Hiring an information security vendor? Use these best practices.

Companies should take great care when hiring a party that will be granted access to its most sensitive systems and data

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

The exponential rise in security incidents has caused many businesses to look hard at getting their own houses in order before they become the next headline. As part of those efforts, businesses are turning to security consultants to perform audits, penetration testing and other assessments of their systems. These are admirable activities, worthy of consideration by any prudent organization. But these engagements should be entered into with all the care that a business would use in any other transaction in which a third party is granted access to the company’s most sensitive systems and data. Unfortunately, this is seldom the case.

All too often, in their rush to move forward with these assessments, businesses fail to adequately address the most fundamental of contract terms. Cost overruns are common. In some instances, security consultants create more risk than they resolve.

In hiring a potential security consultant, businesses should consider the following best practices:

To continue reading this article register now

Shop Tech Products at Amazon