Recently, tech companies including Uber, Dropbox, Twitter, and Docker have joined farce to create the Vendor Security Alliance (VSA) for improving internet security. With the VSA, security experts and compliance experienced officers will team up to release a yearly questionnaire to benchmark its members’ risks. The questionnaire will measure risks based on policies, procedures, privacy, vulnerability management and data security. By sharing the expertise and practices across businesses, VSA will create standards and scoring processes to assess the security level of its members, and ensure appropriate controls are in place to improve security. The first questionnaire will be available on Oct. 1 free of charge.
I think this article is interesting that some tech leaders decided to team up to standardize the cybersecurity practices. I think it is a good thing that the VSA takes advantages of collective expertise across different industries to improve the security practices. With the standards, companies belonging in the VSA are able to evaluate and measure their own risk levels and determine their vulnerabilities and strengths without additional audits.
Article: http://www.darkreading.com/vulnerabilities—threats/vulnerability-management/uber-dropbox-other-tech-leaders-team-up-to-boost-vendor-security-/d/d-id/1326926
This is something that many companies are encouraging so as to have shared assessments they can reference instead have having their auditors or security staff asses third parties. If the third party can demonstrate a solid program that is independently assessed they can save a lot of time and money by not having all the companies they do business with individually coming in to perform annual assessments.
Wade
One weeks ago, I saw that Yelp was providing a big bounty for people who could find vulnerability in their system. I am glad to see these companies can form an alliance to encourage people who have computer skills. Also, this is a sign of that companies started to value and pay more attentions on cyber security.
Mengqi,
Great article. Having a standard questionnaire that companies can use shows that companies are getting serious about their vendor security. If you think about vendors and the data they handle for companies ultimately the organization is as safe as the vendor. If a vendor is unable to handle data safely they are unable to protect customer data. Having this Vendor Security Alliance (VSA) allows organizations to protect both their data and their customer’s data.
Mengqi – It is a good sign to see several big players from the IT industry are joining forces for a common cause. I perceive this as one of the best strategies to overcome cyber threats. IT Security is such a difficult hurdle that joining forces alone is insufficient; however, constitutes of a good first pawn against hacking. You mentioned that VSA members can assess their own risk levels and determine vulnerabilities and strengths without additional audits. Are you referring to internal audits or external audits required by law?