Product Enhancement:  Issue Risk Matrix for your Entire Vendor Portfolio

Posted by RiskRecon on Dec 17, 2018 4:18:51 PM

RiskRecon is pleased to announce the release of the Portfolio Issue Priority Matrix. The Portfolio Issue Risk Matrix provides you instant visibility into the risk distribution of security issues across your entire vendor portfolio. The interactive matrix enables you to identify the vendors that have issues within each risk priority. This is yet another way that RiskRecon makes it easy for you to understand and act on your third-party risk.

Read More

Topics: Vendor Security, Vendor Risk Management, 3rd party risk management, Issue Severity, Asset Value, Issue Risk Matrix

Second Deadly Sin: Failing to make third-party risk management about business risk management

Posted by RiskRecon on Oct 16, 2018 8:00:00 AM

 

We’re running a blog post series on the “Seven Deadly Sins of Third-Party Cyber Risk Management;” here’s the second deadly sin, which is failing to make third-party risk management about business risk management.

Read More

Topics: 3rd party risk management, risk exposures, Vendor Risk Management

New Enhancements to RiskRecon Portfolio Dashboard

Posted by RiskRecon on Oct 10, 2018 5:07:25 PM

 

RiskRecon has rolled out an update of the portfolio dashboard page to customers, which provides enhanced insights into their RiskRecon portfolios, built with active information widgets that facilitate viewing additional information and easy linking to vendor security profiles. The dashboard continues to be filterable based on customers’ portfolio organization.

Read More

Topics: Vendor Risk Management, 3rd party risk management

RiskRecon Advisor Yong-Gon Chon Shares Cybersecurity Tips

Posted by RiskRecon on Aug 30, 2018 2:56:12 PM

 

In a recent article in the ABA Journal, noted cybersecurity expert and RiskRecon Advisor, Yong-Gon Chon, shared his thoughts on what law firms can do to bolster their cybersecurity. In particular, Chon suggests learning from other industries. For example, law firms can look to financial institutions, which have long struggled with protecting data as required under the Gramm-Leach-Bliley Act, he said. Data protection is key.

Read More

Topics: Third Party Risk, Vendor Security, Vendor Risk Management, risk measurements, 3rd party risk management

Breaking the Cybersecurity Insanity Cycle

Posted by Yong-Gon Chon on Jun 19, 2018 11:15:36 AM

 

By Yong-Gon Chon | June 19, 2018

I’m joining the Board at RiskRecon because with my 20+ years of experience working in information security, I truly believe their offering solves the failing state that dominates this domain.

To put it bluntly, Einstein defined INSANITY as “doing the same thing over and over again and expecting different results.” Over my long tenure in information security, I have witnessed exactly that: INSANITY. From firewalls to next-gen firewalls to something better than next-gen firewalls; from anti-virus to endpoint protection to endpoint protection with machine learning to AI orchestrated through “frictionless security,” we are doing the same thing over and over again expecting a different result. In some sense things are different—they’re worse. According to the 2011 Verizon Data Breach Investigations Report (DBIR), the cumulative caseload from 2004-2010 spanned over 1,700 breaches. In the 2018 DBIR alone it was 2,200.

Read More

Topics: Third Party Risk, Vendor Risk Management, 3rd party risk management

Join us for the Fair Institute Tech Sponsor Webinar Featuring RiskRecon Founder and CEO Kelly White

Posted by RiskRecon on May 23, 2018 2:14:34 PM

 

RiskRecon Founder and CEO Kelly White will be presenting a FAIR Institute Tech Sponsor Webinar titled "Solving third-party risk at scale - a true risk-based approach" on Friday May 18th at 3 pm EST. 

Read More

Topics: Vendor Security, Webinar, Third Party Risk, CISO, 3rd party risk management

Meet with RiskRecon at the Financial Services-ISAC Annual Summit

Posted by RiskRecon on May 11, 2018 2:52:01 PM

 

May 20th to 23rd RiskRecon will be a sponsor at the 2018 Financial Services - Information Sharing and Analysis Center Annual Summit in Boca Raton, Florida at the Waldorf Astoria Boca Raton Resort. 

Read More

Topics: Press Release, Vendor Risk Management, risk measurements, 3rd party risk management

We Are Proud To Announce Our Exclusive Partnership With the FAIR Institute.

Posted by RiskRecon on Apr 13, 2018 12:17:09 PM

We are proud to announce an exclusive partnership with the FAIR Institute. Factor Analysis of Information Risk (FAIR) has emerged as the standard Value at Risk (VaR) framework for cybersecurity and operational risk. The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.  

 

Read More

Topics: Third Party Risk, Press Release, 3rd party risk management, Vendor Risk Management

The Playbook for Managing Third-Party Security Risk

Posted by RiskRecon on Mar 21, 2018 12:02:49 PM

Get our All-New Playbook reflecting real life data from executives of 30 companies that offers a window into how organizations are confronting persistent breach risks stemming from third parties.

We are excited to announce the release of our inaugural Third-Party Security Risk Management Playbook. An inside look at how real companies are managing third party cyber risk. To get this important information we have conducted in-depth interviews with security executives from 30 participating organizations across multiple industries. The Playbook reveals how companies are managing the security risks of their complex digital supply chains and sensitive business partnerships.  Our study identified 14 vendor-neutral capability sets comprising 72 common, emerging, and pioneering practices that firms have implemented to manage third-party security risk. As a study of real-world third-party risk management programs, the Playbook is a valuable tool executives can use to benchmark their own programs and gain insight into pioneering practices other firms are adopting.

 

Read More

Topics: Third Party Risk, Vendor Security, 3PRM, Vendor Risk Management, 3rd party risk management, risk transparency, risk exposures, risk measurements, Whitepaper

Why Third-Party Security Risk Matters

Posted by RiskRecon on Mar 8, 2018 3:10:08 PM

Big Impact
Enterprises entrust the protection of their crown jewels—their customer data, their reputation, their finances, and their business availability—with third parties. Are they trustworthy? Why? Why not? What should be done about it? These questions are yours to answer and execute on. A breach of your third-party is a breach of your enterprise.

Big Challenges
Third-party risk management is hard. It requires deep transparency, strong accountability, and effective collaboration. Third-party risk has to achieve this position with hundreds and even thousands of organizations while being an outsider to every organization. Additionally, third-party risk has to solve this with limited personnel and resources. This need—to achieve really good risk outcomes from the outside with limited resources —will result in dramatic risk management innovation, key of which will be development of machine learning and artificial intelligence-based risk assessment capabilities. These inventions will occur within the context of third-party risk management and be adopted by enterprises for internal risk management. Necessity is the mother of invention, and the necessity is pressing in a big way.

The Greater Good
Third-party risk management is a process of holding enterprises accountable to good security practices. As you improve the security of your third parties you improve the security of the Internet. It decreases the likelihood of data being breached. It decreases the likelihood of systems being turned into DDOS drones or malware servers. It increases the likelihood that systems are going to be consistently available to fulfill their intended purposes. The work of third-party risk management is work for the greater good.

Read More

Topics: Continuous Monitoring, 3rd party risk management, Security Ratings, Vendor Security, 3PRM, Third Party Risk