Understand, Manage, and Measure Cyber Risk by Ryan Leirvik
Author:Ryan Leirvik
Language: eng
Format: epub
ISBN: 9781484278215
Publisher: Apress
With the introduction of the program and internal processes to maintain proper management of the activities, itâs time to look outside the organization for risks.
Step 5. Look Externally (Third-party Risk Management)
Anticipating areas of organizational cybersecurity risk stretches beyond simply internal processes. An individual or an organization that is not part of your organization (referred to as a third party)20 introduces their own set of risks that can sometimes go overlooked.
External risks, such as outsourced entities, require security attention that expands beyond the primary organizational boundaries to external parties for investigating possible vulnerabilities that may impact the primary organization. This is the essence of third-party risk management (TPRM). The goal is to perform risk management successfully enough to anticipate and remediate issues resulting from the outside party before a weakness in that third party is exploited that impacts the organization.
There are many ways to go about managing third-party risk. One solution begins with establishing a formal TPRM program within the organization. Programs like these always best start by gaining internal buy-in from teams who have a stake in the outcome and the management, like governance, risk, and compliance (GRC) , overall organizational risk management, cybersecurity, procurement or purchasing, and legal. Making a concerted effort to bring in team members early helps prevent internal teams from engaging external third-party vendors without engaging in a TPRM risk-identification process.
One simple way to begin a risk management process focused on third parties is to align on what risks are important. One way to do this is to dedicate or hire full-time employees21 at the onset. Depending upon the depth of any existing third-party risk management program, a dedicated specific team or employee is best. TPRM requires a lot of time and work to properly manage. Assessors of risk stay busy with a wide variety of outside entities or people requiring assessments. For example, dedicated third party assessors have to retroactively assess the current vendors prior to assessing any new/additional vendors the organization is looking to engage. This process can become a mammoth task, depending on the organizationâs size, use of outside contractors, and any current backlogs of assessments to complete.
With an identified team or person dedicated to the effort, establish a third-party risk management questionnaire. Regardless of the maturity of a TPRM process, the questionnaire is a strong place to start as support to any current program or ease future assessments. The questionnaire is established to clarify which areas of risk to probe when considering engagement with an outside party. As with any strong risk management program, choosing one framework as the basis for this questionnaire helps ensure the program has structure.
Continuing with the CSF, a questionnaire may be built around the organizationâs management process to help with coverage and alignment back to organizational risks; too many frameworks cause alignment problems. At the very basic level, aligning to the CSF may help establish high-level questions for vendor assessment. For example, Figure 5-8 illustrates at least one question per function to begin asking TPRM questions.
Figure 5-8Use
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
What's Done in Darkness by Kayla Perrin(26286)
Shot Through the Heart: DI Grace Fisher 2 by Isabelle Grey(18814)
Shot Through the Heart by Mercy Celeste(18695)
The Fifty Shades Trilogy & Grey by E L James(18599)
The Subtle Art of Not Giving a F*ck by Mark Manson(13914)
The 3rd Cycle of the Betrayed Series Collection: Extremely Controversial Historical Thrillers (Betrayed Series Boxed set) by McCray Carolyn(13858)
Stepbrother Stories 2 - 21 Taboo Story Collection (Brother Sister Stepbrother Stepsister Taboo Pseudo Incest Family Virgin Creampie Pregnant Forced Pregnancy Breeding) by Roxi Harding(12817)
Scorched Earth by Nick Kyme(12516)
Drei Generationen auf dem Jakobsweg by Stein Pia(10747)
Suna by Ziefle Pia(10677)
Scythe by Neal Shusterman(10036)
International Relations from the Global South; Worlds of Difference; First Edition by Arlene B. Tickner & Karen Smith(9289)
Successful Proposal Strategies for Small Businesses: Using Knowledge Management ot Win Govenment, Private Sector, and International Contracts 3rd Edition by Robert Frey(9106)
This is Going to Hurt by Adam Kay(8739)
Dirty Filthy Fix: A Fixed Trilogy Novella by Laurelin Paige(7361)
How to Make Love to a Negro Without Getting Tired by Dany LaFerrière(6765)
He Loves Me...KNOT by RC Boldt(6652)
Unleashing the Power of UX Analytics: Proven techniques and strategies for uncovering user insights [Team-IRA] [True PDF] by Jeff Hendrickson(6378)
Interdimensional Brothel by F4U(6095)
