For enterprises and their service providers alike, due-diligence efforts have become expensive and un-enlightening. It's time to call this process broken and find a solution. We'll review real-world contract failures and assessments gone bad, discuss how this security make-work is dangerously distracting from information protection goals, and look at ways to improve these partnerships to more efficiently manage risk.
John Nye is an information security professional with BitSight Technologies. During his 15-year career in information security, Nye has conducted hundreds of third party assessments and serves as an information security executive for a technology service provider - protecting information and managing corporate risk from both sides of the due-diligence table.