The current processes for assessing third-party cybersecurity risks are ineffective. Gartner analyst Sam Olyaei shares how cybersecurity & IT leaders can implement effective systems to address third-party risk. Read more in CyberSecDive. GartnerIT
, a VP at Gartner, where he advises CISOs, CIOs, chief risk officers and non-IT executives on maturing their security and risk practices.must engage stakeholders to define a policy, identify hazards and promote predefined mitigations.
The second step is to separate low-risk third-party engagements from high-risk engagements. This should be a collaborative exercise with the risk committee or board of directors to determine which cybersecurity risks the organization is willing to accept. To bring it all together, document a high-level policy for third-party cybersecurity risk. This clarifies for business, procurement, IT and stakeholders which types of third parties warrant investigation, what the expectations are and how their capabilities will be assessed.Many regulations require the assessment of third-party security capabilities.
If the answer to these questions is no, then security checks may not be needed. If the answer to either or both is yes, then the next step is to determine necessary mitigations. On the other hand, a third party that is storing confidential business data but not customer data and which does not have access to systems may be in a “medium” category and would require a passive perimeter scan, perhaps using a security ratings service.For instance, procurement can include assessment requirements in engagement requests to vet higher-risk third parties before their functional capabilities are evaluated.
For example, if the identified risk is that the third party does not encrypt sensitive data, potentially exposing sensitive customer records, the action could be for the business to encrypt data through bring your own key – or, it could be to terminate proceedings with the third party.Implement a plan for monitoring and reporting
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Nancy Pelosi Discusses Attack on Husband, Says it Will Influence Retirement DecisionHouse Speaker Nancy Pelosi (D-Calif.) sat down with CNN for an interview to address the attack on her husband. See the potential bias and similarities in coverage from cnn, foxnews and cnbc:
Read more »
Final appeal before midterms; Musk threatens impersonators; weekend sports highlights | Hot off the Wire podcastGet the latest news on Hot off the Wire, our daily news podcast.
Read more »
Biden, Trump make final appeal to voters; North Korea denies U.S. claims; sports highlights | Hot off the Wire podcastIt's Election Day in America, North Korea says it's not supplying Russia and the Ravens won Monday Night Football. Those stories and more on our daily podcast.
Read more »
Countries Balance Climate Pledges with Economic Strains at COP27COP27, a two-week-long U.N. climate summit, began in Egypt this weekend. See potential bias and similarities in coverage from MarketWatch, NPR, and BreitbartNews:
Read more »
Taylor Swift and the Astros make history, Kyrie Irving suspended and notable deaths | Hot off the Wire podcast🎧 Get a recap of some of this week's top sports and entertainment stories through this special edition of our daily news podcast.
Read more »
Final appeal before midterms; Musk threatens impersonators; weekend sports highlights | Hot off the Wire podcast🎧 The election season is winding down, Elon Musk warns Twitter users, NFL and World Series highlights, and entertainment news from the weekend.
Read more »