Trust but Verify: An Argument for Security Testing Vendors presented at SupplyChainCybersecuritySummit 2019

by Rachel Tobener,

Summary : Before a company shares data with an external vendor, an important question needs to be considered: Does this vendor have a mature security program that will keep the company's data safe? To answer this question, companies often employ a variety of vendor risk-management strategies, including questionnaires, requests for documentation, and contract language, as well as a variety of new tools that scan the public face of a vendor. But are these strategies truly effective at gauging the vendor's security maturity? In this session, the presenters will argue that hands-on security testing is one of the best methods to measure security maturity, and that it is far more effective than any other strategy. You'll learn how best to incorporate security testing into your vendor risk-management program at any scale, scope your testing, interpret results, and overcome the common challenges that a security team can face with hands-on security testing.