Hi [[ session.user.profile.firstName ]]

How to Develop Effective Information Gathering for Third Parties

Two-thirds of data breaches occur due to an insecure or poorly managed third-party relationship. Gaining control over your network of vendors is a critical risk activity. Join Alex Hollis, SureCloud’s GRC Practice Director as he discusses efficient and effective information gathering from third parties.

The session will cover:
•How to evaluate your information needs
•Prioritizing, planning and structuring the information gathering
•Use of categorization, tiering and risk scoring
•Building the question library
•Reducing the manual administrative burden from the system
•Reducing “assessment fatigue” - The human element of answering questions

Alex has over 16 years’ experience in IT, mobile technology and software development. He has spent the last seven years specializing in governance, risk, and compliance (GRC).
Recorded Mar 28 2019 57 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Alex Hollis
Presentation preview: How to Develop Effective Information Gathering for Third Parties

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Are you ready for SMCR? May 21 2019 3:00 pm UTC 90 mins
    SureCloud, Product Director, Alex Brown and Baringa, Senior Managers, Stephen Humphreys and Edouard Bassil
    The Senior Managers and Certification Regime (SMCR) presents some unique challenges to any financial services organization with the focus being on protecting consumers’ interests. With the implementation date set for December 2019, the countdown is on. In this webinar Baringa’s Senior Managers, Stephen Humphreys and Edouard Bassil will be discussing how FCA regulated firms should be preparing before the deadline. SureCloud’s Product Director, Alex Brown, will demonstrate how a suitable solution can operationalize your process and aid your compliance journey.

    The session will address key questions such as:
    •What actually are reasonable steps? Do I need a paper factory?
    •Can I be compliant by implementing a few new templates and input from a few people part-time?
    •Where are my biggest implementation risks? What might I get wrong?
    •How do I get value from the regime and my implementation approach?
  • Hacking Humans: Exploring Social Engineering as an Attacker and a Defender Apr 30 2019 3:00 pm UTC 60 mins
    Luke Potter, Operations Director (Cybersecurity), SureCloud
    Currently, 75% of cyber-attacks start with social engineering. It is this part of penetration testing that centers around manipulation and deception, rather than trying to outsmart a machine. It is just as crucial to improve an organization’s security posture as it is to probe a network for vulnerabilities. But what does it look like in practice?

    Join SureCloud’s Operations Director (Cybersecurity), Luke Potter, as he discusses his research into social-engineering techniques.

    This session will cover:
    • Defining social engineering
    • Best lines of defense against a human pentest attack
    • The psychology behind influence and persuasion
  • How to Develop Effective Information Gathering for Third Parties Recorded: Mar 28 2019 57 mins
    Alex Hollis
    Two-thirds of data breaches occur due to an insecure or poorly managed third-party relationship. Gaining control over your network of vendors is a critical risk activity. Join Alex Hollis, SureCloud’s GRC Practice Director as he discusses efficient and effective information gathering from third parties.

    The session will cover:
    •How to evaluate your information needs
    •Prioritizing, planning and structuring the information gathering
    •Use of categorization, tiering and risk scoring
    •Building the question library
    •Reducing the manual administrative burden from the system
    •Reducing “assessment fatigue” - The human element of answering questions

    Alex has over 16 years’ experience in IT, mobile technology and software development. He has spent the last seven years specializing in governance, risk, and compliance (GRC).
  • Everything You Need To Know About OWASP SAMM 2.0 Recorded: Feb 28 2019 25 mins
    Cybersecurity Practice Manager, Chris Cooper
    The Open Web Application Security Project (OWASP) is developing version 2.0 of their Software Assurance Maturity Model (aka SAMM), and Chris Cooper, SureCloud’s Cybersecurity Practice Manager is part of the team currently working on the core model, with a focus around the new ‘Implementation’ business practice. In this webinar, Chris will be discussing the history of SAMM, evaluating the version 2.0 core model from a technical perspective, and the process that the SAMM team are undertaking.

    The session will cover:
    •Why SAMM 2.0 is being introduced
    •The innovative ways in which SAMM 2.0 is being created
    •How SAMM is modernizing its recommendations on how organizations build and deploy software
    •How to harness SAMM to conduct penetration testing in a more mature way
    •Some of the feedback that OWASP SAMM team has received from the version 2.0 beta

    Chris Cooper is a Tigerscheme Senior Security Tester (Web Apps) and a CHECK Team Leader.
  • Cybersecurity Attacks that will Actually Lead to a Compromise Recorded: Jan 15 2019 67 mins
    Luke Potter, Cybersecurity Practice Director, SureCloud
    Vulnerabilities exist in every system, and for some, the impact of an attack could be catastrophic, even business-ending. Often, these incidents are the result of a vulnerability that could be identified in a penetration test.

    In this webinar SureCloud’s Cybersecurity Practice Director, expert Penetration Tester, Luke Potter will discuss some of the real-life cyber-attacks his team has conducted including the work they have done with the BBC, Daily Mail, and Which? Magazine.

    The session will cover:
    •Targeted Phishing attacks
    •IoT and ‘Smart’ devices
    •Physical attacks including Social Engineering
    •Use of OSINT Techniques to Compromise Organisations
    •Password Analysis

    Luke Potter is a CHECK team leader, Tiger Scheme senior security tester, ISO 27001 lead auditor and Microsoft Certified enterprise administrator.
  • How to integrate Business Risk and IT Risk Recorded: Nov 27 2018 49 mins
    Alex Hollis, GRC Practice Director SureCloud
    ****PLEASE NOTE THIS IS A RESCHEDULE OF THE WEBINAR ORIGINALLY SET FOR 14TH NOV.****

    Many governance, risk, and compliance (GRC) projects fail because they’re deployed to support a specific compliance need or to meet the requirements of a specific department. In this webinar, SureCloud’s GRC Practice Director will discuss taking an integrated Risk Management approach, connecting Business Risk and IT Risk.

    The session will cover:

    • The challenges Integrated Risk Management (IRM) causes
    • Outlining how operational and IT Risk must work together
    • An approach for creating a model within your own business with the right GRC technology
    • The benefits of integration for internal communication and the relationships within your business
  • Ask the Expert: Penetration Testing Recorded: Jun 7 2018 11 mins
    Luke Potter, Cybersecurity Practice Director
    SureCloud's Cybersecurity Practise Director talks avoiding the pain of managing penetration test outputs in static PDF documents. Effective management of penetration test remediation activities. Demonstration of improvement and benefit following penetration test delivery. Why a better approach is needed to penetration test, specifically running it ‘as a service’ based engagement. Tracking, trending and analyzing data between multiple testing projects.
  • GDPR Compliance - What should organisations be doing now? Recorded: Apr 25 2018 46 mins
    SureCloud CEO Richard Hibbert and COO Nick Rafferty
    Key takeaways

    • Key concepts and obligations
    • Principles of data processing and transparency
    • What organisations need to do to prepare for the GDPR?
    • What organisations need to do to implement a GDPR Compliance Program

    We will also provide a demonstration of SureCloud GDPR Suite that help organisations to achieve and maintain compliance with the regulation.
  • Got budget? Building the business case for your 2018 GDPR project Recorded: Nov 16 2017 45 mins
    Terry Blake, SureCloud, Nick Rafferty, SureCloud, Michael Rasmussen, GRC 20/20
    The deadline to comply with the European Union General Data Protection Regulation is May 25, 2018. Non-compliance could result in hefty fines to your company and impact your ability to do business in the EU. With calendar year budget planning now underway, this webinar will help you build the case to fund your GDPR project and gain alignment within your organization. You'll also get a demo of the Cloud-based SureCloud GDPR Suite. Deadline-driven demand will surely drive costs up so the time to act is now to secure both your funding and resources.
  • GDPR - How to embrace PCI’s big brother Recorded: Aug 23 2017 44 mins
    Chief Operations Officer, Nick Rafferty & Head of GRC, Oliver Vistisen
    If your organization stores, processes and transmits cardholder data, PCI’s big brother - the EU General Data Protection Regulation - could affect your ability to do business in the EU.

    Impacted PCI US companies may have EU residents as employees or customers.

    The GDPR has become a primary item on most organizations' agenda this past year, yet a disproportionate amount of focus has fallen on the fines that are set to come in force May 25, 2018.

    We want to take a more optimistic look at the regulation, why it came to be and how it can be a massive opportunity to strengthen your reputation and (re)gain customer confidence. We will also look at how the implementation and ongoing maintenance of compliance can be addressed through an analytical approach to the Articles themselves; the rules of the regulation.

    What attendees will learn:
    • How US ecommerce and other companies involved in payment card transactions can be impacted by the GDPR.
    • Why the world’s most valuable resource is no longer oil, but data.
    • Why the GDPR is far more than a simple check-box compliance exercise.
    •Why the GDPR is a massive opportunity in disguise for organizations who take it seriously.
    •How the GDPR aims to change company culture by turning risk assessments on their head.
    •An analytical breakdown of the GDPR Articles that uncovers those that are applicable to your organization, and how to tackle these through a risk based approach.
    •Key areas of focus for any GDPR program based on personal and client feedback.
    •How to effectively implement GDPR by expanding upon existing compliance programs and management systems (ISO 27001).
  • Let the countdown begin: What does the GDPR mean for US companies? Recorded: May 25 2017 60 mins
    Stephen Bailey, Head of Privacy at NCC Group, Terry Blake, SureCloud EVP – North America, and Nick Rafferty, SureCloud COO.
    Exactly one year from the date of this webinar, the General Data Protection Regulation will take effect in the European Union. The GDPR applies to any organization that stores, processes or transfers the personal data of residents within the EU. It includes organizations located in and outside the EU. Non-compliance can result in fines of more than $20 million or 4% of worldwide revenues, whichever is greater. A recent survey found an alarming percentage of US-based companies are planning to reduce their presence in Europe or exit the European Union altogether rather than deal with the GDPR. Instead of tossing up their hands over the GDPR and going home, strategic US companies can follow the defined steps and adopt software solutions that can bring certainty to these uncertain times. In fact, they see another company’s exit from the EU as a potential opportunity to gain share. The good news is that you’re not too late in getting started to meet the GDPR deadline. But as the countdown begins, urgency escalates. The time to act is now.

    In this webinar, you will learn:
    What the GDPR means for you
    How to get started on your journey to compliance
    How the SureCloud GDPR Applications Suite can help you gain and demonstrate compliance and continuously improve your performance

    Agenda includes plenty of time to address your questions.
  • Third Party Risk: Gaining certainty amid a web of global relationships Recorded: Apr 6 2017 56 mins
    Michael Rasmussen, GRC Analyst at GRC 20/20 and SureCloud's COO, Nick Rafferty
    In today’s interconnected world, organizations struggle to adequately govern risk in third party business relationships. Over half of the organization’s insiders are no longer traditional employees. Insiders now include suppliers, vendors, outsourcers, service providers, contractors, subcontractors, consultants, temporary workers, agents, brokers, dealers, intermediaries, and more. Third party problems are the organization’s problems that directly impact brand, reputation, compliance, strategy, and risk to the organization.

    Join Michael Rasmussen, The GRC Pundit of GRC 20/20, and Nick Rafferty, SureCloud COO, to get an expert view of the challenges companies face and how to gain certainty amid an uncertain web of complex, global relationships.

    In this webinar you will learn:

    Why fragmented approaches to third party governance are doomed to fail
    How inadequate resources can’t keep up with growing risk and regulations
    How document, spreadsheet and email-centric approaches lack current-state analyses and audit trails
    Amid a challenging environment, what to do today by defining a strategy and adopting a single-version-of-the-truth software solution.
    How SureCloud's unique GRC Platform and its Third Party Risk Manager Application can strengthen your assessment process

    Agenda includes plenty of time to address your questions.
  • Data Transfers under the EU GDPR - do you need to comply? Recorded: Mar 15 2017 60 mins
    GDPR Expert at White & Case LLP, Tim Hickman and CEO Richard Hibbert at SureCloud
    Many organisations transfer personal data across borders to both EU and non-EU recipients. The EU General Data Protection Regulation (“GDPR”) imposes strict rules about how such data should be transferred, and applies to many unsuspecting non-EU organisations.

    Join Tim Hickman, GDPR Expert at White & Case LLP and Richard Hibbert, SureCloud CEO, to get the legal perspective on personal data transfers under the GDPR, and practical guidance on how this issue affects your business.

    In this webinar we will:

    Explain what constitutes a data transfer (you may be surprised).

    Identify the different types of data transfer (e.g., internal transfers within a corporate group; external transfers to service providers; etc.) and examine the implications for businesses.

    Examine the pros and cons of each data transfer mechanism (example consent, adequacy, Model Clauses, Binding Corporate Rules, etc.).

    Provide hints and tips on how organisations can prepare for data transfers under the EU GDPR.

    Discuss how SureCloud GDPR Suite can help you achieve compliance with data transfer regulations
  • Ready for GDPR? Learn about challenges and ways to comply Recorded: Feb 1 2017 45 mins
    CEO Richard Hibbert & Head of Products, Oliver Vistisen
    The GDPR comes into force 25 May 2018 and this will have a significant impact on the way in which organisations collect, process and share data. Companies that fail to prepare for the GDPR risk incurring hefty fines of 20m euros or 4% of world-wide revenues, whichever is greatest. As such all organisations need a strategy for GDPR. By implementing a structured approach through the use of cloud-based applications, organisations will be able to effectively achieve and maintain compliance.

    In this webinar we will: explore the key provisions of GDPR, examine the challenges organisations are facing with the new rules, provide guidance for Risk Managers, Compliance Leaders and other IT Professionals on how to approach these challenges, then demonstrate how our cloud-based GDPR Applications Suite can provide effective solutions that ensure your business can achieve and maintain compliance.
  • What is Ransomware and why it's time to simulate an attack? Recorded: Jan 31 2017 35 mins
    Luke Potter (Security Practice Director) & Elliott Thompson (Security Consultant)
    Learn how to detect, prevent and mitigate ransomware attacks. Our experts will cover: the current mitigation strategies, how they are bypassed and why, how attackers perform directly targeted attacks and why it's time for organisations to simulate their own attacks.
  • [Cybersecurity] Our Indigenous Apps: Securing Critical Business Data Recorded: Dec 6 2016 29 mins
    Senior Security Consultant, Christopher Cooper
    Despite the rise of the cloud and increased reliance on web applications, native desktop applications are still highly relevant and often the delivery method of choice in enterprise IT. As penetration testers, we still see a number of very poorly architected native applications being used to protect extremely sensitive information.

    This webcast will discuss some of the core issues relating to native desktop applications, why they are so frequent, and the severe impact that their insecurity can cause.

    In the 2017 threat landscape, we propose that these flaws are not going away, and the industry isn't currently in a position to help developers resolve them effectively.
  • [Security Strategy] Risk Manager for IRAM2 Application Recorded: Nov 17 2016 46 mins
    COO, Nick Rafferty & Head of Products, Oliver Vistisen
    SureCloud has worked with key ISF community members to develop an application (Risk Manager for IRAM2) that helps to consolidate the IRAM2 risk assessment process.

    This application complements the ISF's world class methodology that help risk practitioners as well as other business and technology leaders to apply a simple, practical, rigorous approach to managing risks.
  • Policy-driven, Risk-based Security Recorded: May 11 2016 19 mins
    Audrey Gilchrist - GRC Team Leader at SureCloud and Amanda Ewing - Security Assurance Manager at Dentsu Aegis Network
    Policy is the corner stone of any risk-based security programme. Policies are put in place not only to govern the way organisations operate, but also to mitigate risks, and as such require board level backing and sign-off. Yet when it comes to security programmes information risk, both internally and externally, is often presented in terms un-meaningful to the board of directors. Using real world example, this session will present a model for effective risk-based security that engages senior executives.
  • The Evolution of the Penetration Test Recorded: Apr 12 2016 23 mins
    Toby Scott-Jackson, Principle Security Consultant, SureCloud and Chris Cooper, Senior Security Consultant, SureCloud
    The confluence of sophisticated cyber criminals, white hats and technological change means organisations are increasingly exposed to weaknesses and vulnerabilities in their networks, devices and applications.

    With a combination of expert security commentary and vulnerability trends, SureCloud will reveal the sophisticated nature of the latest attacks and what the future may hold. We will focus on modern exploits that go beyond the typical network and web application attack vectors.

    SureCloud will describe how organisations need to change their attitudes to security testing, considering the frequency and scope of assessments, and act on results in a timelier manner.
  • Internal Audit at a Breaking Point: How to Manage the Growing Array of Audits Recorded: Dec 15 2015 47 mins
    GRC Analyst Michael Rasmussen, GRC 20/20 accompanied by Nick Rafferty, COO, SureCloud
    Internal audit is in a constant state of transformation. Audit departments are being asked to do more audits, provide assurance on business operations and risk management, evaluate compliance, and advise the organisation with limited audit resources.

    They are challenged with a growing array of audits that go beyond financial audits to provide assurance through IT audits, operational audits, quality assurance audits, third party audits, and more. This demands that Audit have processes supported by an information and technology architecture that drives efficiency, effectiveness, and agility in audit processes and tasks.


    This webinar details how organisations need to take an agile approach to internal audit management that allows for a growing array of audits on an agile information and technology architecture to support internal audit management activities and reporting.

    This ‘Expert’ presentation will address the following:

    • Where and how internal audit is strained
    • How to integrate a risk-based approach to audits as well as a cyclical audit plan
    • The value of an information and technology audit management architecture
    • Best practices in internal audit management
Simple Solutions Delivering Enterprise Outcomes
SureCloud provides Cloud-based GRC Applications and Cybersecurity Services that help our customers achieve an integrated approach to managing their risk, compliance and information security. The SureCloud Platform is simple but powerful technology that gives our customers a single source to view and manage GRC and cybersecurity processes from anywhere in the world. Our customers benefit from automating formerly spreadsheet-driven processes but increasingly from addressing strategic initiatives such as the EU GDPR, ISO 27001, IRAM2, NIST, PCI and others.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How to Develop Effective Information Gathering for Third Parties
  • Live at: Mar 28 2019 4:00 pm
  • Presented by: Alex Hollis
  • From:
Your email has been sent.
or close