Profile

Quick question regarding handling a vendor's requirement that we sign a non-disclosure agreement (NDA) to receive information request as part of our third-party risk management process. Our Information Technology Procurement Review Process prompts my InfoSec GRC analyst to engage a perspective vendor ...

Rob, Marshall has had a couple conversations with persistent account managers, first asking to us to assist with optimizing our Java SE licensing and later an inquiry about some limited use of VirtualBox (specifically for the licensing requirements for their 'extension pack'). This started in fall ...

Scott, When Marshall initially rolled out MFA – specifically Microsoft Azure MFA using conditional access – we opted to put campus IP ranges in an exception list. This was primarily to lower the barrier of adoption and the initial thought was that bad actors were usually going to be attacking from ...