Question

In: Computer Science

Working with Vendors Why is due diligence necessary when dealing with external vendors? What is one...

Working with Vendors

  • Why is due diligence necessary when dealing with external vendors?
  • What is one suggestion you have regarding securing data as it is in-transit to and from these vendors?
  • What are two security protocols that should be part of the vendor's data operations? For example, if the data includes PII/SPII information, is adherence to external regulations and guidelines the responsibility of the vendor or your organization?

Respond to the following in a minimum of 175 words:

Solutions

Expert Solution

Question: Why is due diligence necessary when dealing with external vendors?

Answer:A third party vendor is an entity that provides services and goods. While working with external vendors, due diligence is required to ensure :

  • To keep a check on the financial stability and instability of the vendors and ensure that it is ethical an strong to meet long term requirements.
  • Due diligence reviews helps banks to keep a check and compile various responses.
  • To ensure the security of non public information by means of various security resources.
  • To cope up with the regulatory expectations as the regulatory body expects detailed guidance and best practices to be used for the smooth functioning of the frameworks under the third party risk management
  • to ensure good business senses as it is a good practise to keep a check on every aspect and prevent any unwanted risk.

Question:What is one suggestion you have regarding securing data as it is in-transit to and from these vendors?

Answer:The data while is it transit by means of vendor resources are vulnerable to attack that can leave enterprises broken. Therefore data protections that are robust across ends and networks to prevent data during its in transit and also at the final stage.So the best method to prevent data during vendor transit is data encryption.

The other methods of data in transit are:

  • security and compliance monitoring
  • establishment of granular audits while transfer.

Question:  What are two security protocols that should be part of the vendor's data operations? For example, if the data includes PII/SPII information, is adherence to external regulations and guidelines the responsibility of the vendor or your organization

Answer:IPSec – Internet protocol security

• Encapsulates at Layer 3

• Mutual node authentication

• Can authenticate users, but requires L2TP

• Crypto implementation agnostic

• Client-to-client, or node-to-node (bulk)

• Mandatory for IPv6 implementation

• Does not work with NAT, unless NAT-Transversal (NAT-T) is used

GRE – Generic Route Encapsulation

• Encapsulates layer 3 packets in IP tunnel

• Used to secure VPNs

• Creates a virtual point-to-point link with destination

• Supports multicast protocols – IPSec doesn’t!


Related Solutions

what is the average payment period for an organization when dealing with vendors? Does this length...
what is the average payment period for an organization when dealing with vendors? Does this length of time represent any unique challenges for the organization?
In your opinion, why is it important to exercise due diligence and sound professional judgment when...
In your opinion, why is it important to exercise due diligence and sound professional judgment when accepting new audit clientele? Do you feel it is appropriate to contact predecessor auditors to gather information about a potential new client? Why or why not?
Why would a developer do a phase one environmental study in the due diligence phase before...
Why would a developer do a phase one environmental study in the due diligence phase before closing on a property? From the checklist for buying land, why is it important to do a title search? What is meant by the term "developer's equity" and why is it important to construction lenders? When considering a development construction loan, would you be better off contacting a commercial bank or a life insurance company and why?
What does Circular 230 mean by "due diligence"? Does due diligence mean auditing all of a clients records?
What does Circular 230 mean by "due diligence"?  Does due diligence mean auditing all of a clients records? Does the level of review depend on the circumstances?
What are the values or benefits of engaging in Marketing Due Diligence?
What are the values or benefits of engaging in Marketing Due Diligence?
1. What are the purpose of the buyer and the seller performing due diligence? What other...
1. What are the purpose of the buyer and the seller performing due diligence? What other parties might want to perform due diligence on the target firm? 2. Describe the financing plan.  In what sense is it a “reality check?” 3. Of the various activities conducted during post-closing integration, which do you believe is the most important and why? 4. Identify the main challenges of developing a new organization for the combined businesses.  How would you attempt to resolve these challenges? Be...
Real Estate Questions a. What is the report done for environmental due diligence, and what are...
Real Estate Questions a. What is the report done for environmental due diligence, and what are the four components of the report? b. What does REC stand for? Identify one. c. What is the difference between a brownfield and a greenfield site? d. If there is environmental contamination identified at a site, who is liable for clean-up? e. Buyers, lenders, and sellers all have environmental concerns when transacting real estate. Name one for each. f. What items do title insurance...
What does Circular 230 mean by "due diligence"? Does due diligence mean auditing all of a clients records? Does the level of review depend on the circumstances?
What does Circular 230 mean by "due diligence"?  Does due diligence mean auditing all of a clients records? Does the level of review depend on the circumstances?Please answer this question according to the Treasury Department Circular No. 230.
With all the attention paid to target screening, selection, negotiating, and due diligence, why are irrational...
With all the attention paid to target screening, selection, negotiating, and due diligence, why are irrational acquisitions/mergers made?
You know the process of due diligence both in IPO and VC funding. What are the...
You know the process of due diligence both in IPO and VC funding. What are the critical differences between these two?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT