Feb 5, 2020 | Information Security, Risk Management, Vendor Assessments
Unless you’re living in a cave, you’ve provided data to a corporation, and a hacker has probably stolen it. Personal data today is one of the most valuable assets on the planet, which leads organizations to spend enormous resources to collect data. However, those same...
Feb 15, 2019 | Information Security, Risk Management, Vendor Assessments
How Vendor (3rd Party) Security Assessments can help you build a better security program By: Justin Fimlaid Are you thinking about Vendor (3rd Party) Security Assessments? Aspirations to build onto your Vendor Security Assessment program? Why wouldn’t you...
Oct 25, 2018 | Risk Management, Vendor Assessments
By: Paul Dusini We’ve all heard about data breach horror stories like Target’s staggering leak of 40 million customer credit and debit card accounts or Home Depot’s stolen 56 million payment card accounts. Considering the significant damage to a brand’s reputation and...
Oct 16, 2018 | Compliance, Information Security, New York Cyber 23 NYCRR 500, Risk Management, Vendor Assessments
By Paul Dusini, Information Assurance Manager In a recent blog Less is More: Focusing Your Third-Party Vendor Risk Assessments on the Basics, we provided guidance for developing the list of questions to use when assessing the security posture of your third-party...
Sep 19, 2018 | Vendor Assessments
By: Paul Dusini, Information Assurance Manager CISOs, CIOs, and Risk Managers often understand the importance of vendor information security assessments but don’t know where to begin. I manage a team of analysts who perform vendor assessments, and we have experience...
Aug 29, 2018 | Risk Management, Vendor Assessments
SOC reports and Vendor Management By: Brianna Blanchard, Information Assurance Analyst Statement on Standards for Attestation Engagements (SSAE) audits are conducted by third party auditors and are used to document and evaluate internal controls. The SOC reports...
Jul 26, 2018 | Vendor Assessments
By: Paul Dusini, Information Assurance Manager There are a growing number of vendor risk assessment services on the market today. These services can be divided into two categories – ones that assess risks outside of the vendor’s firewall and those that assess risks...
Mar 27, 2018 | Risk Management, Vendor Assessments
Third party security assessments are a crucial part of any information security risk management program. Conducting ongoing security assessments of your vendors will give you clarity on the risks you may be inheriting from them. The first step in any vendor security...
Aug 29, 2016 | Risk Management, Vendor Assessments
An ever changing landscape More and more companies are relying on business partners to deliver on strategy and daily operations to optimize IT or business outcomes. The problem: individuals outside the business have been given access to your network and data by...
Jun 24, 2016 | Risk Management, Vendor Assessments
For many companies, the use of third-party vendors is an afterthought. After all, every company uses them, whether it be for a payroll service or some type of marketing platform. However, just because the use of third-party partners is widespread doesn’t mean that...
