A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Got Vendors? - (BSides Nashville 2017) (Hacking Illustrated Series InfoSec Tutorial Videos)

Got Vendors?

Armin Smailhodzic and Willie Hight

BSides Nashville 2017

How many vendors does your company have? Do you have a list of all the vendors used within the company? Did you know that you were a vendor at one point? What is the process for approving vendors? How do you verify if these vendors are compliant to what your organization requests? Will they sign a BAA? Are these vendors on your network, in your building, looking at your information (PHI or PII)? Are they using their own machines while on your network, how are they protecting those if they are viewing/storing/modifying your data? Does your vendor have vendors working for you? What is the process for approving these vendors and who is involved? If you work in InfoSec, you've dealt with vendors/suppliers. If you haven't, you should go talk to the team that does and understand their process. You might be able to add to the process to protect your company. This talk will focus on the vendor management process within the Healthcare world. Depending on what your organization does, type of data it handles, where it is located, if it is private or public this process must be adapted. The underlying necessity of vendor management for an organization is becoming more trivial by the day. More and more work is being outsourced to save the organization money, but who is validating that the work being outsourced is being done with security in mind? Information Security members, need to be involved within the vendor process along with procurement, legal and disaster recovery to validate a vendor will protect the organization's information at the same levels the organization would. This must be a continuous process with checks and balances that requires great teamwork and understanding of the ever-changing needs of the organization.

Bosnian born, German raised, American educated Information Security Professional. Avid traveler/explorer, food and workout enthusiast, and PC gamer. Working in IT/InfoSec approaching 20 years I can attest to how every year has been different and the only consistent factor is change. I've enjoyed the ride and look forward to sharing and learning daily. Personally, I think good food, interesting people and projects help make life fun. Food, fellowship and fun very important ingredients to a good day.

Back to BSides Nashville 2017 list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast