CEO of RiskRecon Weighs in on Vendor Risk Management

Posted by RiskRecon on Jul 10, 2018 11:48:49 AM

 

RiskRecon CEO and Founder Kelly White talks to Data Breach Today about a new initiative by the Cyber Readiness Institute that aims to address vendor risk by promoting to smaller enterprises the cybersecurity best practices used by Fortune 500 companies.

Read More

Topics: Vendor Risk Management, Vendor Security

Who’s Monitoring Your Third-Party Vendors for Cyber Risk?

Posted by RiskRecon on Jul 6, 2018 4:07:55 PM

 

Exactis Data Leak Illustrates the Enormity of an Organization’s Potential Third-Party Cyber Risk

With hundreds and thousands of complex, highly interdependent, Internet-connected systems, it’s no wonder that an enterprise’s potential third-party cyber risk has multiplied in recent years. 

Read More

Topics: Vendor Security, Third Party Risk

You Can’t Manage What You Can’t Measure – Integrating Risk Formulas into Your Cyber Risk Management Framework

Posted by Kelly White on Jul 2, 2018 11:37:06 AM

 

By Kelly White | July 2, 2018 

Calculating cyber risk is a key element of any sound risk management strategy. While traditional risk management models have focused on financial, process, workplace and IT factors, for many organizations cyber risk is still a new component in their risk assessment practices. Yet issues such as accurately measuring exposure, understanding the correct level of security spend, and whether or not to buy cyber insurance (and how much to buy) depend on hard numbers. How do you tackle quantifying these concerns in practical business terms?

Read More

Topics: Vendor Risk Management, Vendor Security, Third Party Risk

Security Vulnerabilities Don’t Equal Security Risk – So How Do You Prioritize?

Posted by Kelly White on May 31, 2018 1:53:50 PM

 

By Kelly White | May 31, 2018 

While security vulnerabilities are found in many technologies, their presence doesn’t necessarily equal risk. Borrowing the FAIR Institute’s definition, risk is the probable frequency and magnitude of loss. Knowing what security vulnerabilities are present in your infrastructure can help you understand the probable frequency, but it offers no indication of loss magnitude. Rather, solving risk requires two foundational data points: what security vulnerabilities your technology has, and the value of the assets in which those vulnerabilities exist. Without that context, a given vulnerability is the same as any other.

Read More

Topics: Scalability, Vendor Risk Management, Security Ratings, Vendor Security, Third Party Risk

Join us for the Fair Institute Tech Sponsor Webinar Featuring RiskRecon Founder and CEO Kelly White

Posted by RiskRecon on May 23, 2018 2:14:34 PM

 

RiskRecon Founder and CEO Kelly White will be presenting a FAIR Institute Tech Sponsor Webinar titled "Solving third-party risk at scale - a true risk-based approach" on Friday May 18th at 3 pm EST. 

Read More

Topics: 3rd party risk management, CISO, Webinar, Vendor Security, Third Party Risk

Why the Security of Your Vendor’s Entire Enterprise Matters

Posted by Kelly White on May 15, 2018 11:34:14 AM

 

By Kelly White | May 14, 2018  

Reliably protecting systems and data over time requires the disciplined execution of a robust security program that spans an entire enterprise. As a former CISO and now advisor to third-party risk management teams, I’ve seen some vendors take the contrary position, arguing that customers need only be concerned with security of the systems that host their data.  

Read More

Topics: Vendor Risk Management, Vendor Security, 3PRM

What is the True Cost of Administering Your Vendor Security Questionnaire?

Posted by Kelly White on May 8, 2018 7:04:45 PM

 

By Kelly White | May 8, 2018

The more questions you ask in your third party assessments, the higher the cost. But how much does an extra question really cost? And what is its value?

In late 2017, we at RiskRecon explored this issue as part of a detailed study in which we analyzed the third-party cyber risk management practices of thirty firms. Let’s walk through a few of the study data points that led us to the answer.

Read More

Topics: Scalability, Vendor Risk Management, Vendor Security

Public Customer Vendor References – Good Partnership but Risky Business

Posted by Kelly White on May 3, 2018 9:38:32 PM

 

By Kelly White, Founder and CEO, RiskRecon

A public testimonial from a satisfied customer is marketing gold for most any business. Who isn’t proud to display the logos of respected brands on your customer list, or to publish case studies about the great work you did for them? When I was a CISO of a top-30 financial institution, vendors frequently offered us financial incentives for permission to leverage our brand. There’s also a human element – people like helping other people. In the digital age where a negative customer experience can spread like wildfire through social channels, positive testaments are more important than ever.  

Read More

Topics: Vendor Risk Management, Vendor Security

The Playbook for Managing Third-Party Security Risk

Posted by RiskRecon on Mar 21, 2018 12:02:49 PM

Get our All-New Playbook reflecting real life data from executives of 30 companies that offers a window into how organizations are confronting persistent breach risks stemming from third parties.

We are excited to announce the release of our inaugural Third-Party Security Risk Management Playbook. An inside look at how real companies are managing third party cyber risk. To get this important information we have conducted in-depth interviews with security executives from 30 participating organizations across multiple industries. The Playbook reveals how companies are managing the security risks of their complex digital supply chains and sensitive business partnerships.  Our study identified 14 vendor-neutral capability sets comprising 72 common, emerging, and pioneering practices that firms have implemented to manage third-party security risk. As a study of real-world third-party risk management programs, the Playbook is a valuable tool executives can use to benchmark their own programs and gain insight into pioneering practices other firms are adopting.

 

Read More

Topics: risk exposures, risk transparency, Vendor Risk Management, 3rd party risk management, risk measurements, Whitepaper, Vendor Security, 3PRM, Third Party Risk

Why Third-Party Security Risk Matters

Posted by RiskRecon on Mar 8, 2018 3:10:08 PM

Big Impact
Enterprises entrust the protection of their crown jewels—their customer data, their reputation, their finances, and their business availability—with third parties. Are they trustworthy? Why? Why not? What should be done about it? These questions are yours to answer and execute on. A breach of your third-party is a breach of your enterprise.

Big Challenges
Third-party risk management is hard. It requires deep transparency, strong accountability, and effective collaboration. Third-party risk has to achieve this position with hundreds and even thousands of organizations while being an outsider to every organization. Additionally, third-party risk has to solve this with limited personnel and resources. This need—to achieve really good risk outcomes from the outside with limited resources —will result in dramatic risk management innovation, key of which will be development of machine learning and artificial intelligence-based risk assessment capabilities. These inventions will occur within the context of third-party risk management and be adopted by enterprises for internal risk management. Necessity is the mother of invention, and the necessity is pressing in a big way.

The Greater Good
Third-party risk management is a process of holding enterprises accountable to good security practices. As you improve the security of your third parties you improve the security of the Internet. It decreases the likelihood of data being breached. It decreases the likelihood of systems being turned into DDOS drones or malware servers. It increases the likelihood that systems are going to be consistently available to fulfill their intended purposes. The work of third-party risk management is work for the greater good.

Read More

Topics: Continuous Monitoring, 3rd party risk management, Security Ratings, Vendor Security, 3PRM, Third Party Risk

New Call-to-action

Subscribe to Email Updates

Recent Posts