Most organizations are adept at identifying risks. Where they fall short is in vendor identification, tracking, and follow-up.
This webinar, “Vendor Management: Elements of an Effective Operation,” will bridge the gap by sharing the key elements of Change Healthcare’s successful vendor assessment program. Specifically, you’ll learn:
• Eight factors for identifying vendors
• An approach for categorizing vendors
• Questions to ask for improved assessments
• Response plans for risk recognition
• How to eliminate third-party reports and unnecessary controls
How effective is your operation in managing its vendors? Learn what you can improve on in this webinar led by Chris Gorsuch, Vendor Security Lead, Change Healthcare
Among the top challenges lenders face today is the need to meet higher expectations set by the OCC and the Federal Reserve governing the use of third-party vendors. While the guidelines were released over a year ago, there is still confusion about what institutions should be doing.
One thing, however, is certain. Effective vendor management takes resources, and many institutions are finding it necessary to add staff and/or technology to help with the cause, particularly smaller institutions. The regulators have made it clear, vendor management is not just a one-time assessment, but is an ongoing process, and monitoring vendors long term is as important as the initial due diligence.
EDR is pleased to host a webinar on this timely topic on Wednesday, August 12, 2015 at 2:00 p.m. EST. Scott Roller, former head of vendor management at Citigroup, will provide clarity on the new regulations and help break down regulator expectations into easy-to-understand terms. Roller will explore key dimensions that attendees can use as the foundation for building out their own robust vendor management oversight program, from initial vendor risk classification all the way through ensuring adequate executive engagement in vendor management.
Attendees will learn best practices for satisfying regulators with this educational workshop, including answers to the following:
• What does the latest regulatory guidance on vendor management require?
• What are the biggest headaches banks are facing in complying with them?
• What advice is recommended for smaller banks struggling with limited manpower/resources?
• What are bank examiners looking for during audits?
• What are the latest best practices for policies and procedures?
• How are banks coping with the need to track and monitor vendors?
• What are the most common shortcomings that audits reveal?
Attendees will also receive a free copy of a white paper on vendor oversight and the cost of compliance.
Do you struggle with truly understanding your risk with your vendors? Are you relying solely on static, self-assessments to understand vendor risk? This can put your company at a greater level of exposure. Join Verterim's Jennifer Anderson and Jeff Avery with BitSight Technology's Ben Fagan BrightTalk for an informative discussion on the changes in vendor management programs and a demonstration of the BitSight and Archer Integration. Our plug and play BitSight - RSA Archer integration provides dynamic risk information to augment your existing vendor assessment process, pointing you to specific areas that may be at risk, reducing your time on vendor risk analysis and proactively alerting you to potential issues real time.Read more >
You can source your processes, but you own the risk. How well are you managing your third parties and supply chain? Are you able to understand changes in your vendors' security status dynamically? We invite you to attend our webinar to see our RSA Archer and BitSight integration. Using these two systems, see how we bring qualitative and quantitative risk information together for a more comprehensive and holistic view of your vendors.Read more >
Grades are familiar to us. They’re a useful referencing tool. Remember how nervous you were in high school when your final grades came in? Why not apply this methodology to performing easy-to-understand comparisons among your portfolio of vendors?
This got me thinking about the importance of a grading system and the impact on the growing trend in businesses becoming more reliant on working with your third party vendors.
That's why SAI Global teamed up with SecurityScorecard and to share with you our combined automated assessment and risk scoring platform during a powerful webinar on Tuesday, March 13 at 2:00pm EST.
Enroll now to accelerate your current Vendor Risk Management program or if you’re tired of manually entering data into spreadsheets.
Enterprises are becoming increasingly cognizant of the massive business risk posed by incidents of cyber attacks resulting in data breaches. Less well-known, and perhaps more potent a threat, is the danger posed by third-party vendors entrusted with sensitive data in the course of a business partnership. While an enterprise can have the best and most resilient internal IT practices, there are no such guarantees their external partners will take the same care. The consequences can be enormous.
The UpGuard Cyber Risk Team has made it its mission to find data exposures where they exist, aiding in securing them against malicious use and raising public awareness about the issues driving cyber risk today. In this talk, UpGuard CEO Mike Baukes will discuss how third-party vendor risk has proven a potent and pervasive threat in the digital landscape of 2017, as illustrated by a newly discovered third-party vendor data exposure case involving the leaking of sensitive data from major transnational corporations.
Learn how you can mitigate such third-party vendor risk and begin to evaluate and enforce your business partners’ cyber resilience against such threats.
Many of the largest and most well known breaches are cases of third party information exposure.
One of the largest leaks of all time was discovered when an RNC vendor, Data Root Analytics, exposed 198 million voter records, including personal details, voter information, and predictively modeled attributes such as race and religion.
Outsourced information work is crucial for organizations to scale and remain competitive, but it should be done with careful forethought to the risks the company faces should that information be compromised.
In this webinar you will learn:
- Why cybersecurity is dead
- How to mitigate cyber risk in a cost effective way
- How vendor risk becomes your risk
- Steps to become cyber resilient
- How to measure success on your path towards cyber resilience
Vendors are essential to your company's success; however, they also add a layer of risk. A data breach is often traced to a service provider. A supplier botches a shipment and upsets a key customer. For risk challenges with vendors, the answer is proactive vendor risk management. In this webinar, you'll learn the roadmap to smarter vendor risk management, including:
· Guidance on managing collected vendor data
· Time-saving features with assessments
· Tips on spotting trends and high-risk vendors
· Pros and cons of continuous monitoring
· Impact of vendor risk on operational risk
Don't wait for an incident or a high-level exec questioning your vendor risk management processes to get smarter about vendor risk management. Learn smart strategies for the road ahead in VRM. Register for this webinar.
Unless you have been hiding under a rock for over a year, you and your peers have realized that Third-Party Risk is a major component of overall risk management and security programs. In this webinar you will hear the top lessons learned from SAI Global’s years of implementing IT vendor risk programs, as well as helpful examples from Rich Licato and Airlines Reporting Corporation (ARC). By sharing these experiences you can discover how to implement a world-class vendor management program and gain insights from professionals that have actually been there and done it!Read more >
In this webinar, LockPath's Sam Abadir answers 5 questions on the road to reaching an effective vendor risk management program:
• What encompasses Vendor Risk Management?
• Who needs to know about Vendor Risk Management?
• How does someone approach building a VRM program?
• What does that approach look like today?
• What will that approach look like in the future?
Sometimes your biggest security challenge is the vendors who are unknown to the risk management team.
Traditionally, in order to determine vendors an enterprise is engaged with, it required working with procurement and surveying various departments and individuals.
It’s a time-consuming process that is prone to errors, oversights, and doesn’t account for the many “shadow” vendor relationships that may exist. Even when the vendor is known, in order to determine their level of security you had to use questionnaires or ask them to install intrusive software on each one of their computers. These methods don’t provide accurate visibility into the vulnerabilities across your entire business ecosystem, are expensive, and labor intensive.
In this 30 minute webinar, Bennett Morrison, VP of Product and Nikon Rasumov, Director of Product, introduces Automatic Vendor Detection (AVD™), a SecurityScorecard module that discovers vendors and their security posture throughout an organization's business ecosystem.
You will learn how:
+ Third and fourth party vendor weaknesses are exploited to obtain your organizational data
+ Challenges of determining your third and fourth party relationships throughout an enterprise
+ Standard vendor identification methods fail to provide an accurate ongoing assessment of third and fourth party risk
+ Leveraging AVD will uncover risks previously unknown to the risk management team
+ AVD automatically detects and determines vendors part of your business ecosystem
Over the past few years, outsourcing business functions to vendors has been on the rise. In fact, there are more third-party relationships today than ever before. However, as the number of supplier relationships grows, so grows the amount of risk those suppliers pose. And in today’s hyper-connected landscape, cyber risk has taken center stage when it comes to vendor risk.
Join former CIO, Kevin Roden, and BitSight’s Senior Customer Success Manager, Julia Grunewald, on Wednesday, February 22nd at 1pm ET, as they discuss traditional and emerging vendor risk management (VRM) tactics.
In this webinar you’ll learn:
- How VRM has traditionally been handled
- Why traditional strategies alone aren’t enough
- Advice on how to effectively and efficiently mitigate cyber risk
Third party vendors and digitally connected supply chains provide significant operational and cost efficiencies. But they also expose businesses to significant data security risk as sensitive data leaves your protected network. A recent report revealed more than 60% of all data breaches were from third-party vendors.
In this webinar, supply-chain security expert Mitch Greenfield will walk you through a 5-step process to reduce your supply chain risk, improve vendor compliance, and make informed decisions about your vendor network. Learn how to:
- Ask the right questions when assessing supplier risk
- Manage and securely distribute vendor risk assessments
- Automate vendor risk scoring to eliminate human error
- Create reports to meet compliance and stakeholder requirements (CISO, C-Suite, Board, Auditor)
- Schedule periodic re-assessment based on a vendor's risk profile and criticality to the business
With so many moving parts pushing an organization forward, companies today must know who has access to their data—making vendor risk management (VRM) a critical business practice. Unfortunately, not all organizations have the resources to staff full-time vendor risk managers. Security professionals now must wear multiple hats in order to reduce operating risk for their organizations. Even if vendor risk management isn’t a primary focus, there are techniques and tools security professionals can implement to make it an efficient and valuable process for your company.
In this webinar, join Andrew Calo, Manager of Technology Risk at BitSight as he offers tips and techniques to efficiently manage and assess vendor risk. Attendees will learn about:
-Basic questions you need to ask all vendors
-The top risk vectors and configurations to look at it
-The value and impact of continuous risk monitoring software
Keylight from Lockpath empowers you to manage the entire third-party lifecycle in one platform.Read more >
Two out of three companies rely on third party vendors for business critical and day to day operations. Vendors of various types such as consulting, business partners, supply chains, and contractors have legitimate user accounts and access to key organizational resources. Join Rick Holland, Principal Analyst, Forrester Research and Ryan Stolte, CTO and Founder, Bay Dynamics for a live webinar on Tuesday, November 3, 2015 at 10:00 am PT/1:00 pm ET, as they use real world examples and specific use cases to provide more insight into:
•How vendors are increasingly being used as attack vectors by cyber criminals
•Challenges in measuring and gaining visibility into vendor risk
•How to protect your organization from vendor risk
Outsourcing shifts the burden to mitigate risk to the vendor. But, it does not shift the impact of the risk. Your company’s reputation and its’ customers can be negatively impacted when your vendor experiences failure.
This presentation discusses how to formulate a vendor resiliency strategy. And, will equip participants with practical solutions for effectively, as well as efficiently, assessing the business continuity risk exposures introduced by outsourcing business functions
How do organizations assess and manage the security risk by their vendors and suppliers? What kind of programs to organizations have in place to manage risk, and how mature are these programs?
In this webinar, Stephen Boyer, CTO and CoFounder of BitSight and Joyce Chutchian, Senior Managing Editor, IDG Enterprise discuss recent survey data on the maturity of vendor risk management programs. This presentation will provide an in-depth analysis of which methods are being used by organizations in order to mitigate third party risk.
Attendees will also learn:
- Why vendor risk management is becoming a standard business practice
- About the challenges organizations face in building a formalized vendor risk program
- How continuous monitoring solutions and security ratings can help bolster vendor risk management programs
Recent high profile data breaches have made it obvious that organizations often underestimate the risk their vendors present, and struggle to evaluate third party cyber risk.
In this webinar Mike Rothman, Analyst & President of Securosis, and Tom Turner, President and COO of BitSight describe how organizations can build a systematic means to evaluate their IT risk presented by business partners and vendors.
Viewers will learn about:
- Understanding Third Party IT Risk
- Structuring Vendor Risk Management Programs
- Evaluating Vendor Risk
- Ongoing Vendor Monitoring and Communication