1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How CSOs can better manage third-party risks

Discussion in 'CSO' started by RSS, Oct 17, 2016.

  1. RSS

    RSS New Member Member

    As more companies outsource and move to the cloud on several new projects, making sure those relationships are secure (especially company data) becomes the highest priority. In light of the Target data breach, in which hackers were able to exploit a third-party vendor relationship to get into the retailer’s systems, companies need to perform risk analysis with their third-party vendors much more frequently.

    In the latest episode of Security Sessions, I spoke with Scott Schneider from CyberGRX, a startup in the third-party risk analysis space, about how companies can do more with their vendors than just sending them out a checklist of items.

    Among the highlights of the video are the following sections:

    0:55 Overview of the market for third-party risk analysis, and why it’s important.

    2:15 Good starting points and best practices for third-party risk analysis.

    3:07 What kind of information does a company pull from its third-party vendor in terms of its security?

    3:38 What is the most important question a company should ask their third-party vendors?

    4:17 How does a company know that information a third-party vendor gives them is reliable?

    4:55 What does a company do after it collects information from the third party?

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page