Vendor Risk Assessment: Hassle or Blessing?!

A Security Questionnaire, RFI, VRA (Vendor Risk Assessment), VR Management…helps customers identify and evaluate the risks of using a vendor’s product or service. Performing such a review is sometimes mandatory based on the industry (e.g. healthcare). During this standard business process, customer collects written information about security capabilities of a supplier and you could barely […]

ISMS is Not equal to Real Security!

Is having an information security management system equal to actual security?  No! Having an information security management system is not an indication of quality of security controls. Management systems are easier way of administration in a standard and systematic way, but they do not necessarily an indication of security control effectiveness.  As an example, ISO […]