/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: As enterprises increasingly rely on cloud service providers and other vendors to provide fundamental services, the related risk becomes more significant.
Global IT association ISACA has released a guide applyingthe internationally accepted COBIT 5 governance framework to help enterprises effectively manage vendors.
The importance of managing vendors and mitigating the related risks became evident at the recent massive security breach that took place at Target, the third-largest U.S. retailer.
Hackers stole about millions of credit and debit card records, as well as personal information, including postal and e-mail addresses and phone numbers, belonging to about 70 million customers of Target.
The hackers managed to break into the payments network of the Target by initially breaching a data connection between the retailer and its HVAC (heating, ventilation, and air conditioning) vendor, Fazio Mechanical Services, which the latter used for billing Target and exchanging contract and project management information with the retailer.
Vendor Management: Using COBIT 5 provides practical action items for all stakeholders involved in the vendor-management process, from the board and C-level executives to the legal department and IT. It outlines:
* Life cycle stages and stakeholders
* Good practices to manage threats and risk
* How to manage a cloud service provider
* Practical service level agreement (SLA) templates, checklists and examples (available for download in an online toolkit)
* A case study outlining the consequences of ineffective vendor management
* A high-level mapping of COBIT 5 and ITIL V3 for vendor management