Sandy Silk
Director, IT Security Education & Consulting,
Harvard University
You’ve Identified Security Risks with a SaaS Vendor: So What? Leverage Your Consulting Skills
Wednesday, May 03, 2017 | 8:00AM–9:00AM | Spruce, Second Floor
Session Type:
Breakout Session
Delivery Format:
Concurrent Session
Conducting SaaS vendor risk assessments in a vacuum provides no value. Help distinguish good risks from bad through some simple consulting techniques and questions. There is no one-size-fits-all security questionnaire, and there is no absolute right answer for business choices—it always depends. Help your business stakeholders recognize the implications of realistic security risks with a vendor, and help your security team understand the current state of “business as usual.” Focus on where and when you can influence changes that improve business by framing thoughtful questions. This is a topic specific/intermediate level session.
Outcomes: Approach the security assessment process as a consulting engagement * Determine realistic threats and opportunities to help stakeholders visualize genuine risks * Help business prepare for responses to realistic risks
Outcomes: Approach the security assessment process as a consulting engagement * Determine realistic threats and opportunities to help stakeholders visualize genuine risks * Help business prepare for responses to realistic risks