Outsourcing is nothing new. Industries have been embracing service providers for functions they either couldn't or didn't want to perform for years. This necessitated integrating business systems and providing these third party vendors with access to corporate networks and computer systems. The risk was generally...
What kind of programs do organizations have in place to manage vendor risk?
A primary source of weakness is your company's community of vendors and other "trusted" partners that often have privileged access to your data, systems, and networks. If a vendor's own security practices are inadequate, or if its employees...
Network security grows more complex every year with enterprises launching bolder applications with broader reach, facing more threats, adopting new devices, and implementing new security tools to protect it all. With so much to oversee and protect, keeping IT security simple, manageable, and effective (KISSME) begins,...
Behind many of the biggest breaches is a third-party intrusion. And yet far too few organizations have an effective third-party risk management program in place, says Norman Menz III, co-founder and CTO of Prevalent. How must they address this gap?
In a video interview at RSA Conference 2016, Menz...
Behind many of the biggest breaches is a third-party intrusion. And yet far too few organizations have an effective third-party risk management program in place, says Norman Menz III, co-founder and CTO of Prevalent, in this video interview. How must they address this gap?
Cybersecurity in the financial services industry is rapidly evolving.
Do you know how to stay ahead of the curve?
The financial sector has been a pioneer for vendor risk management (VRM) best practices for a
long time. Yet cybersecurity practices are continuing to evolve, and regulatory bodies are
focusing more on...
Increasingly, regulatory agencies are pressuring organizations to assess and attest to the cybersecurity of their business partners. In this video interview, Jay Jacobs of Bitsight Technologies discusses strategies for third-party management.
Learn how Financial Services organizations have moved from trustbased
continuous monitoring of vendor security.
The Financial Services industry has long been a pioneer in developing risk management
practices. As third party data breaches have increased in recent years, regulators...
Choosing the right MSSP partner is an important decision in an organization's overall security. Writing an RFP is the first step in the process to finding the right fit for the organization. By using this document, an organization should be able to choose an MSSP and write a tailored RFP/RFI that will help make the...
New guidance for cyber-resilience, vendor management and breach notification are expected for New York state banks in early 2016. And the tone set by these guidelines may have a ripple effect, influencing the actions of federal banking regulators.
Many recent breaches have exploited security weaknesses in third party vendors and suppliers
to attack organizations across all industries. In this SANS What Works Case Study, Chris
Porter, Deputy CISO at Fannie Mae details:
His experience using BitSight Security Ratings to assess the cybersecurity level of...
SANS, NIST and other industry standard methodologies offer thousands of potential questions you could ask your vendor about security. How can you determine which of them are the most important?
Security questionnaires and assessments are integral parts of comprehensive vendor
risk management (VRM) programs. But...
The whole idea behind vendor risk
management is that you want to be
able to verify the effectiveness of your
vendors' security practices. But with current solutions that rely on
self-reporting questionnaires, how
do you actually go about doing that?
Download this whitepaper to explore the flaws of...
One of the first steps to creating a
vendor risk management program
includes identifying what kind of
access your vendors have to your
network and where your greatest
risks lie. Unfortunately some organizations dwell on identifying those risks rather than remedying them.
Download this whitepaper to explore...
Upper management doesn't always buy
in to or fully understand the importance
of a vendor risk management program.
Download this whitepaper for expertise on how to properly communicate the
risk (and management of that risk) in
a way that executives can understand