Josh More - Assessing vendors: a hands-on guide to assessing infosec and IT vendors
Here you can read online Josh More - Assessing vendors: a hands-on guide to assessing infosec and IT vendors full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2013, publisher: Elsevier / Syngress, genre: Business. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
Assessing vendors: a hands-on guide to assessing infosec and IT vendors: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Assessing vendors: a hands-on guide to assessing infosec and IT vendors" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Josh More: author's other books
Who wrote Assessing vendors: a hands-on guide to assessing infosec and IT vendors? Find out the surname, the name of the author of the book and a list of all author's works by series.
Assessing vendors: a hands-on guide to assessing infosec and IT vendors — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Assessing vendors: a hands-on guide to assessing infosec and IT vendors" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
Josh More
Acquiring Editor: Chris Katsaropoulos
Development Editor: Benjamin Rearick
Project Manager: Mohanambal Natarajan
Syngress is an imprint of Elsevier
225 Wyman Street, Waltham, MA 02451, USA
First published 2013
Copyright 2013 Elsevier Inc. All rights reserved
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangement with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
ISBN: 978-0-12-409607-3
For information on all Syngress publications visit our website at www.syngress.com
This book evolved out of a presentation made at DerbyCon, so I would like to first thank the unnamed voting board of DerbyCon 2 for choosing a wacky joke talk about pens.
I would like to thank Kevin Riggins, my technical editor on this book. As this process applies very differently to small business and large enterprises, his input was extremely valuable.
I would also like to thank Anthony J. Stieber for contributing the page on assessing Cryptography. This topic alone could make its own book, so I greatly appreciate the work it took to condense it to a single page.
I would like to thank the SANS Community for being willing to review a beta version of this book, so I could address glaring holes and clarify areas of uncertainty. Specifically, I would like to thank Stephen Snyder, Wes Earnest, Fred Kerby, and Perry Straw. Though not (yet) a member of the community, I would also like to thank Mike Eck who provided similar insight.
Finally, all graphics in this book were made with the open source tools LibreOffice, Inkscape, and The Gimp. A big thank you goes out to the multitude of programmers who volunteered years of development to make these tools what they are and to release them for free for everyone.
It always irritates me when a book starts with a justification of its own existence, so it somewhat surprises me to be starting this book in this manner. However, we face many issues today that must be addressed. Vendor selection processes fail when an organization keeps a wrong vendor too long and fails to adapt to changing circumstances. These processes fail when a needed vendor is not selected because the selection process becomes bogged down in trivialities. They fail when mature organizations select immature vendors who are simply unable to provide what they promise.
Vendor management is something of a black art in the IT industry. Those who are most successful either dont follow a process or keep their processes secret. Some people seem to intrinsically know which vendors are worth working with and which ones are not. They know how to choose technologies without getting bogged down in analysis and without escaping to a level of superficiality that would come back to bite them, two very common sources of vendor management failure.
As people observed how some organizations were highly successful in managing their vendors, bringing their projects to completion within their budget, and others were failing to implement technology profitably (or at all), vendor management requirements began to be included in various standards and regulations. The assumption seems to be that if regulations and standards such as HIPAA or PCI require that people pay attention to vendors, these failures will just work themselves out. Sadly, that does not seem to be the case.
Thats why this book exists.
After first trying to find a workable vendor assessment process and then slowly building one of my own, it is time for me to let others in to the secret. I have, like many others in this industry, been forced to implement technologies based on other peoples mid-guided decisions. Ive made my own poor decisions and gotten myself and others stuck in the process. Ive tried to make better decisions by putting increasing analytics around the process only to find the analysis process itself cause us to miss the project timeline. Finally, after over a decade, Ive pieced together an approach that balances the need to find a good enough technology (product or service) without expending too many resources (time or money) getting there. I hope that my process will be of use to you.
All robust information assurance processes and regulations aside, successful vendor management involves a wide range of skills, from technical assessment to business communication to negotiation and covers many issues outside the scope of this book. Instead of trying to cover the world, this book focuses largely on the initial assessment process, with a goal to select a vendor to solve a specific problem that the organization is experiencing, improving an existing process or adding new capabilities. This book will touch on most of the skills needed to create a vendor management program, but will not delve very deeply into the continued operation aspects of such a program.
So why is vendor assessment needed?
Vendors engage in sales processes a whole lot more often than individuals do so they have a lot more practice at it. This results in a situation that is heavily tilted against buyers. Marketers are experts in manipulating how products are positioned and, because no product is perfect, there are many pressures against letting buyers run truly independent tests. Simultaneously, buyers must do more with less, so products positioned as time savers are more likely to be purchased.
Font size:
Interval:
Bookmark:
Similar books «Assessing vendors: a hands-on guide to assessing infosec and IT vendors»
Look at similar books to Assessing vendors: a hands-on guide to assessing infosec and IT vendors. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Assessing vendors: a hands-on guide to assessing infosec and IT vendors and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.