Larger businesses are investing significant resources into Information Security. Smaller businesses, often providing services and products for more mature businesses, are often less robust with their security. These third parties present a significant risk to the primary businesses, who bear the legal and reputational repercussions of a security event. In attending this presentation, you will learn some industry standards, best practices and some anecdotal advice to manage this risk from both sides. As such, this presentation is aimed at those who either need to create a third party risk management program, or start an information security program as a third party vendor.
- The importance of a Vendor Information Security Program
- Standards for establishing a Vendor Information Security Program.
- Common pitfalls and risks from third party vendors.
- Learn industry best practices for small business information security.
About Erin Warhol

Erin Warhol has spent her career instructing students, teachers and staff on the use of technology. Her security awareness trainings are based on attacker behavior, which pivot easily between physical security and InfoSec. She has over 20 years of experience in information technology, information security and leadership. She has a master of science degree in security technologies as well as CISM, CISSP, CPPM and ITIL certifications. She provides information security for small businesses, large corporations, educational institutions and private events.