Vendor risk evaluation is an expensive afterthought. 73% of organizations have no direct communication channel between the security program and management responsible for contracts and procurement. Security, whether intentional or not, is effectively an afterthought. This results in a huge business process gap — and a fundamental mistake — that is very common.
When you plan to keep information secure, you naturally begin to consider limiting access to the information. In fact, you can keep information secure if you just eliminate all access! However, the information system itself would be considered non-functional in this case. Instead, you need to allow the proper people the appropriate level of access […]