InfoSec Big Joke: 3rd Party Assessments - moey - @securitymoey (BSides Chicago 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)
InfoSec Big Joke: 3rd Party Assessments
moey
@securitymoey

BSides Chicago 2014

Darn $service_provider they bunked it up again! Wait didn’t we do a vendor assessment on them…how the hell didn’t we find this? Go pay them a site visit and find out what’s going on!I chuckle to myself after listening to my CISO say this to me again. Another normal conversation right after an incident, but seriously why didn’t we find out that they only supported shared passwords? Or that they are outsourcing their security to a 4th party? Or that their offices in Pune have dogs in the hallways?Are vendor assessments a joke but nobody is laughing. This presentation will discuss my perspective on 3rd party assessments from sitting on “both sides of the table”.This presentation will discuss:- how 3rd party assessments go wrong - how to ask the right questions - how to maintain a security vendor relationship

Back to BSides Chicago 2014 video list



If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek