Summary
This chapter covered vendor management, examining the different types of penetration testing, internal and external audits, and the dangers of the third-party supply chain. We then looked at the importance of carrying out vendor assessments to evaluate vendor suitability and conflicts of interest and ensure impartiality and fairness. The final sections reviewed vendor agreement frameworks and the importance of continuous proactive vendor monitoring to verify those agreements are being met.
The knowledge gained in this chapter will prepare you to answer any questions relating to Exam Objective 5.3 in your CompTIA Security+ certification exam.
The next chapter will be Chapter 26, Summarize elements of effective security compliance.