How to audit external service providers

What to audit is at least half of how to do it.

audit
Thinkstock

News of or firsthand experience with breaches that attackers managed to achieve using external service providers such as POS vendors reminds enterprises that the federated enterprise makes a bulletproof perimeter no longer possible.

Failure to audit your providers is like neglecting to audit your internal enterprise, culminating in similar ramifications. In both cases, you can’t close holes you don’t know exist. But knowing what to audit can be the lion’s share of how to get it done right.

In this fourth installment of a five part series designed to harden and remove vulnerabilities in incident response itself, CSO tips you off on what to audit inside those who conduct trade so closely with you and what resources to use.

To continue reading this article register now

Survey says! Share your insights in our 19th annual State of the CIO study