<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Security Risk Management

Security Risk Management in the Extended Enterprise

Melissa Stevens | September 26, 2013

Securosis-Threat-Intelligence-for-Ecosystem-Risk-ManagementEarlier this month, BitSight licensed a white paper by Mike Rothman, president and analyst at Securosis. The paper, "Threat Intelligence for Ecosystem Risk Management," discusses challenges organizations face in trying to assess the security risks of third parties in the extended enterprise.  

Traditional methods for assessing security risk (audits, questionnaires and network tests) provide an understanding of the controls in place, but they only reflect the status at that point in time.  

To explain this further, we like to draw an analogy to home security; you have locks on your windows and doors, surveillance cameras monitoring the premises, and an alarm system installed. An audit would show that you have the proper controls in place, and a penetration test might reveal that you had everything configured on that day.

But, how do you fare on the other 364 days of the year? Do you always use the alarm? Are the windows secured in every room? Did you leave the door unlocked for just 5 minutes? Are the surveillance cameras continuously monitored? Are your alarm settings configured correctly?  

This is where a daily security effectiveness rating can be insightful.  When you're sharing sensitive information with a business partner, don't you want to know when your information is at high risk? Download the white paper to explore this topic further and to see how Rothman makes the case for buying vs. building a solution for assessing partner security risk.

 

Suggested Posts

3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they...

READ MORE »

Cyber Risk Should Be A Growing Concern to the Municipal Bond Market

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers...

READ MORE »

Takeaways from the 2017 Gartner Security & Risk Management Summit

This year marked another great Gartner Security & Risk Management Summit with over 3,000 attendees, bringing together CEOs, CIOs, CISOs, IT Directors, Risk Managers, and other risk and security professionals to National Harbor, MD from...

READ MORE »

Subscribe to get security news and updates in your inbox.