Last Chance: MacBook Air, Dell XPS 13 or $600 off with SANS Online Training Ends December 7

Chicago 2014

Chicago, IL | Sun, Aug 24 - Fri, Aug 29, 2014
This event is over,
but there are more training opportunities.

Vendor Security ... Really?

  • Mark Williams
  • Monday, August 25th, 8:15pm - 9:15pm

So it's time to play twenty questions with your vendor. What do you ask? How far should you go? How do we know if the answers are good/honest?

Do we expect that they should be exactly as secure as we are? What if they are not? What if they are better than us?

Assessing vendors for information security risk is something many of us are charged with on a regular basis. While we want to make sure vendors secure our information, we do not always have the "big hammer" to swing in terms of insisting on compliance. After all, what if a major vendor of software that you NEED to deal with does not measure up to your company's security posture?

So what? Do you care? Should you care? What can you do to make the situation better?

In this somewhat irreverent look at assessing vendor security, I will try to dispel some myths, instill a sense of hope, and help you develop the healthy skepticism that is necessary to keep you sane. I will also discuss where the decision should rest (in my humble opinion).

Come and join us to find out where that is, or at least where it should be. I hope it will be entertaining, I can promise it will make you think!


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Lunch & Learn: Short presentations given during the lunch break.
Sunday, August 24
Session Speaker Time Type
General Session - Welcome to SANS Johannes Ullrich Sunday, August 24th, 8:15am - 8:45am Special Events
The Security Impact of IPv6 Johannes Ullrich Sunday, August 24th, 7:15pm - 9:15pm SANS@Night
Monday, August 25
Session Speaker Time Type
Next Generation FIrewalls Jeff Eckley, Inside Sales Manager, Infogressive Monday, August 25th, 12:30pm - 1:15pm Lunch and Learn
Continuous Ownage: Why you Need Continuous Monitoring Eric Conrad Monday, August 25th, 7:15pm - 8:15pm SANS@Night
Vendor Security ... Really? Mark Williams Monday, August 25th, 8:15pm - 9:15pm SANS@Night
Tuesday, August 26
Session Speaker Time Type
Software Security Assurance: Keeping Your Security Program on the Rails Bruce Jenkins, Program Manager, HP Tuesday, August 26th, 12:30pm - 1:15pm Lunch and Learn
Automating Linux Memory Capture for Analysis Hal Pomeranz Tuesday, August 26th, 7:15pm - 8:15pm SANS@Night
Wednesday, August 27
Session Speaker Time Type
SANS 8 Mobile Device Security Steps Chris Crowley Wednesday, August 27th, 7:15pm - 8:15pm SANS@Night
Thursday, August 28
Session Speaker Time Type
Infosec Rock Star: How to be a More Effective Security Professional Ted Demopoulos Thursday, August 28th, 7:15pm - 8:15pm SANS@Night