SANS White Paper – Retail Security: Third-Party Interaction
Yes, you can reduce the risk posed by third parties
A number of high-profile breaches of retailers (and other organizations) were initially launched from an attack on a third party. Although third parties offer a range of economic and operational benefits to retailers, they can also create additional security risks and exposures. Because attackers commonly seek the path of least resistance, a third party with full access to your network poses significant exposure. This paper provides guidance on understanding, recognizing and minimizing the risk of exposure from third parties, including those providing services covered under PCI DSS standards.
Topics covered include:
- Understanding the threats and exposures
- Balancing economic gains and security
- Third parties and PCI compliance
- Best practices for containing third-party risk
Retail Security: Third-Party Interaction, was written by Eric Cole, PhD, SANS faculty fellow, course author and instructor.