Third-party risks continue to be a serious cybersecurity threat, so properly assessing a third-party is paramount to any risk management strategy. According to Gartner, 71% of organizations reported their network contains more third-parties than it did three years before. This number is expected to grow even larger in the next few years.
Companies can have upwards of a thousand third-parties and it is important to be able to differentiate and categorize each one of them. To that end, inherent risk takes into account how a company is using their third-parties and what risk do they pose to the organization. In this blog, we’ll explain how to calculate…
When you are deciding to create a framework for your Third-Party Risk Management Program you need to take the following into consideration:
Last Monday, (9/30) at the LS-ISAO Annual Member Gathering, we had the privilege to help organize a panel about the importance of a legal specific set of controls to help manage your third-party risk management program.
Metrics drive the measure of progress and stand as benchmarks during any assessment, audit or review process. They are the life blood of reporting, but when it comes to vendor risk management, it is not as straight forward as you might think.
The former CEO of Intel, Brian Kzranich said last month, “Data, I look at it as the new oil. It’s going to change most industries across the board. Oil changed the world in the 1900s. It drove cars, it drove the whole chemical industry,” Krzanich explains.
With growing executive demand for changes to cybersecurity processes and awareness comes inherent challenges to an organization.