Second Deadly Sin: Failing to make third-party risk management about business risk management

Posted by RiskRecon on Oct 16, 2018 8:00:00 AM

 

We’re running a blog post series on the “Seven Deadly Sins of Third-Party Cyber Risk Management;” here’s the second deadly sin, which is failing to make third-party risk management about business risk management.

Read More

Topics: 3rd party risk management, risk exposures, Vendor Risk Management

The Playbook for Managing Third-Party Security Risk

Posted by RiskRecon on Mar 21, 2018 12:02:49 PM

Get our All-New Playbook reflecting real life data from executives of 30 companies that offers a window into how organizations are confronting persistent breach risks stemming from third parties.

We are excited to announce the release of our inaugural Third-Party Security Risk Management Playbook. An inside look at how real companies are managing third party cyber risk. To get this important information we have conducted in-depth interviews with security executives from 30 participating organizations across multiple industries. The Playbook reveals how companies are managing the security risks of their complex digital supply chains and sensitive business partnerships.  Our study identified 14 vendor-neutral capability sets comprising 72 common, emerging, and pioneering practices that firms have implemented to manage third-party security risk. As a study of real-world third-party risk management programs, the Playbook is a valuable tool executives can use to benchmark their own programs and gain insight into pioneering practices other firms are adopting.

 

Read More

Topics: Third Party Risk, Vendor Security, 3PRM, Vendor Risk Management, 3rd party risk management, risk transparency, risk exposures, risk measurements, Whitepaper

Part 2: Are Your Vendors Walking the Walk? Confronting Risk Realities: Your Control Processes are Broken

Posted by RiskRecon on Nov 18, 2016 11:05:15 AM

In the second part of this two-part blog series, we look at the reality of your risk processes.

The complex, extensive vendor ecosystems in today’s enterprises have impacted the effectiveness of risk control processes. Local or otherwise decentralized IT and business functions procure SaaS solutions on their own, entirely bypassing the formal IT governance process.  Paper-based risk control processes were developed for a time when your vendor population was much smaller, data storage was mostly on premise, and third parties were only a small piece of your security programs.  Today, risk control processes must be adapted to new risk realities.  

Read More

Topics: risk control, vendor ecosystems, threat investigation, 3rd party risk management, risk exposures, trust building

Part 1: Are Your Vendors Walking the Walk? Confronting Risk Realities: Your Measurements Are Incomplete

Posted by RiskRecon on Nov 18, 2016 11:05:02 AM

You just received an updated security attestation from your third-party provider, but the hair on your arms stands straight up when news of the latest hack appears on your screen. Your vendors may talk the talk, but you anxiously wonder if they're walking the walk. Checklist compliance is not good enough.  It's time to confront your risk reality. In part one of this two-part blog series, we look at risk measurement.

Read More

Topics: 3rd party risk management, vendor ecosystems, security attestation, risk measurements, risk exposures, risk transparency