McCaffery's comments

McCaffery | 5 years ago | on: Our Dumb Security Questionnaire

I did the analysis and looked at the costs of a security questionnaire. They run anywhere from $250-$4500 each. The main problem is that there has become a race to longer and longer questionnaires. "Oh, your questionnaire has 1000 questions, I am going to make mine 1100!." I like the author's intent here. Maybe 10 questions is a little short, but let's end the gaming of this process and keep it straight forward. As one commenter noted, some of this information is confidential and should be obscured, not sent around via email attachments to people who may or may not enter into a contract at some point.

McCaffery | 5 years ago | on: Our Dumb Security Questionnaire

Totally agree with you. However, in my head it was, "hey lawyer, what should we do to protect ourselves against breaches by our vendors?" Lawyer thinks, well, we do due diligence for M&A, financings etc. etc. so why not for onboarding vendors. Course, now this process is codified into law.

I have an idea for a better way... :)

McCaffery | 5 years ago | on: Our Dumb Security Questionnaire

Check out Delta Airlines vs 24/7.ai - lots of claims relating to 24/7.ai security representations.