One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 4593803 |
| Date de publication | 2021-10-27 15:41:13 (vue: 2022-05-13 21:47:30) |
| Titre | Launching a collaborative minimum security baseline |
| Texte | Posted by Royal Hansen, Vice President, Security According to an Opus and Ponemon Institute study, 59% of companies have experienced a data breach caused by one of their vendors or third parties. Outsourcing operations to third-party vendors has become a popular business strategy as it allows organizations to save money and increase operational efficiency. While these are positives for business operations, they do create significant security risks. These vendors have access to critical systems and customer data and so their security posture becomes equally as important.Up until today, organizations of all sizes have had to design and implement their own security baselines for vendors that align with their risk posture. Unfortunately, this creates an impossible situation for vendors and organizations alike as they try to accommodate thousands of different requirements.To solve this challenge, organizations across the industry teamed up to design Minimum Viable Secure Product or MVSP – a vendor-neutral security baseline that is designed to eliminate overhead, complexity and confusion during the procurement, RFP and vendor security assessment process by establishing minimum acceptable security baselines. With MVSP, the industry can increase clarity during each phase so parties on both sides of the equation can achieve their goals, and reduce the onboarding and sales cycle by weeks or even months.MVSP was developed and is backed by companies across the industry, including Google, Salesforce, Okta, Slack and more. Our goal is to increase the minimum bar for security across the industry while simplifying the vetting process.MVSP is a collaborative baseline focused on developing a set of minimum security requirements for business-to-business software and business process outsourcing suppliers. Designed with simplicity in mind, it contains only those controls that must, at a minimum, be implemented to ensure a reasonable security posture. MVSP is presented in the form of a minimum baseline checklist that can be used to verify the security posture of a solution.How can MVSP help you? Security teams measuring vendor offerings against a set of minimum security baselinesMVSP ensures that vendor selection and RFP include a minimum baseline that is backed by the industry. Communicating minimum requirements up front ensures everyone understands where they stand and that the expectations are clear.Internal teams looking to measure your security against minimum requirementsMVSP provides a set of minimum security baselines that can be used as a checklist to understand gaps in the security of a product or service. This can be used to highlight opportunities for improvement and raise their visibility within the organization, with clearly defined benefits.Procurement teams gathering information about vendor servicesMVSP provides a single set of security-relevant questions that are publicly available and industry-backed. Aligning on a single set of baselines allows clearer understanding from vendors, resulting in a quicker and more accurate response.Legal teams negotiating |
| Notes | |
| Envoyé | Oui |
| Condensat | about acceptable access accommodate accurate achieve acknowledgementsthe across acs adopted against align aligning alike all allows are assessment available backed bar baseline baselines baselinesmvsp become becomes benefits between both breach buckley build business can caused challenge checklist chris clarity clark clear clearer clearly collaboration collaborative communicating community companies complexity compliance confusion contains contract contractual contribute controls controlsmvsp create creates critical customer cycle data defined design designed developed developing different discussions documenting during each efficiency efforts eliminate ensure ensures equally equation establishing even everyone expectations experienced external externally familiarity feedback focused form from front gabor gaps gathering gen goal goals google had hansen has have help helps highlight how implement implemented important impossible improvement include including including: increase increases industry information institute interest internal john kevin kurucz language large launching legal looking make marat measure measuring mind minimum money months more must mvsp negotiating negotiation neutral number offerings oglaza okta onboarding one only operational operations opportunities opus organization organizations other outsourcing overhead own parties party phase ponemon popular positives post posted posture practitioners presented president process processesmvsp procurement product provides publicly questions quicker raise reasonable recognized reduce reducing referencing regarding relevant requirements requirementsmvsp response result resulting rfp riley risk risks royal safer sales salesforce save sebastian secure security security according selection service servicesmvsp set sides significant simplicity simplify simplifying single situation sizes slack software solution solve stage stand strategy study suppliers systems teamed teams these third those thousands today together top try understand understanding understands understood unfortunately until used vendor vendors verify vetting viable vice visibility vyshegorodtsev want weeks welcome where which who within work your |
| Tags | Data Breach |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.