Vendor Assessment

how do we know which third-party vendors to do business with?

uhhh just do a bunch of stuff on them. lowkey experiment on them.

Penetration Testing
Right to Audit Clause
Proof of Internal Audits
Independent Assessments
Supply Chain Analysis

Audits and Assessments

If organizations don't comply with government requirements for internal assessments for things like PCI DSS and others, you probably shouldn't do business with them.

Internal Compliance Assessments
Audit Committees
Self-Assessments

Sophisticated Attacks

Proliferation of Attack Software

Attack Scale and Velocity

Threat Actors

General Attack Strategies

General Defense Strategies

Attack Surfaces

Social Engineering

Malware

Overview of Cryptography

Asymmetric Encryption

Stream Ciphers

Block Ciphers

Blockchain

Cryptographic Attacks

GNU Privacy Guard

Smart Card Authentication

Linux Group Commands

Network Federation

NAC Agents

NAC Process

Implementing Switch Security

Physical Security

Reconnaissance

Vulnerability Types

Vulnerability Scanning

Security Information Events Manager

Data Loss Prevention

Wireless Access Methods

Web App Attacks

Waterfall Development Life Cycle

Agile Software Development Model

Software Sandboxing

Static Code Analysis

Secure Coding Techniques

Code Signing

Secure Cookies

Securing Embedded Systems

Email Security

Governance and Accountability

Data Governance Roles

Third Party Vendors

Rules of Engagement

Vendor Assessment

Vendor Assessment

how do we know which third-party vendors to do business with?

Audits and Assessments