by Andrew Farkas | Jul 2, 2019 | ISMS Consulting
On many engagements, part of my role is helping clients see their initial information security objective in the context of a bigger security picture. For example, a new client just came to us having inadequately addressed a questionnaire/risk assessment from one of... by Kevin Hermosura | Apr 11, 2019 | Third Party Risk Management
Recently I came across this blog post, which raises concerns that Amazon Web Services (AWS), a major player in many government cloud contracts worldwide—including the US Department of Defense—may be outsourcing security services to a company run by Russian mobsters.... by Kevin Hermosura | Apr 5, 2019 | Third Party Risk Management
When it comes to vendor risk management questionnaires, less can definitely be more. In this post, I’ll share three value-add tips on why and how to streamline your vendor review process and reduce the length of your questionnaires while maintaining a high level of... by John Verry | Feb 13, 2019 | InfoSec Strategies
Einstein once said, “The more I learn, the more I realize how much I don’t know.” Unfortunately, I have come to that realization not just once, but about 758 times. As I was reviewing/tuning our company’s Risk Assessment in preparation for our ISO 27001... by Kevin Hermosura | Jan 24, 2019 | Third Party Risk Management
In today’s evolving business landscape, there is huge potential for growth and cost savings by partnering with vendors or outsourcing non-core parts of your business. But outsourcing often requires sharing sensitive data (e.g., payroll or customer data) and/or...
