Incident response

How to audit external service providers

What to audit is at least half of how to do it.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

News of or firsthand experience with breaches that attackers managed to achieve using external service providers such as POS vendors reminds enterprises that the federated enterprise makes a bulletproof perimeter no longer possible.

Failure to audit your providers is like neglecting to audit your internal enterprise, culminating in similar ramifications. In both cases, you can’t close holes you don’t know exist. But knowing what to audit can be the lion’s share of how to get it done right.

In this fourth installment of a five part series designed to harden and remove vulnerabilities in incident response itself, CSO tips you off on what to audit inside those who conduct trade so closely with you and what resources to use.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.