IANS Faculty

 MSSP Vendor Landscape

When evaluating managed security services providers (MSSPs), it's critical to consider a number of factors, including cost, platforms supported, service-model flexibility and experience. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford assesses some of the major MSSPs and their capabilities, and offers tips for what to watch out for when choosing an MSSP.

Read More »


April 29, 2016 | Consulting and Professional Services
By Dave Shackleford, IANS Faculty

 Security Orchestration: A Market Overview

The security orchestration marketplace has gained significant traction in recent years, as organizations look to these tools to automate various processes from incident response to compliance detection/remediation. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford examines key vendors in the security orchestration space and details several factors to consider when looking into these products, including maturity, alignment with SIEM and ease of implementation.

Read More »


March 10, 2016 | Supply Chain Security
By Marcus Ranum, IANS Faculty

 Avoiding the Target Scenario: Securely Managing Third-Party Remote Access in a Flat Network

No one wants to be the next Target, but providing third-party vendor access into a relatively flat corporate network can leave you open to a Target-like hack in which attackers gain entry and then move laterally to siphon off critical data. In this Ask-an-Expert live interaction, IANS Faculty Marcus Ranum says implementing privileged access management offers a partial solution, although hyper-segmenting the network is the best way to go.

Read More »


September 17, 2015 | Managed Security Services
By Dave Shackleford, IANS Faculty

 Best Practices for Managing MSSPs

While vendor selection can be a challenging process, the work does not simply end once the decision is made. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford offers recommendations for delegating roles and responsibilities for monitoring managed security service providers (MSSPs), and offers specific KPIs that should be used to measure these vendors, including churn rate and quantity of false positives.

Read More »


August 13, 2015 | Networking and Network Devices
By Dave Shackleford, IANS Faculty

 Internal Network Monitoring Solution RFP (Template)

When creating a request for proposal (RFP) of any kind, the purpose is to ensure prospective vendors can check all of the necessary boxes. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford develops a comprehensive RFP template specifically designed for organizations seeking an internal network monitoring solution.

Read More »


August 4, 2015 | Managed Security Services
By Mike Saurbaugh, IANS Faculty

 Determining MSSP Vendor Selection Criteria

Selecting a vendor is a multifaceted process in which security teams have begun to insert themselves more aggressively. In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh details the key information security teams should be gleaning from prospective vendors during the request for proposal (RFP) process, including details on financial performance and existing strategic partnerships.

Read More »