Before this pandemic, many employees seldom worked outside of the office environment. Therefore, the main focus of InfoSec and Cyber Security was on the organization’s on-site communication infrastructure. The majority of company policies on this subject were centered around internal conduct and practices. That begs the question of whether or not companies were prepared for this unforeseen transition. Chances are that many businesses were caught off-guard by this recent development, and that is why the Information Technology Laboratory released a special bulletin for March 2020 that addresses Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions.
Throughout its history, the Department of Defense (DOD) has relied on contractors, these are individuals or non-federal companies that supply services, supplies, or construction. Almost all of these relationships involve the sharing of sensitive information which could present some sort of risk.
You've probably heard how important vendor management is to the success of your information security program. But it's important that you learn how to start a vendor management program and perform assessments for it so that each assessment supports your business.