Among the top challenges lenders face today is the need to meet higher expectations set by the OCC and the Federal Reserve governing the use of third-party vendors. While the guidelines were released over a year ago, there is still confusion about what institutions should be doing.
One thing, however, is certain. Effective vendor management takes resources, and many institutions are finding it necessary to add staff and/or technology to help with the cause, particularly smaller institutions. The regulators have made it clear, vendor management is not just a one-time assessment, but is an ongoing process, and monitoring vendors long term is as important as the initial due diligence.
EDR is pleased to host a webinar on this timely topic on Wednesday, August 12, 2015 at 2:00 p.m. EST. Scott Roller, former head of vendor management at Citigroup, will provide clarity on the new regulations and help break down regulator expectations into easy-to-understand terms. Roller will explore key dimensions that attendees can use as the foundation for building out their own robust vendor management oversight program, from initial vendor risk classification all the way through ensuring adequate executive engagement in vendor management.
Attendees will learn best practices for satisfying regulators with this educational workshop, including answers to the following:
• What does the latest regulatory guidance on vendor management require?
• What are the biggest headaches banks are facing in complying with them?
• What advice is recommended for smaller banks struggling with limited manpower/resources?
• What are bank examiners looking for during audits?
• What are the latest best practices for policies and procedures?
• How are banks coping with the need to track and monitor vendors?
• What are the most common shortcomings that audits reveal?
Attendees will also receive a free copy of a white paper on vendor oversight and the cost of compliance.
Many of the largest and most well known breaches are cases of third party information exposure.
One of the largest leaks of all time was discovered when an RNC vendor, Data Root Analytics, exposed 198 million voter records, including personal details, voter information, and predictively modeled attributes such as race and religion.
Outsourced information work is crucial for organizations to scale and remain competitive, but it should be done with careful forethought to the risks the company faces should that information be compromised.
In this webinar you will learn:
- Why cybersecurity is dead
- How to mitigate cyber risk in a cost effective way
- How vendor risk becomes your risk
- Steps to become cyber resilient
- How to measure success on your path towards cyber resilience
Unless you have been hiding under a rock for over a year, you and your peers have realized that Third-Party Risk is a major component of overall risk management and security programs. In this webinar you will hear the top lessons learned from SAI Global’s years of implementing IT vendor risk programs, as well as helpful examples from Rich Licato and Airlines Reporting Corporation (ARC). By sharing these experiences you can discover how to implement a world-class vendor management program and gain insights from professionals that have actually been there and done it!Read more >
Sometimes your biggest security challenge is the vendors who are unknown to the risk management team.
Traditionally, in order to determine vendors an enterprise is engaged with, it required working with procurement and surveying various departments and individuals.
It’s a time-consuming process that is prone to errors, oversights, and doesn’t account for the many “shadow” vendor relationships that may exist. Even when the vendor is known, in order to determine their level of security you had to use questionnaires or ask them to install intrusive software on each one of their computers. These methods don’t provide accurate visibility into the vulnerabilities across your entire business ecosystem, are expensive, and labor intensive.
In this 30 minute webinar, Bennett Morrison, VP of Product and Nikon Rasumov, Director of Product, introduces Automatic Vendor Detection (AVD™), a SecurityScorecard module that discovers vendors and their security posture throughout an organization's business ecosystem.
You will learn how:
+ Third and fourth party vendor weaknesses are exploited to obtain your organizational data
+ Challenges of determining your third and fourth party relationships throughout an enterprise
+ Standard vendor identification methods fail to provide an accurate ongoing assessment of third and fourth party risk
+ Leveraging AVD will uncover risks previously unknown to the risk management team
+ AVD automatically detects and determines vendors part of your business ecosystem
Over the past few years, outsourcing business functions to vendors has been on the rise. In fact, there are more third-party relationships today than ever before. However, as the number of supplier relationships grows, so grows the amount of risk those suppliers pose. And in today’s hyper-connected landscape, cyber risk has taken center stage when it comes to vendor risk.
Join former CIO, Kevin Roden, and BitSight’s Senior Customer Success Manager, Julia Grunewald, on Wednesday, February 22nd at 1pm ET, as they discuss traditional and emerging vendor risk management (VRM) tactics.
In this webinar you’ll learn:
- How VRM has traditionally been handled
- Why traditional strategies alone aren’t enough
- Advice on how to effectively and efficiently mitigate cyber risk
Third party vendors and digitally connected supply chains provide significant operational and cost efficiencies. But they also expose businesses to significant data security risk as sensitive data leaves your protected network. A recent report revealed more than 60% of all data breaches were from third-party vendors.
In this webinar, supply-chain security expert Mitch Greenfield will walk you through a 5-step process to reduce your supply chain risk, improve vendor compliance, and make informed decisions about your vendor network. Learn how to:
- Ask the right questions when assessing supplier risk
- Manage and securely distribute vendor risk assessments
- Automate vendor risk scoring to eliminate human error
- Create reports to meet compliance and stakeholder requirements (CISO, C-Suite, Board, Auditor)
- Schedule periodic re-assessment based on a vendor's risk profile and criticality to the business
With so many moving parts pushing an organization forward, companies today must know who has access to their data—making vendor risk management (VRM) a critical business practice. Unfortunately, not all organizations have the resources to staff full-time vendor risk managers. Security professionals now must wear multiple hats in order to reduce operating risk for their organizations. Even if vendor risk management isn’t a primary focus, there are techniques and tools security professionals can implement to make it an efficient and valuable process for your company.
In this webinar, join Andrew Calo, Manager of Technology Risk at BitSight as he offers tips and techniques to efficiently manage and assess vendor risk. Attendees will learn about:
-Basic questions you need to ask all vendors
-The top risk vectors and configurations to look at it
-The value and impact of continuous risk monitoring software
Two out of three companies rely on third party vendors for business critical and day to day operations. Vendors of various types such as consulting, business partners, supply chains, and contractors have legitimate user accounts and access to key organizational resources. Join Rick Holland, Principal Analyst, Forrester Research and Ryan Stolte, CTO and Founder, Bay Dynamics for a live webinar on Tuesday, November 3, 2015 at 10:00 am PT/1:00 pm ET, as they use real world examples and specific use cases to provide more insight into:
•How vendors are increasingly being used as attack vectors by cyber criminals
•Challenges in measuring and gaining visibility into vendor risk
•How to protect your organization from vendor risk
Outsourcing shifts the burden to mitigate risk to the vendor. But, it does not shift the impact of the risk. Your company’s reputation and its’ customers can be negatively impacted when your vendor experiences failure.
This presentation discusses how to formulate a vendor resiliency strategy. And, will equip participants with practical solutions for effectively, as well as efficiently, assessing the business continuity risk exposures introduced by outsourcing business functions
How do organizations assess and manage the security risk by their vendors and suppliers? What kind of programs to organizations have in place to manage risk, and how mature are these programs?
In this webinar, Stephen Boyer, CTO and CoFounder of BitSight and Joyce Chutchian, Senior Managing Editor, IDG Enterprise discuss recent survey data on the maturity of vendor risk management programs. This presentation will provide an in-depth analysis of which methods are being used by organizations in order to mitigate third party risk.
Attendees will also learn:
- Why vendor risk management is becoming a standard business practice
- About the challenges organizations face in building a formalized vendor risk program
- How continuous monitoring solutions and security ratings can help bolster vendor risk management programs
Recent high profile data breaches have made it obvious that organizations often underestimate the risk their vendors present, and struggle to evaluate third party cyber risk.
In this webinar Mike Rothman, Analyst & President of Securosis, and Tom Turner, President and COO of BitSight describe how organizations can build a systematic means to evaluate their IT risk presented by business partners and vendors.
Viewers will learn about:
- Understanding Third Party IT Risk
- Structuring Vendor Risk Management Programs
- Evaluating Vendor Risk
- Ongoing Vendor Monitoring and Communication
Software vendor audits are on the rise, there is no escaping that fact. The challenge is how to ensure complicance, mitigate the risk the audits bring and better still avoid them altogether. This recorded webcast will give you best practice guidance to do all this.Read more >
We know that the move to SaaS is a daunting prospect for Independent Software Vendors that have traditionally provided their software on-premise. But with continual pressure from end users to consume even their business critical applications via the Cloud, it’s something that should be on the agenda for all ISVs.
During our webinar we will explore the perceived challenges of moving to a SaaS delivery platform and talk through what steps an ISV can take to overcome these. We will be joined by Bob Suter, ISV Business Development Leader at IBM, who will be able to share insight from his extensive experience in helping ISVs make the move to SaaS. Join our webinar to learn about what you need to consider when starting to build your roadmap to SaaS.
Understanding the cybersecurity posture of vendors, suppliers, and third-parties is now a necessity for businesses in all industries. Yet, many businesses do not have a formalized vendor risk management program. There are multiple components needed to create a comprehensive vendor risk management program. These span governance and control, as well as security controls and technology.
Join Jake Olcott, VP at BitSight on February 9 as he highlights best practices and industry standards for vendor risk management programs. Attendees will learn:
- Which frameworks and methodologies can help get you started
- Vital questions you should be asking your vendors
- Why continuous monitoring and verifying vendor security is crucial to mitigate cyber risk
Vendor risk management has long been an area of concern for Financial Institutions. Regulators are now looking for banks to do more and provide a higher level of assurance about the security practices of their vendors. But how? With regulators continuously raising the bar, one thing is clear: the vendor reviews of the past will no longer be sufficient in today's environment.
In this presentation Stephen Boyer, CTO, and Cofounder of BitSight Technologies will explore:
- The evolving regulatory landscape regarding Vendor Risk Management and the practices organizations are adopting to meet these more stringent demands.
- Why continuous monitoring of vendor security performance is both critical and achievable, through the use of data-driven, evidence-based security ratings
- How a global financial services firm is transforming the way they select and interact with vendors and suppliers, detailing their own industry-leading practices in VRM and how the use of security performance ratings is allowing them to harden their extended enterprise.