Abstract
Every organization is dependent on other organizations outside of itself. It’s unlikely that your organization writes all of its own software, builds its own hardware, owns the buildings it occupies, and is an internet service provider. Your security is dependent on many of these things but if they are produced outside of your organization, your control is limited. Previous chapters touched on risk and controls for third parties, but what happens when those third parties are critical to your scoped environment and audit? You need to manage the security where the third party touches your scoped environments. Before you manage, you need to measure. To measure the security of an outside organization, you need to use everything you’ve learned about being audited and apply it to someone else. Even if you pay someone else to audit the third party, you still need to define the scope, requirements, and testing, and interpret the results.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Raymond Pompon
About this chapter
Cite this chapter
Pompon, R. (2016). Third-Party Security. In: IT Security Risk Control Management. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-2140-2_23
Download citation
DOI: https://doi.org/10.1007/978-1-4842-2140-2_23
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-2139-6
Online ISBN: 978-1-4842-2140-2
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books