Are you attempting to do security or compliance, either from a vendor management or vendor’s point of view? These tasks don’t have to be an either/or proposition.
For the vendor-managers: It’s possible to reduce the effort of your security surveys while separating the good, struggling and ugly (without having to be the Man with No Name…) For the vendors, especially at smaller shops: It’s possible to do ‘good enough’ security and compliance within a budget and document it, too.
Examples of how to do it and how not to do it will be given.
Alex Muentz is an information security professional and attorney. You’ve likely caught his talks at other infosec conferences. When he’s not explaining law to tech people or technology to his clients, he tries to spend more time with his wife and cats.