« Customer notification starts in TJX hack
Backgrounder: The Evolution of Cyber Warfare »

Do Your Vendors Have Information Security That’s Aaa Good?

A new Moody’s service aims to create the security world’s equivalent of Aaa to C ratings, replacing the need for companies to do vendor assessments. But it will only work if enough companies sign up.

By Sarah D. Scalet

As a consultant for @stake and then for Symantec, Ed Leppert spent a lot of time doing third-party security assessments for his financial-services clients–slogging through questionnaires and SAS 70 reports, trying to determine how effectively a given service provider was handling its own security. While the research was important, sometimes it seemed inefficient. “We said, it doesn’t make sense to do these things individually.” Leppert says. “All the companies want [to know] basically the same things.”

Source: CSO Online

This entry was posted on Saturday, March 1st, 2008 at 3:41 am and is filed under Information Security.

No comments yet. Be the first.

Leave a reply

You must be logged in to post a comment.

  • RSS Windows Security

  • RSS Wired Security

  • RSS The Register - Security

  • RSS Security Focus

  • RSS CSO

  • RSS Sans

  • Archives

  • Bloglisting.net - The internets fastest growing blog directory
  • My Zimbio

  • RSS Linux Security

  • Event Calendar

    « Dec iCalendar Feb »
    January 2009
    M T W T F S S
     1234
    567891011
    12131415161718
    19202122232425
    262728293031 

  • VincentArnold.com

  • Categories

    Annoucement Attack Vector Book Education Forensics Gadgets Gaming General Government InfoSec Information Security Information Systems Information Technology Intellectual Property iPhone 3G Just because it's cool Law Methodologies Metrics Military Mobile Tech Movies News Penetration Testing Politics Privacy Scams Sci-Fi Security Breach Society Sports Technology Tools Travel Uncategorized World News