The presentation describes process guidelines and framework for the enterprises’ board of directors and senior management teams to consider when providing oversight, examination and risk management of third-party business relationships in the areas of information technology, systems and cyber security.
The methodology is based on examining third-party vendors against the development of a three-dimensional risk-based model. The final deliverables of the risk impacts, findings, enterprise requirements, and remediation are presented quantitatively.
A number of professional surveys reported that significant data breaches are linked directly or indirectly to third-party access. Outsourcing certain activities to a third-party poses potential risk to the enterprise.