ABSTRACT
Businesses must be rigorous in entering into vendor relationships in which sensitive information will be placed at risk. Security requires a unified approach, including but not limited to security policies, employee education, use of security technology, performing security audits, and addressing security in contracts with business partners and other vendors. Information security can be divided into three categories-administrative, technical, and physical. In this chapter we evaluate tools that businesses can immediately put to use to substantially reduce the information security threats posed by their vendors and business partners, to ensure proper diligence is conducted and documented, and to provide remedies in the event of compromised security.
