Assessing Vendors

Assessing Vendors : A Hands-On Guide to Assessing Infosec and IT Vendors

3 (1 rating by Goodreads)
By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 1 business day
When will my order arrive?


Assessing vendors is a tricky process. Large and regulated organizations are forced to demonstrate due diligence in vendor assessment, but often do not know how to do this. This results in a great deal of busywork being required by both the vendors and the organizations. Smaller organizations don't know what to look for and, as a result, often wind up selecting based on price instead of value. This results in service failures and vendors that just milk their customers for as long as they can.

Assessing Vendors shows you how to walk the line between under- and over-assessing, so decisions can be made on sufficient data without wasting time, digging too deeply, or making decisions too quickly. This hands-on guide will show you how to use an iterative approach to vendor analysis, so you can rapidly filter out the vendors that are clear failures and then select likely winners. It will then show you how to do progressively deeper dives into the likely winners so you can select a preferred vendor. Finally, you will learn how to negotiate with your preferred vendor to get reasonable prices and services.

Provides an iterative approach to vendor assessment, showing you how to make decisions on sufficient data without wasting time
Includes checklists to help you navigate the decision-making process, while considering all the important factors needed to make a sound decision
Helps you understand and evaluate vendors based on key concepts such as performance criteria, functional testing, production, and price
show more

Product details

  • Paperback | 94 pages
  • 152.4 x 223.52 x 7.62mm | 136.08g
  • Rockland, MA, United States
  • English
  • black & white illustrations
  • 0124096077
  • 9780124096073

Table of contents


Identifying Candidates

Building Criteria

Functional Testing - Initial Pass

Functional Testing - Deeper Dive

Approaching Production


Production Cycle

show more

Review quote

"In Assessing Vendors A Hands-On Guide to Assessing Infosec and IT Vendors, author Josh More details a high-level overview of how to perform a vendor security analysis to ensure your vendors meet or exceed your security requirements...Looks to be an interesting read.", May 2013

"The book shows you how to find the right balance between performing a superficial assessment and one that is way too deep... The book provides a lot of common sense advice that may not be intuitive to many people." --RSA Conference blog, July 2013

"...Assessing Vendors: A Hands-On Guide to Assessing Infosec and IT Vendors is a valuable resource for those looking for a basic introduction on how to understand the risks involved when sharing data with 3rd-parties, in addition to selecting the appropriate products for your organization." --Slashdot, July 2013
show more

About Josh More

Josh has over fifteen years of experience in IT, and ten years working in Security. Though today, he primarily works as a security consultant, he has also worked in roles ranging from user to developer to system administrator. He holds several security and technical certifications and serves in a leadership position on several security-focused groups. He writes a blog on security at and As security works best from a holistic approach, he works all angles: risk assessments, posture analysis, incident response, malware analysis, infrastructure defense, system forensics, employee training and business strategy. Josh More works at RJS Software Systems, a national data management and security company.
show more

Rating details

1 ratings
3 out of 5 stars
5 0% (0)
4 0% (0)
3 100% (1)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X