How to have an accurate vendor risk assessment? Assessing your vendors, suppliers, business associates…or any other term you give to who is providing services to your firm is crucial and even might be required from a regulatory stand point (i.e. like in HIPAA). I do not want to get into detail of what would be… Continue reading Accurate Vendor Risk Assessment
Category: Policy
Vendor Risk Assessment: Hassle or Blessing?!
A Security Questionnaire, RFI, VRA (Vendor Risk Assessment), VR Management…helps customers identify and evaluate the risks of using a vendor’s product or service. Performing such a review is sometimes mandatory based on the industry (e.g. healthcare). During this standard business process, customer collects written information about security capabilities of a supplier and you could barely… Continue reading Vendor Risk Assessment: Hassle or Blessing?!
New Vulnerability Disclosure Policy
Effective today March 20, 2002, SECURE TARGET will be following a new policy in regards to the disclosure of vulnerability information: All vulnerabilities discovered by SECURE TARGET or any member of the entity including myself shall will be kept private during discovery and even after initial submission to vendors, unless otherwise explicitly considered harmless with… Continue reading New Vulnerability Disclosure Policy