Security Risk Management

Security Risk Management in the Extended Enterprise

Melissa Stevens | September 26, 2013

Securosis-Threat-Intelligence-for-Ecosystem-Risk-ManagementEarlier this month, BitSight licensed a white paper by Mike Rothman, president and analyst at Securosis. The paper, "Threat Intelligence for Ecosystem Risk Management," discusses challenges organizations face in trying to assess the security risks of third parties in the extended enterprise.  

Traditional methods for assessing security risk (audits, questionnaires and network tests) provide an understanding of the controls in place, but they only reflect the status at that point in time.  

To explain this further, we like to draw an analogy to home security; you have locks on your windows and doors, surveillance cameras monitoring the premises, and an alarm system installed. An audit would show that you have the proper controls in place, and a penetration test might reveal that you had everything configured on that day.

But, how do you fare on the other 364 days of the year? Do you always use the alarm? Are the windows secured in every room? Did you leave the door unlocked for just 5 minutes? Are the surveillance cameras continuously monitored? Are your alarm settings configured correctly?  

This is where a daily security effectiveness rating can be insightful.  When you're sharing sensitive information with a business partner, don't you want to know when your information is at high risk? Download the white paper to explore this topic further and to see how Rothman makes the case for buying vs. building a solution for assessing partner security risk.


Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...


3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they...


Cyber Risk Should Be A Growing Concern to the Municipal Bond Market

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers...


Subscribe to get security news and updates in your inbox.