Re: [External] Re: [SECURITY] Malware Bytes

[Kevin Wilcox <wilcoxkm () APPSTATE EDU>]

On Thu, Nov 5, 2020 at 12:29 PM Weissbohn, David <dweissbohn () govst edu>
wrote:


> While I understand that these questionnaires can be a pain, any vendor who
> pushes back on completing one is an immediate red flag. Depending on how
> hard they push, I would not waste my time with them and instead find a
> vendor who is willing to cooperate. I’d be more concerned with their
> attitude towards cooperation than actually having the full HECVAT.

Aye I'm with David on this one. A HECVAT with less-than-perfect answers
versus flat-out refusal to complete it is going to be a significant tell
about the relationship you're going to have with that vendor. A HECVAT is a
bit like pizza for me -- even a bad one is better than none.

That said, I also appreciate the liability it puts on any vendor
who formally recognises "we really should be doing <x> - but we don't
because we can't be arsed with doing things the right way"...

kmw

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community