Web: https://www.reddit.com/r/cybersecurity/comments/uca36n/supplier_security_due_diligence_question/

April 26, 2022, 11:12 a.m. | /u/DeWorst

cybersecurity reddit.com

I have recently been tasked with performing due diligence checks on our suppliers and if their security is up to snuff (Certifications, relevant security controls, ect).

However, some of the suppliers listed simply provide native based software. For instance, Norton antivirus.

Seeing as Norton don't host the application on the cloud, and it simply being natively installed, Is a review of the supplier still required? And If so, what aspects of Norton do I review?

cybersecurity due diligence security

Information Systems Security Officer (ISSO)

@ Spry Methods | Denver, CO

Client Manager - Cybersecurity - Nashville Enterprise

@ Optiv | Nashville, TN

Threat Analyst | Remote, USA

@ Optiv | Minneapolis, MN

Senior Cyber Security SME

@ Node.Digital | Dulles, Virginia, United States

Junior Security Engineer, Applications

@ BetterHelp | Mountain View, California, United States

Information Security Analyst II

@ SOPHiA GENETICS | Lausanne, Vaud, Switzerland

Product Security Engineer

@ Elastic | United States

Senior Network Exploitation Analyst

@ Barbaricum | Washington, DC

Junior Security Engineer, Blue Team

@ BetterHelp | Mountain View, California, United States

Security Analyst, Security Operations (Threat Hunting, Operations, and Response)

@ GitHub | Remote - US

Security Engineer III - Information Security, Active Directory

@ Riot Games, Inc. | Los Angeles, USA

Staff Security Engineer, Application Security

@ Lyft | Mexico City, Mexico