Information Security

 View Only

Welcome to the Information Security Community. Here you will find the latest discussions and resources that can help you in this area. This community is dedicated to discussions related to SOCs, business continuity and disaster recovery planning, cybersecurity, and other information security topics and challenges. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Information Security: You're expected to understand your vendor's approach to security. Verifying a vendor’s information security practices are sound is vital to safeguarding your data. It needs to be a requirement since the protection of your data, regardless of the size of your organization, and the protection of each individual customer are fundamental to the success of your organization.

Latest Discussion Posts

  • Profile Picture

    Third-party security risk management road map

    This message was posted by a user wishing to remain anonymous What items are being included in your program roadmap for future additions? Thanks More

  • Profile Picture

    RE: PCI AoC vs Penetration test report

    This message was posted by a user wishing to remain anonymous The use of an AOC may be a good indicator of network security. However, the network most organisations, in an effort to reduce PCI audit costs, segment their cardholder data environment(s) ... More

  • I'd say no to using the AOC in place of a pen test. You may have multiple pen tests needing to be reviewed annually, e.g. corporate network pen test (all internet-facing IP addresses), Product-specific pen tests (each website / application has different ... More

  • Risk management should always align with your organization's risk appetite and tolerance. As a vendor risk manager, I would consistently request a penetration test report or an executive summary report as part of due diligence. This helps validate whether ... More

  • Participation from the TPRM team is important to understanding the breach's scope, the systems affected, and coordinating response efforts with the Incident Response (IR) team. TPRM needs to identify the cause of the breach and evaluate the third party's ... More

Polls