Learning from others
by Brian Honan - CEO BH Consulting - Wednesday, 23 April 2014.
7. A number of those breached organizations are also suppliers to other companies. We should consider these breaches as reminders to ensure that our suppliers and the products they provide to us are properly secured. When dealing with vendors, perform a security check on them. To get assurance from your suppliers regarding the security of their systems, products and services, include the following items in your procurement checklist:
  • Who in the vendor organization is responsible for information security?
  • What security qualifications does the vendorís staff have?
  • What steps do they take to ensure their products do not include vulnerabilities in them, specifically the OWASP top 10?
  • What security standard, such as ISO 27001:2005, is the vendor certified against?
  • You could look into including the entire or parts of the OWASP Secure Software Contract Annex and this earlier Selecting a Secure Development Partner blog post of mine.
Watching someone else suffer is never easy, but if that suffering can help others then we should take advantage of the opportunity and take the necessary steps to ensure that we will not be the next ones to suffer.



Brian Honan is an independent security consultant based in Dublin, Ireland, and is the founder and head of IRISSCERT, Ireland's first CERT. He is a Special Advisor to the Europol Cybercrime Centre, an adjunct lecturer on Information Security in University College Dublin, and he sits on the Technical Advisory Board for several information security companies. He has addressed a number of major conferences, wrote ISO 27001 in a Windows Environment and co-author of The Cloud Security Rules. He regularly contributes to a number of industry recognized publications and serves as the European Editor for the SANS Institute's weekly SANS NewsBites.

Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //