A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


InfoSec Big Joke: 3rd Party Assessments - moey - @securitymoey (BSides Chicago 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)

InfoSec Big Joke: 3rd Party Assessments
moey
@securitymoey

BSides Chicago 2014

Darn $service_provider they bunked it up again! Wait didn’t we do a vendor assessment on them…how the hell didn’t we find this? Go pay them a site visit and find out what’s going on!I chuckle to myself after listening to my CISO say this to me again. Another normal conversation right after an incident, but seriously why didn’t we find out that they only supported shared passwords? Or that they are outsourcing their security to a 4th party? Or that their offices in Pune have dogs in the hallways?Are vendor assessments a joke but nobody is laughing. This presentation will discuss my perspective on 3rd party assessments from sitting on “both sides of the table”.This presentation will discuss:- how 3rd party assessments go wrong - how to ask the right questions - how to maintain a security vendor relationship

Back to BSides Chicago 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast