Filter By:

Recent Blogs & Podcasts

Insights

\ Vendor Management 



September 13, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Create Optimal Contract Language to Enable App Security Assessments via the Cloud

Getting application vendors to agree to have their wares tested in the cloud can  pose challenges, especially because many vendor contracts prohibit the sharing of code, binaries or other data with outside parties. In this Ask-an-Expert written response, IANS Faculty Josh More offers some sample contract language to make it work. 

Read More »


August 30, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 How to Vet Third Parties That Store Your Critical Data in Someone Else’s Cloud

It's difficult enough to vet your vendors, but how do you vet your vendors' vendors, especially when they're storing your sensitive data in the cloud? In this Ask-an-Expert written response, IANS Faculty Josh More details specific questions in seven key areas that you should ask your vendors to ensure your data is secured properly, no matter where it's hosted. 

Read More »


August 24, 2017 | Risk Management
By Josh More, IANS Faculty

 Risk-Scoring Firms Aren’t Viable – Yet

A new breed of vendors is attempting to extend the financial/credit risk-scoring model to the information security world, enabling organizations to rate vendors according to their "risk score." In this Ask-an-Expert written response, IANS Faculty Josh More explains why such security risk scores aren't a very viable approach to vendor assessment, at least not yet.

Read More »


August 22, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Help the Business Uncover Security Red Flags When Vetting Third-Party Apps

While business stakeholders can't perform detailed security analyses of third-party applications, they can ask some key questions to help weed out critical shortcomings. In this Ask-an-Expert written response, IANS Faculty Josh More provides a list of questions designed to help the business uncover security red (and yellow) flags in potential applications. 

Read More »


August 3, 2017 | Managed Security Services
By Dave Shackleford, IANS Faculty,
     Dave Kennedy, IANS Faculty

 How to Vet and Choose the Right MSSP for You

Most MSSPs claim to have the right staff and services in place to meet your every security need, but how can you be sure the one you pick will actually deliver on its promises? In this Ask-an-Expert written response, IANS Faculty Dave Shackleford and Dave Kennedy offer a shortlist of top vendors and offer advice for vetting, choosing, contracting with and managing the right MSSP. 

Read More »


July 5, 2017 | Data Loss Prevention (DLP)
By Josh More, IANS Faculty

 Tips for Protecting IP When Offshoring to China

Is it possible to offshore manufacturing processes to China while fully protecting corporate intellectual property (IP)? In this Ask-an-Expert live interaction, IANS Faculty Josh More recommends some key contractual, business process and security control changes to put in place to improve the odds.

Read More »


June 27, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Set Smart Minimum Vendor Security Requirements

As organizations increase the number of third-party vendors on their networks, ensuring all those vendors meet at least minimum security standards becomes exponentially difficult. In this Ask-an-Expert written response, Josh More explains how to ease the process by taking more of a risk-centric approach to the problem.

Read More »


May 30, 2017 | Malware and Advanced Threats
By Michael Pinch, IANS Faculty

 Top 5 Infosec Risks in Health Care and What to Do About Them

The top priorities for health care organizations today are uptime and free access to data, which means companies in this space face a number of security challenges. In this Expert Briefing, IANS Faculty Mike Pinch details the major security risks the health care industry is dealing with today - from ransomware to the Internet of Things - and offers strategies for tackling these challenges.

Read More »


May 24, 2017 | Vendor and Partner Management
By Kevin Beaver, IANS Faculty

 Don't Let Vendor Stonewalling Thwart Your Due Diligence

How can you adequately assess prospective vendors when they won't let you review the results of their penetration tests or vulnerability scans? In this Ask-an-Expert written response, IANS Faculty Kevin Beaver recommends ways to reduce your risk, from changing the scope of your information requests to switching vendors altogether.

Read More »