Security Risk Management

Third Party Risk Management Becomes a Topic of Interest at RSA

Melissa Stevens | February 21, 2014

Third Party Risk Management at RSA ConferenceBefore the legions of attendees descend on San Francisco for the RSA conference next week, I wanted to take a minute to share three sessions that may be of interest! If third party risk management is an area of concern for you, clear your calendars and make time to attend these talks:

Third-Party Cyber Security & Data Loss Prevention

Wednesday, February 26, 2014 | 12:00 PM – 12:20 PM | West | Room: 2006 
While companies may do an effective job of their cyber security and data protection, the focus on protecting a company’s borders is no longer adequate. CISO’s must expand focus to include the cyber security & data protection programs of third party providers. We will discuss the challenge of assessing the adequacy of data and cyber security protections provided by third party service providers. 

Brad Keller, Senior Vice President & Program Director, The Santa Fe Group
Jonathan Dambrot, Managing Director, Prevalent Networks

Security Risk Assessments of Third-Party Service Providers

Thursday, February 27, 2014 | 9:20 AM – 10:20 AM | West | Room: 2023
A common method in assessing risk about a third-party and their security practices is to ask them to respond to and complete a questionnaire. There are standard questionnaires available such as the Cloud Control Matrix (CCM) and the Standard Information Gathering (SIG) questionnaires. This P2P session will discuss methods to assess a third-party using questionnaires and security frameworks.

Robert Shullich, Enterprise Security Architect, Tower Group Companies

Information Security Supply Chain - You, Your Partners and Nation States

Thursday, February 27, 2014 | 10:40 AM – 11:40 AM | West | Room: 2023
The interdependency of industry and technology has resulted in general real concern of trusting third parties. This discussion will focus on pragmatic ways leading enterprises are measuring threats; managing and monitoring in an ongoing fashion. Examples of procurement to vertical supply chain awareness will be highlighted.

James DeLuccia, Senior Manager, Advisory Services, Ernst & Young


In light of recent revelations about the roles third parties have played in major security breaches at Target, other retailers and national hotel chains, we're really excited to see this topic breaking through the noise. As our latest BitSight Insight report explains, organizations are suffering from over confidence in their security postures and this is impacting the cyber health of our economy.  We feel that when security risk management becomes a board level topic, organizations are far more prepared to deal with the threats we face.

We look forward to attending this conference and hearing more from our colleagues, customers and prospects about these issues.  Even if you aren't attending RSA, be sure to share your thoughts and observations on this topic in the comment space below!

Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...


3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they...


Cyber Risk Should Be A Growing Concern to the Municipal Bond Market

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers...


Subscribe to get security news and updates in your inbox.