Personnel & Third-Party Security

Welcome to the first module of Personnel & Third Party Security! Education, training, and awareness of security threats are important for many actors within an organization. It’s not only your users who make bad decisions, it’s also administrators, IT staff, security staff, and risk assessors. In this module we will dive into the process of implementing effective education, training, and awareness programs.

Welcome to Module 2! Personnel security plays a critical role in protecting an organization’s assets, for example intellectual property, such as customer data or physical assets. Organizations define their security requirements around personnel’s use of organizational assets and then use technical and physical controls to implement them. Through personnel security controls, we work towards a reduction in the misuse, theft, or fraud related to our assets.

Welcome to Module 3! In this module we will introduce the steps required for effective Vendor Risk Management (VRM), including: due diligence, contracting, monitoring and accessing, as well as termination. When it comes to VRM, we cannot completely eliminate all risk, however, we may be able to reduce risk. The key is to ensure there is no "unacceptable" risk.