Filter By:

Recent Blogs & Podcasts


\ Vendor Management 

July 5, 2017 | Data Loss Prevention (DLP)
By Josh More, IANS Faculty

 Tips for Protecting IP When Offshoring to China

Is it possible to offshore manufacturing processes to China while fully protecting corporate intellectual property (IP)? In this Ask-an-Expert live interaction, IANS Faculty Josh More recommends some key contractual, business process and security control changes to put in place to improve the odds.

Read More »

June 27, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Set Smart Minimum Vendor Security Requirements

As organizations increase the number of third-party vendors on their networks, ensuring all those vendors meet at least minimum security standards becomes exponentially difficult. In this Ask-an-Expert written response, Josh More explains how to ease the process by taking more of a risk-centric approach to the problem.

Read More »

May 30, 2017 | Malware and Advanced Threats
By Michael Pinch, IANS Faculty

 Top 5 Infosec Risks in Health Care and What to Do About Them

The top priorities for health care organizations today are uptime and free access to data, which means companies in this space face a number of security challenges. In this Expert Briefing, IANS Faculty Mike Pinch details the major security risks the health care industry is dealing with today - from ransomware to the Internet of Things - and offers strategies for tackling these challenges.

Read More »

May 24, 2017 | Vendor and Partner Management
By Kevin Beaver, IANS Faculty

 Don't Let Vendor Stonewalling Thwart Your Due Diligence

How can you adequately assess prospective vendors when they won't let you review the results of their penetration tests or vulnerability scans? In this Ask-an-Expert written response, IANS Faculty Kevin Beaver recommends ways to reduce your risk, from changing the scope of your information requests to switching vendors altogether.

Read More »

May 23, 2017 | Incident Response Planning
By Ondrej Krehel, IANS Faculty

 Negotiate a Winning Incident Response Retainer

The digital forensics and incident response (IR) market is a dynamic place with a growing number of vendors creating a wide variety of offerings and pricing models. In this report, IANS Faculty Ondrej Krehel details the three types of incident response retainers and offers key considerations for organizations deciding which would best suit their requirements and objectives. 

Read More »

May 12, 2017 | Application Development and Testing
By Jason Gillam, IANS Faculty

 Outsourcing Application Security Testing

Outsourcing dynamic application security testing (DAST), especially since it involves automated tools like AppScan and Burp, should be relatively straightforward. That is, until you consider the importance of the human element. In this Ask-an-Expert live interaction, IANS Faculty Jason Gillam suggests staff augmentation and developer training as more cost-effective and efficient ways to free up internal staff.

Read More »

April 28, 2017 | Penetration Testing and Red Teaming
By Kevin Johnson, IANS Faculty

 Drafting a Pen-Testing Request for Quote (RFQ)

Contracting with third-parties for penetration tests -- against both internal and externally facing resources -- is an important part of security. But what is the best way to craft a request-for-quote? In this Ask-an-Expert written response, IANS Faculty Kevin Johnson examines a sample draft RFQ and offers recommendations to ensure all the bases are covered.

Read More »

March 22, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Setting Requirements for Vendors Storing Sensitive Data

Vetting and managing vendors has become increasingly important for organizations in recent years, particularly for those that are storing, processing or transmitting sensitive data. In this Ask-an-Expert written response, IANS Faculty Josh More walks through a simplified approach to assessing, qualifying, classifying and verifying vendors to ensure they can be trusted to handle sensitive data. 

Read More »

March 20, 2017 | Vendor and Partner Management
By Kevin Beaver, IANS Faculty

 Beaver: Taking Responsibility for Vendor Product Security

At the end of the day, you can't blame poor security and the subsequent incidents and breaches on someone else. Rather than more finger-pointing, regulation and red tape, let's have the discipline to do what's right and take the proper steps to reasonably lock things down – even if it's someone else's product.

Read More »