Vendor Risk Management Hype Extends Beyond Target®
The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management (TPRM). After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant (more…)
An Open Letter to Antivirus Vendors: It is Time for Antivirus Software to Flag Memory Dumping
Dear Antivirus Vendors,
On more and more incident response investigations, my clients (victims) have been asking the question “Why didn’t our Antivirus software detect the malware when we always keep it up to date?” I respond by telling them that they had targeted malware on their system. Their follow up question usually is whether antivirus software is relevant in this era (more…)
3rd Party Providers
3rd Party Providers. Remember when the big car companies in Detroit went through their quality measures and certifications, then began requiring all their 1st tier vendors to undergo the same quality certifications? This later trickled down to the multiple tiers of vendors that supported the 1st tier vendors. It was (is) called QS 9000. (more…)
March 1 – Your Vendor Contracts Were Supposed to be Updated
The Massachusetts law 201 CMR 17.00 that forces US organizations to protect the PII of Massachusetts residents went into its final enforcement phase on March 1, 2012. By that date, no exceptions, businesses that send Massachusetts-based PII to vendors (service providers) needed to require in providers’ contracts that they will also abide by the law. (more…)
