How do vendor security reviews influence technology purchases?

Cloud End-User Services & Collaboration Applications & Platforms +23 more

None, we don't perform vendor security reviews8%

Very little, our vendor reviews are mostly a box-checking exercises38%

Sometimes vendor security reviews delay purchases but they don't change outcomes28%

Vendor security reviews break ties between equal vendors13%

Vendor reviews make security a key buying criteria13%

263 PARTICIPANTS

1.5k views1 Comment

Director - Architecture and Digital Transformation in Software, 10,001+ employees

We have an App Sec and Architecture review as an integral part of Vendor evaluation. This allows us to categorize vendor based on security score and also keep technical debt very low

Content you might like

When building cloud instance images (e.g., AWS EC2 AMIs) and baking sensors in, what is your preferred method?

Cloud Compute Data Center

IaC User Data10%

Configuration Framework (Puppet/Chef)44%

Custom Post Provision (AWS SSM)25%

EC2 Image Builder/Packer16%

Other (comment below)3%

535 PARTICIPANTS

1.9k views

Does anyone have any guidance, tips, and/or templates to share to help establish Identity Access Management governance as a part of an overarching Identity Governance and Administration program?

Process Management Identity & Access Management (IAM)

Director of IT in Healthcare and Biotech, 10,001+ employees

Here's a template that you can use:

1. Executive Summary
Background: Explain the objectives and risks and reasons the IAM is needed.
Specify the IAM governance scope (e.g., user access to systems, privileged ...read more

2k views2 Upvotes1 Comment

How soon do your new employees get security awareness training?

Awareness & Training Risk Management Security Strategy & Roadmap

First day on the job10%

Sometime during their first week52%

Sometime during their first month26%

2-3 months after their hiring date6%

It depends on their role/level3%

Other (explain in the comments section)1%

297 PARTICIPANTS

1.2k views

How can you design your org’s security policies to more effectively drive awareness?

Security Strategy & Roadmap Awareness & Training Risk Management

Head of Information Security in Services (non-Government), 1,001 - 5,000 employees

Using relevant examples to help underscore the importance of adhering to policies is key because it helps your messaging resonate. The MOVEit breach has impacted hundreds of companies and millions of individuals, so using ...read more

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data.

Security & GRC Regulatory Compliance

Head of Cyber Security in Manufacturing, 501 - 1,000 employees

I would say, DPO and Security team both shall be involved and work hand in hand.

Most of the time the legals and or DPO don't have the technical acumen to understand when data is floating to third party services.

Lets ...read more

550 views1 Comment