ThirdPartyTrust Blog

The key essentials when designing the process around third-party risk management

Posted by Lily Hwang on 12/13/19 3:43 PM

When you are deciding to create a framework for your third-party risk program you need to take the following into consideration:

  • How are you going to categorize your third-parties?
  • How would you rank your third-parties?
  • What is  the criteria/requirement for each one of those categories?

Other areas to consider involve the people component of the workflow, such as business owners, legal, and procurement.  Especially during the contracting phase, by including legal language that assessments and/or assurance programs must be provided. Also, include stipulations regarding renewals that reassessments are required. 

And of course, there is technology, the enabler. Technology provides the automation and a structured way to capture specific data for business and executives to make key decisions on these relationships. Monitoring these data points will contribute to the success or failure of that third-party. 

Read More

Topics: Vendor Risk Management, third party risk

Data is the new oil and breaches are the new spills; so where is the leak?

Posted by Jeffrey Spetter on 7/6/18 9:11 AM

The former CEO of Intel, Brian Kzranich said last month, “Data, I look at it as the new oil. It’s going to change most industries across the board. Oil changed the world in the 1900s. It drove cars, it drove the whole chemical industry,” Krzanich explains.

Read More

Topics: Vendor Risk Management

The Real Challenges of Moving Cyber Initiatives Forward

Posted by Jeffrey Spetter on 5/29/18 9:45 AM

With growing executive demand for changes to cybersecurity processes and awareness comes inherent challenges to an organization. To set the stage, the NotPetya attacks on Moeller-Maersk shipping company took them offline for ten days. Jim Haggemann Snabe, the Chairman, describes the heroic efforts to get 45,000 PCs and 2,500 servers back and up and running (see video) proves that ransomware attacks or never before seen attacks can have tremendous impact on business operations.

Read More

Topics: Regulation, IoT Security, Vendor Risk Management, third party risk

TPT InfoSec Interviews: Rocio Baeza, CEO Cybersecuritybase

Posted by Jeffrey Spetter on 3/27/18 12:39 PM

Hi, everyone. This is Jeff Spetter from ThirdPartyTrust and I had the great pleasure of speaking with Rocio Baeza, CEO of CyberSecurityBase. Here's a recap and audio of the interview. 

Read More

Topics: Vendor Risk Management

Emerging Technology, Unknown Risks: DePaul University's Fourth Annual Cyber Risk Conference | Part Two

Posted by Yasmeen Ghazal on 12/20/17 9:10 AM

Part one of the DePaul Cyber Risk Panel covered: 

- How to start building a vendor risk management program

- Key vendor risk management metrics 

- How to keep the vendor engaged after the contract has been signed

In Part 2, panelists answer audience questions. Including what constitutes a vendor and varying risk profiles for vendors. 

Read More

Topics: Vendor Risk Management, Panel Discussions

2017 Vendor Risk Management BenchMark Study | Protiviti & Shared Assessments

Posted by Yasmeen Ghazal on 11/21/17 4:40 PM

The external risk environment is changing quickly as massive and costly cyber attacks -- Home Depot, Boston Medical Center and the Department of Veterans Affairs, among others -- have struck in the past couple years, continuing to challenge organizations to re-think approaches to vendor risk management.

Read More

Topics: Vendor Risk Management

Keynote Panel: Re-thinking How to Build Trust in the Vendor Eco-System

Posted by Yasmeen Ghazal on 10/30/17 9:00 AM

 

On October 18th, 2017, McCormick Center held 3,000 attendees as the first annaul Cyber Security Chicago conference. It offered invaluable insights around hot topics in the industry including IoT Security, DevSecOps and the Equifax Breach. On the Keynote Stage, Anders Norremo, CEO of ThirdPartyTrust, led a keynote on Re-Thinking How to Build Trust in the Vendor Eco-System alongside   Fawaz Rasheed , CISO  of Trustmark Companies, and  Matt Dechant , CISO of Tempus
Read More

Topics: Vendor Risk Management, third party risk

Data Risk in the Third-Party | Ponemon Institute

Posted by Jeffrey Spetter on 10/12/17 8:29 AM

The Ponemon Institute recently rolled out there second annual study of Data Risk in the Third-Party Ecosystem. The study aims to understand trends in the challenges companies face in protecting sensitive and confidential information shared with third parties and 4th party vendors. 

Read More

Topics: Vendor Risk Management, third party risk

Panel: Cybersecurity & Manufacturing in the digital era

Posted by Yasmeen Ghazal on 9/11/17 4:20 PM

On September 6th, 2017, Anders Norremo, CEO of ThirdPartyTrust, moderated a panel of manufacturing experts on the topic of CyberSecurity & Manufacturing in the Digital Era at the OnRamp Conference in Milwaukee, WI.

Panelists included Chris Merkel, CISO of Brunswick Corp; David McPhee, the Regional Information Security Manager at Caterpillar; Michael Goetzman, CISO at Master Lock; and Steve Brukbacher, the Application Security Manager at Johnson Controls. 

Read More

Topics: Vendor Risk Management

7 Risks to Data In the Third Party Eco-system

Posted by Jeffrey Spetter on 8/21/17 8:30 AM

The Ponemon Institute conducted a study back in April of 2016 surveying companies to understand the challenges they face in protecting sensitive and confidential information shared with third parties resulting in Data Risk in the Third-Party Ecosystem study.

Read More

Topics: Regulation, Vendor Risk Management, Best Practices

ThirdPartyTrust is a vendor risk management platform strengthening cyber risk intelligence and simplifying the management process for enterprises performing vendor risk assessments.
 
By analyzing both third and fourth party vendor cyber risk using a network-based solution, like 3PT, trust is built and mapped within your vendor eco-system.

Subscribe to Email Updates

Recent Posts