This article is part of the May 2006 issue of Identity crisis solved: Tips from a top identity management expert
If you want to do business with Home Depot, you've got to get past information risk manager Tony Spurlin's team of engineers. Using comprehensive evaluation processes and his homegrown assessment framework, his team examines potential partners' cor- porate security posture. Partners that haven't nailed down their security don't connect to Home Depot. How rigorous is your certification process? We have to provide an on-site assessment for our partners if they want to connect to us or use our data in any way. A team of engineers travels on site, and [the partner] goes through an interview, which is standardized and based on an information security framework I developed. It's a top-down, drilled down look at their corporate security posture, policies, technology solutions, and management and monitoring of security policies. Then, there's a final gap analysis to determine if they are in compliance with Home Depot policies. Do you run into resistance from partners? If there are issues, we recommend remediation, and they must remediate before anything goes into ... Access >>>
Premium Content for Free.
Hot Pick: Q1 Labs QRadar 5.0
Q1 Labs QRadar 5.0
Network Access Control: Endforce's Enterprise 2.5
Endforce's Enterprise 2.5
Insecure.org's Nmap 4.01
PRODUCT REVIEW We take a close look at seven antispyware products. Can they keep your corporate desktops free of prying eyes?
Is Microsoft Trustworthy Yet?
PLATFORM SECURITY The fourth anniversary of its Trustworthy Computing Initiative is marked with mixed reviews from users.
Sendmail Sentrion GP product review
Product review of open source Sendmail Sentrion GP, which can build on software to enhance email security with antivirus, antispam and policy interface.
- Hot Pick: Q1 Labs QRadar 5.0
IDENTITY MANAGEMENT GM's Jarrod Jasper drives a common user profile across all systems.
Recent Releases: Security product briefs, February 2006
Read about the security products released in February 2006.
INDUSTRY COMPLIANCE With the goal of reducing fraud, the credit card associations' PCI standard scores points for clarity.
TippingPoint/3Com's TippingPoint X505 product review
In this product review, get info on TippingPoint/3Com's TippingPoint X505 intrusion prevention security tool. Learn about product cost, installation, setup and configuration features.
BITS & BOLTS Microsoft's .NET development framework can help your Web apps perform securely.
- Reborn Identity
Editor's Desk: Show me the money
Layer 8: In security, leadership comes first
Perspectives: Security issues are similar worldwide
Security managers are concerned about the same things worldwide: Managing risk more effectively, making management care about security, and what to do about end users.
- Editor's Desk: Show me the money
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...