Are there any good tools that really help to manage third-party risk? Can tools alone solve this problem? What else is required?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Eric Cowperthwaite, vp, identity and access management services, Herjavec Group.
Got feedback? Join the conversation on LinkedIn.
Thanks to this week’s podcast sponsor, Praetorian
On this episode of Defense in Depth, you’ll learn:
- We question if there’s some type of pseudo-protection racket going on with auditors offering to increase vendors’ security scores if they go into business with them.
- The basic model is to help you identify issues and resolve them in order to reduce your risk and protect yourself from certain types of risk.
- While our risk changes on a daily basis, we’re not measuring the risk other 3rd parties may be introducing at the same iteration level. Often it’s only annual which doesn’t coincide with how we measure our own risk.
- As a result, there’s a desire for ongoing real-time assessment of third party risk. CISOs want the depth of an audit combined with real-time monitoring.
- Best of breed approach often introduces new risk at the lines of integration.