https://vendefense.com/wp-content/uploads/2019/03/Fire-Vendor.jpg 460 690 Kevin Orth /wp-content/uploads/2018/10/VENDEFENSE-logo-r-white.png Kevin Orth2019-03-11 13:03:162019-03-11 13:03:19How To Know If You Should “Fire” a Vendor
It is usually extremely hard to fire a vendor that the business wants to work with. If you have the authority to pull that trigger, then I would advise using it sparingly. We enlist the business to help us get the assessment results back if needed, and we prefer to push them into remediation rather than firing them. VENDEFENSE makes remediation really easy, so we prefer to just build remediation plans they can work on. That way everyone is winning!
https://vendefense.com/wp-content/uploads/2019/03/VRM-Checklist-2.jpg 425 690 Kristin Edstrom /wp-content/uploads/2018/10/VENDEFENSE-logo-r-white.png Kristin Edstrom2019-03-01 16:12:262019-03-01 16:17:58The Ultimate Checklist For Vendor Risk Management
Within a busy organization, vendor risk management (VRM) can feel like an ideal concept, but can also seem far out of reach. Armed with a vendor risk management checklist and VRM software, like VENDEFENSE, establishing a VRM program is well within grasp and can take less time, energy, and resources than expected. The first step to creating a VRM program is to develop a plan.
https://vendefense.com/wp-content/uploads/2019/02/Security-Policy.jpg 460 690 Chad Spoden /wp-content/uploads/2018/10/VENDEFENSE-logo-r-white.png Chad Spoden2019-02-21 09:31:012019-02-21 09:36:41Vendor Risk Management and NIST
The National Institute of Standards and Technology (NIST) developed the Cybersecurity Framework (CSF) because of Presidential Executive Order 13636, which was signed in 2013. This voluntary guidance is based on existing standards, guidelines, and practices to help organizations better manage and reduce Information Security risk. Another benefit is an increased level of communication around information security with both internal and external organizational stakeholders.
https://vendefense.com/wp-content/uploads/2019/02/6-Places-to-Get-Vendor-List.jpg 460 690 Kristin Edstrom /wp-content/uploads/2018/10/VENDEFENSE-logo-r-white.png Kristin Edstrom2019-02-19 09:47:272019-02-19 16:12:006 Places You Can Get Your Full Vendor List
Part of any vendor risk management program involves putting together a list of vendors. Sometimes this information can be scattered across an organization, and it takes some real wrangling to collect it all. This is why software programs like VENDEFENSE® are convenient- because they help create a centralized list of vendors that are easy to update as necessary.
https://vendefense.com/wp-content/uploads/2019/02/Vendor-List.jpg 690 690 Kevin Orth /wp-content/uploads/2018/10/VENDEFENSE-logo-r-white.png Kevin Orth2019-02-13 12:19:452019-02-13 12:23:46How to Get Your Full Vendor List
First, let’s start with the question, “why do I need to manage all vendors?” We get asked this question all the time. If you have a vendor risk management program at all then you likely aren’t managing all your vendors, just the ones you think are important. That’s a reasonable thought process, but there are some potential issues that arise with it.
https://vendefense.com/wp-content/uploads/2019/02/VRM-Strategy.jpg 457 690 Evan Francen /wp-content/uploads/2018/10/VENDEFENSE-logo-r-white.png Evan Francen2019-02-07 11:51:082019-02-15 15:09:06Vendor Risk Management Strategy
People are not inherently good at defining strategies. This is a problem. The problem is worse when considering information security strategy, and more worse when considering vendor (and third-party) security risk management strategy. These assertions come from observations made over more than 25 years, working with a wide variety of organizations.
https://vendefense.com/wp-content/uploads/2019/01/VRM-Roles-Responsibilities.jpg 506 690 Caitlin Fox /wp-content/uploads/2018/10/VENDEFENSE-logo-r-white.png Caitlin Fox2019-01-29 14:15:212019-02-19 16:09:12Vendor Risk Management Roles and Responsibilities
The experts spend a lot of time describing how organization should be doing Vendor Risk Management (VRM) but they tend to overlook a critical factor – mainly, who should be doing VRM within organizations. The push for information security VRM is relatively new, and as a result, responsible parties are ill-defined with the role of Vendor Risk Manager not formalized in many organizations. The mix of personnel overseeing VRM programs is truly varied, ranging from security analysts, IT directors, compliance departments, CISOs, etc.
https://vendefense.com/wp-content/uploads/2019/01/VRM-Goals.jpg 449 690 Kristin Edstrom /wp-content/uploads/2018/10/VENDEFENSE-logo-r-white.png Kristin Edstrom2019-01-25 13:38:082019-02-19 16:07:50Vendor Risk Management Goals
It’s easy for an organization to get caught up in establishing policies, workflows, and procedures for vendor risk management. Without context as to why these policies are important and stressing this to your team, many will lose sight of the primary goal of vendor risk management – to put the organization in a defensible position.
https://vendefense.com/wp-content/uploads/2019/01/VRM-Reporting.jpg 429 690 Kevin Orth /wp-content/uploads/2018/10/VENDEFENSE-logo-r-white.png Kevin Orth2019-01-24 13:34:042019-02-19 15:57:35Vendor Risk Management Reporting
For most organizations, measuring vendor risk management is extremely difficult, if not, impossible. That’s because they’re either doing nothing to manage vendor security risk or they are using a method that isn’t conducive to measurement.