Access your Pro+ Content below.
Vendor risk management and the CISO
This article is part of the December 2010 issue of Information Security magazine
Every business today depends to some extent on third parties -- it's a reality that's becoming even more pronounced as companies move to more cloud-based services. And in order to effectively provide a product or service, a certain percentage of those third parties will require access to confidential corporate and/or customer information. Obviously, it is incumbent on management to ensure that not only is the third party capable, but also in the course of its operations can ensure that the data entrusted to it remains secure. Traditional vendor management programs have tended to focus to a large degree on "ability to deliver" with data security being an almost secondary consideration. What managers often fail to fully appreciate, especially for large or very visible companies, is that while a third party's failure to deliver would in all likelihood be operationally disruptive, a massive data breach could be devastating. The challenge for companies is how to ensure protection when they often have little ability to monitor ...
Features in this issue
Security must be included in disaster recovery planning to ensure sensitive data is protected.
The Data Accountability and Trust Act, if passed into law, would create a national standard for privacy and data protection.
Cybercriminals are taking advantage of poorly deployed security software with customized malware designed to infiltrate systems and steal data without being detected.
The CISO has a key role in reducing the risk of sharing sensitive corporate data with third parties.
Columns in this issue
Cloud computing presents a lot of security issues but security professionals need to accept the challenge.
Choose wisely when pursuing industry certifications and advanced degrees to gain the best competitive advantage.
In the 112th Congress, enterprises can expect a heavy focus on Internet privacy issues on Capitol Hill.