Responding To A Vendor Security Questionnaire

5 Steps To Responding To A Vendor Security Questionnaire

How to pass a #vendor#assessment test? During my time at #warnerbros, I reviewed the security controls of many businesses that wanted to do business with Warner.

We’d have an elaborate security questionnaire that we’d send out to vendors to fill up and submit. Having reviewed countless of these questionnaires, I developed a process to help me quickly identify the gaps:

#authentication – How do you provide access to your users? Do you have #MFA and/or #SSO enabled?

#datasecurity – Are you using a strong #encryption algorithm to encrypt data at rest and in transit? Are you rotating your keys at least on an annual basis?

#penetrationtesting – When was the last time you ran Penetration Testing on your application? Please note that a manual pen-test is not the same as an automated #vulnerability scan.

#incidentresponse – Are you collecting all your logs in a centralized secure location and more importantly do you have a team to review the alerts generated by suspicious activities.

#patching – The simplest but often the most ignored one. Needs no explanation, hackers love it when you have unpatched vulnerabilities from the 2010s.

Are you sacrificing becoming a preferred provider for larger firms because you can’t pass their #cybersecurity audit? Careful Security is here to help!