I just released a report for Dark Reading on how to build a multi-enterprise vulnerability management program. If you are dealing with outsourced vendors, or an outsourced supply chain, you should definitely give the article a read.
To summarize the article:
- Get your legal contracts in order. So many firms don’t put what they need from their partners into a contract. How do you expect to get what you need then?
- Establish Communication channels that work for everyone. If you don’t get the right people on the “phone”, nothing will get done – including your security processes
- Find the person with authority at your partner and ensure they are involved, otherwise your efforts will be useless.
I offer many more details and tips within the article but step #1 is so critical that an entire article should be dedicated to just that!
