We all have to trust our business partners to take security seriously, but how can we be sure they live up to our expectations? We might not have the leverage that some big companies do, but we do have some tools available to help us. In the next few posts I will discuss some tips to help address security issues with your vendors and other business partners.
First, the easy ones- ask them for copies of their privacy and security policies. Next, ask for direct security and compliance contacts (not just their regular support information). While it is important to have this information, it is also important to make them realize that you are concerned and checking up on them. We all tend to behave better when we know we are being watched.
Look over the information you receive, and note the things you don't receive. Ask questions and raise concerns. If anything is especially troubling, bring it to your employer and explain why (without hysterics) you think it is a problem.
To be continued...
Jack
skip to main |
skip to sidebar
Just another security blog.
About Me
- Jack Daniel
- Storyteller, Information Security Curmudgeon, Security BSides Co-Founder, Community Advocate at Tenable Network Security, Co-host at Security Voices podcast.
Contact- jdaniel/at/voodooelectronics/dot/com
Blog Archive
-
▼
2007
(57)
-
▼
July
(13)
- But Jack, isn't that hypocritical?
- Partners and Security, Part 3
- A Convert!
- Mental Health, InfoSec and Playing with Fire
- Partners and Security, Part 2
- BeanSec!
- iEnough iAlready with the iPhone!
- The good things about small business IT
- Time for an introduction
- Are the vendors clueless, or are we?
- Happy Birthday USA
- Security and Business Partners
- Security Anecdote Theater, episode 2
-
▼
July
(13)