Is there a "standard set of risk library" available to assess outsourcing risks w.r.t Information Security?  example:  - Data theft - Unauthorized Access - Loss of encryption keys - Unencrypted backups

Outsourcing & Managed ServicesGovernance, Risk & Compliance
744 viewscircle icon1 Upvotecircle icon2 Comments
Sort by:
Manager, Cybersecurity in Travel and Hospitalitya year ago

It’s SCF (not SCA)

Manager, Cybersecurity in Travel and Hospitalitya year ago

I would refer NIST SCA for Risk Assessments

Content you might like

What action do you take when a user fails a simulated phishing test?

No action taken7%

Extra training required by user 94%

Permissions revoked6%

Disciplinary action taken against user3%

View Results

What's your corporate policy for Passwords Managers?

Enforce Corporate licensed deployed and supported solution44%

Provide Recommendation without enforcement over awareness sessions24%

Allow BYO Password Manager to secure credentials16%

Accelerate Password-less initiatives16%

No Idea how to handle this one

View Results

We're evaluating Microsoft Purview's auto-labeling capabilities for sensitive data discovery and classification across our numerous Azure and O365 tenants. I would like to hear about your experiences, especially regarding these specific points: What are the biggest pros and cons of Purview auto-labeling? Have you seen any limitations with auto-labeling if you haven't deployed the Microsoft Defender product line? If so, what are they? What Microsoft dependencies are there?  Microsoft emphasizes the need for their CASB when using auto-labeling. Why is this necessary, especially if we already have other security products that overlap with the Defender functionalities, like an SSE deployment to include CASB with DLP? We need a centralized approach to data labeling across more than a dozen Azure/O365 tenants. Has anyone successfully achieved this with Purview auto-labeling? Even with RBAC in place, we learned that Purview doesn't mask PII data in logs for DLP events. Does the same apply to auto-labeling? Does it capture PII in the logs? Any insights, best practices, or lessons learned would be greatly appreciated!

I am issuing an RFP for a 3PL Warehouse provider in China. Does anyone have suggestions for questions that are important to ask specifically for China? I have standard RFP questions for 3PLs but "don't know what I don't know" about China considerations specifically.

Has your organization established an identity governance and administration (IGA) program or implemented an IGA platform solution? What do you consider to be key success factors when it comes to identity governance?

Read More Comments