Filter By:

Recent Blogs & Podcasts

Insights

\ Vendor Management 



October 30, 2017 | Architecture, Configuration and Segmentation

 Internal Network Monitoring Solution Request-for-Proposal (RFP) Template

When creating a request for proposal (RFP) of any kind, the purpose is to ensure prospective vendors can check all of the necessary boxes. This document provides a comprehensive RFP template specifically designed for organizations seeking an internal network monitoring solution.

Read More »


October 6, 2017 | Vendor and Partner Management

 Russian Hackers’ Breach of NSA via Kaspersky Software

In 2015, Russian-government backed hackers stole classified National Security Agency (NSA) data on U.S. cyber-offensive capabilities, according to a Wall Street Journal report on Tuesday, October 5th. The stolen information included details on how the U.S. defends against cyberattacks and the techniques it uses to penetrate foreign networks.

Read More »


October 2, 2017 | Vendor and Partner Management
By Rich Guida, IANS Faculty

 Weigh the Risk/Benefit of Partnering with Startups

Vetting third-parties that are new, small and innovative is very different from assessing established vendors. In this Ask-an-Expert written response, IANS Faculty Rich Guida explains how to weigh a startup's overall benefits against its security risks, and offers tips for getting the business to mitigate or accept them.

Read More »


September 13, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Create Optimal Contract Language to Enable App Security Assessments via the Cloud

Getting application vendors to agree to have their wares tested in the cloud can  pose challenges, especially because many vendor contracts prohibit the sharing of code, binaries or other data with outside parties. In this Ask-an-Expert written response, IANS Faculty Josh More offers some sample contract language to make it work. 

Read More »


August 30, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 How to Vet Third Parties That Store Your Critical Data in Someone Else’s Cloud

It's difficult enough to vet your vendors, but how do you vet your vendors' vendors, especially when they're storing your sensitive data in the cloud? In this Ask-an-Expert written response, IANS Faculty Josh More details specific questions in seven key areas that you should ask your vendors to ensure your data is secured properly, no matter where it's hosted. 

Read More »


August 24, 2017 | Risk Management
By Josh More, IANS Faculty

 Risk-Scoring Firms Aren’t Viable – Yet

A new breed of vendors is attempting to extend the financial/credit risk-scoring model to the information security world, enabling organizations to rate vendors according to their "risk score." In this Ask-an-Expert written response, IANS Faculty Josh More explains why such security risk scores aren't a very viable approach to vendor assessment, at least not yet.

Read More »


August 22, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Help the Business Uncover Security Red Flags When Vetting Third-Party Apps

While business stakeholders can't perform detailed security analyses of third-party applications, they can ask some key questions to help weed out critical shortcomings. In this Ask-an-Expert written response, IANS Faculty Josh More provides a list of questions designed to help the business uncover security red (and yellow) flags in potential applications. 

Read More »


August 3, 2017 | Managed Security Services
By Dave Shackleford, IANS Faculty,
     Dave Kennedy, IANS Faculty

 How to Vet and Choose the Right MSSP for You

Most MSSPs claim to have the right staff and services in place to meet your every security need, but how can you be sure the one you pick will actually deliver on its promises? In this Ask-an-Expert written response, IANS Faculty Dave Shackleford and Dave Kennedy offer a shortlist of top vendors and offer advice for vetting, choosing, contracting with and managing the right MSSP. 

Read More »


July 5, 2017 | Data Loss Prevention (DLP)
By Josh More, IANS Faculty

 Tips for Protecting IP When Offshoring to China

Is it possible to offshore manufacturing processes to China while fully protecting corporate intellectual property (IP)? In this Ask-an-Expert live interaction, IANS Faculty Josh More recommends some key contractual, business process and security control changes to put in place to improve the odds.

Read More »