ABSTRACT
In enterprises, security questionnaires aimed at vetting vendors rapidly devolve into an exercise in shifting legal liability and minimizing liability exposure. Often, smaller service providers find themselves in a position of agreeing to things they do not necessarily understand, and definitely cannot represent, simply out of desperation. The classic business cycle plays its traditional role here. One of the greatest allies that a CISO can have in their (for-profit) organization is the head of sales. Creating 'packets of collateral' that include current audit letters, marketing one-pagers discussing security, and similar items can help a sales person immensely in navigating the initial round of questions from customers, and enabling them to build the trust that is so essential to closing the deal. Developing a program to answer RFPs from customers can be essential to closing big deals. Customer loyalty is hard to come by, and security represents an area where a positive perception can create a competitive advantage.
