Contracts and pen tests key to outsourcing deals

By

Contractual jargon also important.

Proper planning and preparation reduces risk in third party outsourcing according to experts speaking at RSA 2013.

Contracts and pen tests key to outsourcing deals

Among the risk is that attackers do not focus efforts on any given industry.

"It doesn't matter what industry or sector you're in, it's going to hit you," Evantix chief information risk officer James Christiansen said. "It's really about being prepared."

RSA 2013

RSA 2013 coverage

Organisations not only have to deal with the theft sensitive data, but also the repercussions of an incident that could yield a tarnished a reputation and a hefty price tag, said David Chavez, partner-in-charge at San Francisco-based law firm AlvaradoSmith.

"The best contract in the world is not going to prepare you for the cost," Chavez said. "You need to make that internal assessment and know what kind of vendors you're bringing in."

Ensuring that providers are credit worthy and have the appropriate capabilities to secure data is essential, Chavez said.

According to Verizon's 2012 "Data Breach Investigations Report," 46 percent of the incidents studied were due to third-party provider breaches. David Sockol, CEO at consulting firm Emagined Security, said many of those breaches are due to organisations not putting enough time into the due diligence to ensure that a provider is qualified to safeguard data.

In addition to using the proper legal jargon in contractual agreements, Sockol added that asking the right questions in advance and performing penetration testing are other ways to properly assess third-parties.

"Try not to trust everyone out there," he said. "At the end of the day, we can't avoid using third parties, so we need to understand what we're walking into."

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?