3rd Party Risk Management , Events , Governance & Risk Management

You Can't Control Everything in Your Environment

Shared Service Connected's Bridget Kenyon on Balancing Risk of Using Third Parties
Bridget Kenyon, CISO, Shared Service Connected Ltd

If you don’t understand the security practices of your third-party vendors, you don’t know where your risks are. A major problem with unmanaged or insufficiently managed third parties is that it creates a lack of understanding of liability, responsibility and accountability, said Bridget Kenyon, CISO of Shared Service Connected Ltd.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

Understanding vendor risk is like peeling an onion. Your vendors also are using third parties, which may pose more risks. Some organizations may not have a choice about using certain vendors if they are mandated by regulations, needed to meet industry standards, or are wide-ranging software suppliers such as Microsoft. Kenyon advises clients to continuously attack third-party risks through red teaming, pen testing and bug bounties.

In this video interview with Information Security Media Group at Infosecurity Europe 2023, Kenyon discussed:

  • The difficulties of achieving visibility of all code, plus alternatives to expensive code reviews;
  • Human third-party risks such as untrained employees or someone with malicious intent accessing your system;
  • AI risks, ethical controls, parameters and prejudices.

Kenyon is experienced in strategy, planning, managing staff, running security reviews, designing policy and handling security incidents. She is a fellow of the Chartered Institute of Information Security and has held senior roles in the industry including CISO, EMEA region, and information security programs leader at Thales Digital Identity and Security, Global CISO at Thales eSecurity and head of information security at UCL.

About the Author

Tony Morbin

Tony Morbin

Executive News Editor, EU

Morbin is a veteran cybersecurity and tech journalist, editor, publisher and presenter working exclusively in cybersecurity for the past decade – at ISMG, SC Magazine and IT Sec Guru. He previously covered computing, finance, risk, electronic payments, telecoms, broadband and computing, including at the Financial Times. Morbin spent seven years as an editor in the Middle East and worked on ventures covering Hong Kong and Ukraine.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.