Vendor Risk Management Insights

Extending GRC with Continuous Vendor Security Monitoring

Posted by RiskRecon on Apr 24, 2017 11:25:28 AM

We speak with many clients that already have some form of governance, risk management, and compliance (GRC) program in place to assist with managing their enterprise programs. And some have software solutions to help them manage the process. This is not surprising when the market for GRC solutions is expected to grow to $38 billion by 2021.

Most companies are seeking ways to obtain more value from their GRC system—often by extending their coverage to their third-party risk management programs. Using the new class of continuous vendor security monitoring solutions is one of the best ways to add immediate value to GRC. This pairing offers a number of benefits, such as speed to identify and manage risk, valuable insight for prioritization of response, visibility into an accurate and complete vendor IT footprint, and critical transparency of exposure and actionable information on inherited vulnerabilities.

Read More

Topics: risk control, Continuous Monitoring, Vendor Risk Management, 3rd party risk management, CISO, GRC

When Apache Struts2 Hits the Fan, Respond with Data and Collaboration

Posted by RiskRecon on Mar 17, 2017 5:36:41 PM

Mitigating your third-party exposure to Apache Struts2 requires accurate, actionable data -- and fast. If you can apply automated techniques to rapidly identify which of your vendors are most likely exposed to the exploit, you can quickly prioritize your risk resources and engage constructively with impacted vendors.

Read More

Topics: risk control, Continuous Monitoring, Vendor Risk Management, 3rd party risk management, CISO

Using Threat Intelligence to Manage Third Party Risk: The Boy Who Cried Wolf

Posted by RiskRecon on Feb 15, 2017 11:30:00 AM

More and more enterprises are increasing their budgets for threat intelligence in order to stay on top of the latest security risks. The dramatic increase in third party cyber security risk seems to make it another area where threat intelligence can be applied.  But is threat intelligence actually a good fit for your third-party risk management program?

Read More

Topics: risk control, Continuous Monitoring, Vendor Risk Management, 3rd party risk management, CISO

Part 2:  Incorporating Continuous Monitoring into Your Third-Party Risk Management Program: The Pilot is Complete – Now What?

Posted by RiskRecon on Jan 31, 2017 1:30:00 PM

One of the most common questions we’re asked is how to incorporate continuous monitoring into a third-party risk management program. In part one of this two-part blog, we discussed beginning with the end state in mind to establish goals for your continuous monitoring program and suggested you jumpstart your program with a pilot. So once the pilot is complete, now what?

Read More

Topics: risk control, Continuous Monitoring, Vendor Risk Management, 3rd party risk management, CISO

Part 1:  Incorporating Continuous Monitoring into Your Third Party Risk Program: Begin with the End State in Mind

Posted by RiskRecon on Jan 20, 2017 1:39:28 PM

Like many organizations today, you have existing processes, tools and people laser-focused on analyzing periodic vendor security questionnaires, documentation, and on-site reviews. Moving to a continuous monitoring program can be daunting.  Our advice: Don’t focus on where to start…think about where you want to end up.  Begin with the end state in mind.

Read More

Topics: Scalability, risk control, Continuous Monitoring, Vendor Risk Management, 3rd party risk management, CISO

New Call-to-action

Subscribe to Email Updates

Recent Posts