The Missing Element in Your Third-Party Security Program

Logo
Presented by

Demi Ben Ari, Dov Goldman

About this talk

Your third-party security program involves 3 stakeholders: the business owner, you as the representative of the security and risk team and the vendor itself. Each party has its own needs, which introduces friction into an already complex process. You can eliminate that friction. By adding context to the relationship, you can align parties on business goals, communicate risk in a language everyone will understand and more easily mitigate that risk. Easily engage with all stakeholders without extensive meetings and without collating lists of vendors and prepping docs on upcoming renewals. Clearly explain the risk to your stakeholders without spewing a firehose of data at them or using overly technical language. Communicate to the vendor the necessary steps to mitigate your risk. Continuously monitor the vendor to ensure it maintains effective controls, staying within your risk tolerance for the relationship.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (23)
Subscribers (2114)
Panorays is dedicated to eliminating third-party cyber risk so that companies worldwide can quickly and securely do business together. We automate, accelerate and scale the third-party security evaluation and management process so you can quickly and easily manage, mitigate and remediate risk, reduce breaches, ensure vendor compliance and improve your security across the board. Join us as we explore the risk inherent to your digital supply chain and discuss the transformation needed for modern day third-party security risk management—from automating security questionnaires, assessing third parties’ external attack surfaces, considering the criticality of the business relationship and more.