Risk Universe Explores Vendor Risk Management with Mike Duffy

Melissa Stevens | January 6, 2014 | tag: Security Risk Management

riskuniverse-logoWith increased emphasis on third party risk management coming down from regulators and executive boards alike, cyber risk in the extended enterprise is shaping up to be a hot topic in 2014.

BitSight board member Mike Duffy recently contributed an article to Risk Universe on the topic.  In the article, "Rating Cyber Risk Vendors," Duffy explains why organizations are looking to cyber risk rating services to help manage their vendor security risk. Citing examples of recent high profile third party breaches, such as the JP Morgan Chase UCard breach, and increasing concerns amongst boards and executives about cyber risk, Duffy says now is the time for organizations to consider investing in new ways to manage this risk.

The article goes on to explain the limitations of current solutions and how relying on questionnaires and audits alone leaves organizations with blind spots as certain things are overlooked or emerge in the changing threat landscape:

The challenge is that while necessary, using these methods alone for assessing security risks is not sufficient. A company may be compliant with all the appropriate regulations and have excellent security policies but may be completely ineffective in the day-to-day implementation of these policies – rarely does a questionnaire ask how many compromised servers a provider is currently running on its network. Also, no matter how complete a checklist or audit is, its results are only a point in time reflection and can’t measure the dynamic nature of the risks it is meant to assess for the duration of the business partnership. Even if a penetration test or vulnerability scan is included as part of a vendor assessment, it cannot reveal issues that may appear the following week.

Duffy goes on to explain how new solutions are emerging, such as BitSight Partner Security Rating, and how models like credit ratings can apply to cyber security in order to help businesses better manage and reduce their third party risk.

Click here to read the full article in Risk Universe>

Suggested Posts

The BitSight and Moody's Partnership: A New Era For Cybersecurity

Cybersecurity is one of the biggest threats to global commerce in the 21st century.

By providing data-driven insights into cybersecurity, we can empower the marketplace to make better, risk-informed decisions and create a more secure...


4 Critical Success Factors for Effective Security Risk Management

With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management is greater than ever. When cyber risk is managed...


IoT Cybersecurity: How Your Organization Can Tame the Wild West

From sensors on the factory floor to those that guide autonomous vehicles, the Internet of Things (IoT) is transforming how we live and work. Over the coming years, IoT will continue to change our world, with the number of connected...


Get the Weekly Cybersecurity Newsletter.