5 Steps To Responding To A Vendor Security Questionnaire
How to pass a #vendor#assessment test? During a previous job, I reviewed the security controls of many businesses that wanted to do business with a famous hollywood studio.
We’d have an elaborate security questionnaire that we’d send out to vendors to fill up and submit. Having reviewed countless of these questionnaires, I developed a process to help me quickly identify the gaps:
#authentication – How do you provide access to your users? Do you have #MFA and/or #SSO enabled?
#datasecurity – Are you using a strong #encryption algorithm to encrypt data at rest and in transit? Are you rotating your keys at least on an annual basis?
#penetrationtesting – When was the last time you ran Penetration Testing on your application? Please note that a manual pen test is not the same as an automated #vulnerability scan.
#incidentresponse – Are you collecting all your logs in a centralized secure location and more importantly do you have a team to review the alerts generated by suspicious activities.
#patching – The simplest but often the most ignored one. Needs no explanation, hackers love it when you have unpatched vulnerabilities from the 2010s.
Are you sacrificing becoming a preferred provider for larger firms because you can’t pass their #cybersecurity audit? Careful Security is here to help!