IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [vendor-selection]

19 questions
82
votes
6 answers

What security features are important when buying a smartphone?

I'm looking at replacing my very old android smartphone. Information security is increasingly a feature that I'm looking for. As well as being slow, I don't think I can upgrade my current handset to the latest android versions or even the latest…
James Bradbury
  • 2,017
  • 19
  • 27
47
votes
2 answers

Criteria for Selecting an HSM

A very sensitive application has to protect several different forms of data, such as passwords, credit cards, and secret documents - and encryption keys, of course. As an alternative to developing a custom solution around (standard) encryption and…
AviD
  • 72,138
  • 22
  • 136
  • 218
18
votes
4 answers

Criteria for Evaluating Static Analysis Tools

As with any tools purchase part of the outcome is in how good the evaluation criteria are, so it is important to understand the criteria people might use when assessing Security static analysis tools. Obviously the weighting on each criterion would…
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
8
votes
4 answers

Evaluating security controls of smaller vendors

In the IT Security team where I work, we currently use the Standarized Information Gathering or SIG tool to evaluate IT security posture of prospective 3rd party vendors. What I like about the SIG is the questions are standarized and depending on…
Anthony
  • 1,736
  • 1
  • 12
  • 22
6
votes
2 answers

Outsourcing security evaluation

Does anyone have any experience with outsourcing security code review via freelance sites (like Rent-a-coder, Elance, Guru, Getafreelancer, etc.)? Is this effective? What are the best practices? Are there any pitfalls? Does anyone have any…
D.W.
  • 98,420
  • 30
  • 267
  • 572
5
votes
3 answers

What advantages and disadvantages do Palo Alto firewalls have, compared to others in the market

I am about to start an evaluation process for firewalls. I have experience with Checkpoint and Juniper, but I don't have any information on Palo Alto networks, other than their marketing stuff. So I would like to hear from IT analysts/network…
VP.
  • 1,043
  • 1
  • 11
  • 12
5
votes
5 answers

Outsourcing software development and its effect on security

Some companies build their own software. Others outsource software development by hiring contractors or other companies to build software they need. When we need to build new custom software, is there any evidence whether the choice to develop…
D.W.
  • 98,420
  • 30
  • 267
  • 572
5
votes
4 answers

Is it better to choose a single vendor or multiple vendors

A discussion came up at work recently and a debate ensued regarding choosing a vendor. Several people were of the opinion that it is smarter and easier to choose a single security vendor for all our needs (lets say for example McAfee as they offer a…
NULLZ
  • 11,426
  • 17
  • 77
  • 111
5
votes
3 answers

What security factors should I take into consideration when selecting a bank?

I've gotten fed up with my bank and have made the decision to move all of my banking elsewhere. This is a rare occurrence for me and, I suspect, for other people as well. It represents an opportunity to optimize and carefully select the best bank…
John Doucette
  • 171
  • 4
4
votes
3 answers

Evaluating Cloud Provider Security

I am trying to make a judgement call on a cloud provider's security. This is what I know : Provider A - PRGMR.COM (not very well known but competent and reliable) Is very transparent - seeks feedback, honest about downtime, etc (a great plus in my…
Hilton D
  • 109
  • 7
4
votes
1 answer

What security features and qualifications should we look for in an online backup provider?

What security features and qualifications should we look for in an online backup provider for an Internet-exposed web server storing sensitive data? In the backups themselves - encryption type, transport method, data center qualifications? In the…
Nick
  • 141
  • 2
1
vote
0 answers

what security features a good Email Service Provider (for marketing) should have?

To choose the right Email Service Provider (ESP) for e-mail marketing processes, what are security requirements and checklists that we should pay attention to and ask for from vendors? In other words, what are security risks in an ESP…
Goli E
  • 895
  • 1
  • 11
  • 20
1
vote
1 answer

What manufacturers create OATH HOTP cards now that InCard Technologies is no longer in business?

I purchased the following OAUTH HOTP card from Verisign. I'm intrigued by the security possibilities that this form factor provides and what customizations to the circuit logic are possible. On the reverse of the card is a copyright of 2007, and a…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
1
vote
1 answer

What are the (two?) definitions of SOC?

On one hand "Security Operations Centre", but SOC is seemingly used in the reporting and certification domain, where does this come from? Is there another (or more) definitions of SOC in Information Security Compliance Certification, or do these…
PlasticCasio
  • 93
  • 7
1
vote
1 answer

What questions should I ask a prospective vendor that handles billing and fulfillment?

My company is currently looking to integrate a third-party vendor into our billing and fulfillment process. The vendor will be assuming responsibility for processing orders in our merchant account and handling sensitive customer information…
Moses
  • 2,137
  • 2
  • 20
  • 23
1
2