Vendor Security ... Really?
- Mark Williams
- Monday, August 25th, 8:15pm - 9:15pm
So it's time to play twenty questions with your vendor. What do you ask? How far should you go? How do we know if the answers are good/honest?
Do we expect that they should be exactly as secure as we are? What if they are not? What if they are better than us?
Assessing vendors for information security risk is something many of us are charged with on a regular basis. While we want to make sure vendors secure our information, we do not always have the "big hammer" to swing in terms of insisting on compliance. After all, what if a major vendor of software that you NEED to deal with does not measure up to your company's security posture?
So what? Do you care? Should you care? What can you do to make the situation better?
In this somewhat irreverent look at assessing vendor security, I will try to dispel some myths, instill a sense of hope, and help you develop the healthy skepticism that is necessary to keep you sane. I will also discuss where the decision should rest (in my humble opinion).
Come and join us to find out where that is, or at least where it should be. I hope it will be entertaining, I can promise it will make you think!
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Lunch & Learn: Short presentations given during the lunch break.
|General Session - Welcome to SANS||Johannes Ullrich||Sunday, August 24th, 8:15am - 8:45am||Special Events|
|The Security Impact of IPv6||Johannes Ullrich||Sunday, August 24th, 7:15pm - 9:15pm||SANS@Night|
|Next Generation FIrewalls||Jeff Eckley, Inside Sales Manager, Infogressive||Monday, August 25th, 12:30pm - 1:15pm||Lunch and Learn|
|Continuous Ownage: Why you Need Continuous Monitoring||Eric Conrad||Monday, August 25th, 7:15pm - 8:15pm||SANS@Night|
|Vendor Security ... Really?||Mark Williams||Monday, August 25th, 8:15pm - 9:15pm||SANS@Night|
|Software Security Assurance: Keeping Your Security Program on the Rails||Bruce Jenkins, Program Manager, HP||Tuesday, August 26th, 12:30pm - 1:15pm||Lunch and Learn|
|Automating Linux Memory Capture for Analysis||Hal Pomeranz||Tuesday, August 26th, 7:15pm - 8:15pm||SANS@Night|
|SANS 8 Mobile Device Security Steps||Chris Crowley||Wednesday, August 27th, 7:15pm - 8:15pm||SANS@Night|
|Infosec Rock Star: How to be a More Effective Security Professional||Ted Demopoulos||Thursday, August 28th, 7:15pm - 8:15pm||SANS@Night|