You’ve Identified Security Risks with a SaaS Vendor: So What? Leverage Your Consulting Skills

Wednesday, May 03 | 8:00AM–9:00AM | Spruce, Second Floor
Session Type: Breakout Session
Delivery Format: Concurrent Session
Conducting SaaS vendor risk assessments in a vacuum provides no value. Help distinguish good risks from bad through some simple consulting techniques and questions. There is no one-size-fits-all security questionnaire, and there is no absolute right answer for business choices—it always depends. Help your business stakeholders recognize the implications of realistic security risks with a vendor, and help your security team understand the current state of “business as usual.” Focus on where and when you can influence changes that improve business by framing thoughtful questions. This is a topic specific/intermediate level session.

Outcomes: Approach the security assessment process as a consulting engagement * Determine realistic threats and opportunities to help stakeholders visualize genuine risks * Help business prepare for responses to realistic risks


  • Sandy Silk

    Director, IT Security Education & Consulting, Harvard University

Resources & Downloads

  • Youve Identified Security Risks_slides

    1 MB, pdf - Updated on 1/24/2024