Social Network For Security Executives: Help Make Right Cyber Security Decisions
Hi, wish to know how some of you manage vendor security assurance. One model I observe as emerging is, having a common platform and avoiding redundant efforts. Some players like Helios, KY3P offer this as service. What's your take and have any of your organisation experimented such platform. Representing a product organisation, we qualify as vendors. One another model is to self establish a platform and take an annual attestation from independent assurance firms. Wish to hear your views on this topic. Thanks(question posted on behalf of a CISO member)
Tags:
The below response is based on CISO Platform closed group discussion:
(private CISO member)
In my view, it will be a combination of Self Assessments + Onsite reviews depending on the risk profile of vendors. With Banks typically having the largest vendor base, KY3P and Trusight popped up. As we speak, we are trying to roll out ServiceNow Vendor Risk Management module which allows us to get online self assessment done but for vendors that need onsite review, we use a combination on inhouse resources and 3rd party resources
# Manageengine Adaudit Plus -vs- Netwrix Auditor
# Rapid7 Nexpose -vs- Tenable Network Security Nessus
# Algosec Firewall Analyzer -vs- Tufin Orchestration Suite
# Hp Arcsight Siem Solutionarcsight Express -vs- Splunk Enterprise Splunk Cloud Splunk Light
# Cisco Meraki Mx Appliances -vs- Fortinet Fortigate
# Cloud Access Security Broker
# Distributed Denial of Service
# Network Advanced Threat Protection
© 2019 Created by CISO Platform.
Powered by
Badges | Report an Issue | Privacy Policy | Terms of Service