Reply to there answer

200 words

1. Due diligence is necessary when working with external vendors for several reasons. There are regulatory requirements involved in certain industries. In the banking industry, compliance requirements can’t be outsourced to a vendor, but at the same time, vendors are required to comply with regulation independently of the bank as part of the relationship. Secondly, the organization is responsible for the vendor’s activities. Additionally, if the vendor is breached, the organization’s data is at risk and the organization must disclose to the public the breach.

There are some ways to secure the organization’s data in-transit to and from vendors. The most obvious way to do this is with encryption. But there are other aspects to consider, such as authentication. Authentication should occur by users using strong passwords, in conjunction with multifactor authentication, such as the use of biometrics, a fingerprint swipe for example. Compliance monitoring should also occur.

Two security protocols that should be part of the vendor’s data operations are physical security and auditing. Strong physical security measures will protect the vendor’s systems from unauthorized access, which will help protect the organization’s data. Auditing and monitoring are extremely important. The vendor should audit systems, access, authentication, logs, etc. The organization should also perform periodic audits.

 Reply to there answer

200 words

2. 

 This is a great topic. Dealing with data in transit is one of my major concerns when doing things online. I'm always shopping online, and every time I enter my credit card information, I get worried. Also when applying for certain jobs online, you're asked to give your social security number, this frightens me to the core. So it's very comforting to know that there are security measures in place to prevent this information from getting out. After doing some research I found this article, describing ways we can protect our data in motion.

Implement technologies and processes

Implementing processes and systems that ensure the safe transfer of sensitive data is vital to ensure data leaks and data theft. Encryption plays a large role in this step, and it should be integrated into common business workflows. Encryption requirements should be based on the latest standards by only allowing secure protocols. Email security is also essential since it is a widely used channel for business communication. The best way to ensure that messages and attachments remain confidential is to transmit them through an encryption platform that integrates with existing systems and workflows. To safeguard data in transit against malware attacks or intrusions, network security solutions like firewalls should be implemented. Data Loss Prevention (DLP) solutions usually address the threats data in motion faces from breaches and human error during its transit.