Name: TPSRM Fundamentals 2: Best Practices for Third-Party Security Risk Management
Start: 2021-11-17T16:00:00Z
End: 2021-11-17T16:00:51.000Z
Location: BrightTALK
Rating: 4.8

Panorays is dedicated to eliminating third-party cyber risk so that companies worldwide can quickly and securely do business together. We automate, accelerate and scale the third-party security evaluation and management process so you can quickly and easily manage, mitigate and remediate risk, reduce breaches, ensure vendor compliance and improve your security across the board.

Join us as we explore the risk inherent to your digital supply chain and discuss the transformation needed for modern day third-party security risk management—from automating security questionnaires, assessing third parties’ external attack surfaces, considering the criticality of the business relationship and more. 

Revamp your TPRM strategy and streamline your risk management program with an end-to-end process. Our talk will guide you through the steps to take control of your third-party security risk management, enabling you to achieve greater efficiency, cost savings, and enhanced security posture. Gain valuable insights on how to transform your TPRM strategy from chaos to clarity, and optimize your approach to risk management.

From Chaos to Clarity: Streamlining TPRM with an End-to-End Process

Hiring a new vendor is like going on a blind date. The potential reward is great, but so is the risk.
Perhaps they have debt? Or have friends you don't want to be connected to.
Or maybe it will turn into something continuous, lasting and mutually beneficial.

Learn how to build trusting vendor relationships with the help of Panorays.

Vendor Security Risk: A Blind Date Encounter

While third-party SaaS app adoption is a business enabler, everyone is aware that it comes with potential risk. From before the SaaS app’s adoption through to the SaaS app’s use, there should be protocols in place for initial assessment and continuous posture management. In this talk, we will cover: 
- How to run a comprehensive assessment of the SaaS apps you’re evaluating
- Once purchased, how security teams maintain a high level of security hygiene
- Stats from 2022 reports of automated vs. manual assessments

Save your spot and learn how to reap the rewards and minimize the risks when using SaaS Apps.


---
About Adaptive Shield
Adaptive Shield, the leading SaaS Security Posture Management (SSPM) company, enables security teams to maintain a secure SaaS app stack by continuously monitoring SaaS apps, users and their devices, identifying misconfigurations, assessing SaaS-to-SaaS risk and fixing any weakness. Founded by Maor Bin and Jony Shlomoff, Adaptive Shield works with many Fortune 500 enterprises and has been named Gartner® Cool Vendor™ 2022. For more information, visit us at www.adaptive-shield.com or follow us on LinkedIn.

About Panorays 
Panorays is a rapidly growing provider of third-party security risk management software, offered as a SaaS-based platform. The company serves enterprise and mid-market customers primarily in North America, the UK and the EU, and has been adopted by leading banking, insurance, financial services and healthcare organizations, among others. Headquartered in New York and Israel, with offices around the world, Panorays is funded by numerous international investors, including Aleph VC, Oak HC/FT, Greenfield Partners, BlueRed Partners (Singapore), StepStone Group, Moneta VC, Imperva Co-Founder Amichai Shulman and former CEO of Palo Alto Networks Lane Bess. Visit us at www.panorays.com.

Pinpoint Your SaaS App Risks: From Evaluation to Usage

An average organization has 182 vendors that connect to its systems each week.  And each vendor with whom you do business provides threat actors with an extended attack surface - yet another channel to reach your critical systems and customer data.  

While third-party breaches dominate cybersecurity news, 76% of organizations know they urgently need to make TPRM more consistent but 50% say they don’t have the resources or capacity to manage the effort. 

Panorays makes TPRM easy. Panorays automates, accelerates and scales third-party security evaluation and management so you can easily manage, mitigate and remediate risk, minimize breach exposure, ensure compliance and improve your overall security posture..

Join us on June 15 to learn more about:
- Market trends and recent third-party breaches 
- How to improve vendor risk management with less effort 
- Q&A

Join us June 15th to kick off or upgrade your third-party security risk management program.

Better vendor risk management. Less effort. Panorays’ all-in-one TPRM platform.

The “new normal” elicits many different thoughts and emotions about the world that was and the world that is. Along with other upheavals that we’ve experienced over the past year or so are the disastrous effects of numerous far-reaching supply chain breaches and third-party code vulnerabilities. 

SolarWinds, Kaseya, Codecov and Log4j have become household names in the business world, even among non-tech professionals. Unfortunately, we can only expect that list to get longer as we anticipate more similar attacks. How can we learn from these past cyber events and prepare—with the right people, processes, and tools—for what’s yet to come?

Find out: 
• What actually happened with SolarWinds, CodeCov and Log4Shell.
• What you can do to prepare for the next third-party cyber incident.
• The different components of supply chain security in the CI/CD pipeline and how developers can be a part of your security program
• How to take action when a supply chain attack happens, and how to minimize the blast radius.

Get actionable guidance and tips on how to best reduce supply chain risk and contain a breach when it (inevitably) occurs.

Dealing with the “New Normal” of Supply Chain Security Risk

2021 was a peak year for supply chain breaches—as well as vulnerabilities and backdoors in open-source code, software packages and containers. SolarWinds, Kaseya, Codecov, malicious NPM packages, and of course, Log4J are only a partial list of supply chain attacks and open source vulnerabilities that we saw.

What can we learn from past breaches and exploitation of third-party code vulnerabilities to prepare better for the attack vectors, exploitation and breaches we’ll surely see in 2022?
 
Join us as we discuss:
 
- The details of the attack vectors, vulnerabilities, and exploits used in the latest breaches and vulnerabilities, including SolarWinds, CodeCov and Log4Shell
- Third-party security risk and preparing for the next third-party vulnerability or breach
- Actions to take when something like this happens, and how to minimize the blast radius

 
Demi and Lavi will share their experience and expertise, both about how threat actors actually implemented the attack vectors, as well as effective mitigation strategies to reduce third-party risk and contain a breach once it happens. Because as we’ve seen, there’s no question that it will.

It’s Not Only Log4Shell: Handling Third-Party Security Risk

If you are involved with InfoSec, IT risk or digital supply chain management, then you know that the key to minimizing your risk of third-party breaches is to implement a comprehensive and efficient third-party security risk management (TPRSM) process. But what’s the best way to do it?

Demi Ben-Ari and Dov Goldman will continue the series on TPSRM Fundamentals and explain the basics about implementing a rapid and robust third-party security management process. You’ll learn how an automated solution helps you:

- Perform third-party evaluations based on the inherent risk of each relationship
- Achieve visibility into third parties’ security practices
- Identify warning signs of a digital supply chain breach
- Collaborate with third parties to ensure successful remediation 

Find out how automation speeds up your TPSRM process and helps identify and manage third-party security risk.

Automating Your Third Party Security Risk Management Process

Learn how to upgrade your third-party security program by scaling it effectively, continuously monitoring suppliers and ensuring that the program becomes the company-wide standard throughout the relationship lifecycle.

Implement compensating internal controls when your suppliers don’t have or won’t reveal their own
Collaborate with suppliers to ensure success in the remediation process
Create KPIs to help manage, improve the process and demonstrate achievements

Taking Your Third Party Security Program to the Next Level

Many organizations are struggling to keep up with an onslaught of significant regulations like GDPR, CCPA, the New York Shield Act and more. Some of this legislation appears to overlap, while some seems to be contradictory. How can organizations sort out this tangled regulatory web?

Learn more about GDPR, CCPA and regulatory trends.
Discover how to implement best practices for privacy requirements.
Hear about the regulatory challenges that your peers are facing.
Find out how to reduce time and money complying with regulations.

Navigating 2020’s Data Privacy Regulations

Security professionals are responsible for safeguarding company data and assets, but often lack adequate visibility. Learn how to unveil your supply chain’s attack surface.

Techniques to unveil your supply chain’s attack surface
Warning signs of a supply chain breach
Practical strategies to increase the cyber resilience of your supply chain

You’re Bleeding. Exposing the Attack Surface in Your Supply Chain

The security management of your SaaS and cloud providers is an essential element of a company’s cybersecurity strategy. Learn how to accomplish this.

Tiering supplier evaluations based on the inherent risk of each relationship
Creating KPIs to help manage, improve the process and demonstrate achievements
Implementing internal controls when the suppliers don’t have or won’t reveal their own
Collaborating with suppliers to ensure success in the remediation process

The Guide to Managing the Security of Your SaaS and Cloud Providers

Learn how to scale an actionable third-party program, and how that program can provide transparency into your partner’s security while facilitating significant improvements in your company’s cybersecurity posture.

Perform third-party evaluations based on the inherent risk or criticality of each relationship
Achieve transparency into third parties’ security practices
Implement compensating internal controls when the third parties don’t have or will not reveal their own
Collaborate with third parties to ensure success in the remediation process

How to Build a Program to Manage Your Third Parties and Supply Chain

Your third-party security program involves 3 stakeholders: the business owner, you as the representative of the security and risk team and the vendor itself. Each party has its own needs, which introduces friction into an already complex process. You can eliminate that friction. By adding context to the relationship, you can align parties on business goals, communicate risk in a language everyone will understand and more easily mitigate that risk.

Easily engage with all stakeholders without extensive meetings and without collating lists of vendors and prepping docs on upcoming renewals.
Clearly explain the risk to your stakeholders without spewing a firehose of data at them or using overly technical language.
Communicate to the vendor the necessary steps to mitigate your risk.
Continuously monitor the vendor to ensure it maintains effective controls, staying within your risk tolerance for the relationship.

The Missing Element in Your Third-Party Security Program

In today’s dynamic cyber world, third-party security is necessary, but can be challenging to implement. Learn how a leading investment firm succeeded in creating a robust and efficient third-party security process.

The use case for improving third-party security management.
Defining the process, roles and technologies to achieve cross-team collaboration.
The journey to a mature program and overcoming speed bumps along the way.

Improving 3P Security Management: A Case Study with CAPTRUST

We can all agree that trying to predict a massive security breach like what happened with the IT management company SolarWinds, one of the most significant supply chain attacks in recent history, is impossible.

However, we need to have a game plan for WSHTF. Doing so helps us better understand the steps to take, conduct proper risk management and remediation, and prepare a “kill-switch” to isolate the problem.

How can this be achieved?

In this webinar, we’ll discuss how to:

Gain visibility of your company assets
Achieve control of your environment
Be informed about your infrastructure 
Understand your supply chain landscape
YOU MAY BE INTERESTED IN

The SolarWinds Breach: Hitting the Kill-Switch During a Supply Chain Attack

If you’re like most organizations, you are highly dependent on third-party vendors to efficiently run your business. On the flip side, vendors present risks which can have serious legal, financial and business repercussions, making vendor risk assessments more essential than ever. But how do you effectively assess hundreds, if not thousands, of vendors?

 

In this webinar, we will walk you through the steps required to reduce third-party cyber risk and understand how automation can expedite this process.

 

You will learn how to:

 

Properly identify and map your vendors according to inherent risk
Accurately assess your vendors’ attack surface
Efficiently review responses to vendor questionnaires and related evidence

How Automation Can Reduce Third-Party Cyber Risk

If you are involved with InfoSec, IT risk or supply chain management, then you know that devastating vendor breaches are making headlines daily—and you don’t want to be the next statistic. The key to minimizing your risk of breaches while saving you time and money is to implement a comprehensive and efficient third-party security risk management (TPSRM) process. So how do you get started?

Join Demi Ben-Ari and Dov Goldman in this new series on TPSRM Fundamentals to learn the key elements of third-party security management, including:

- How to conduct a third-party risk assessment
- How to assess inherent and residual risk
- Why you must consider control frameworks, standards, and regulations
- The importance of security questionnaires

Get informed and start creating the foundation for improved security for your organization!

TPSRM Fundamentals 1: Making Sense of Third-Party Security Risk Management

If you are involved with InfoSec, IT risk or supply chain management, then you know that the key to minimizing your risk of third-party breaches is to implement a comprehensive and efficient third-party security risk management (TPRSM) process. You might even know some of the basics of risk assessments, but you’re not sure how to take that knowledge to the next level. What are your next steps?

Demi Ben-Ari and Dov Goldman will show you the ins and outs of third-party security risk management in this second webinar of the TPSRM Fundamentals series.

Here’s what you’ll learn: 
- How to create security questionnaires that consider inherent risk
- How to scope questionnaires according to activity, control mapping and the standards of control sets
- How automation helps with third-party security risk management

Learn the ropes and start building a TPSRM program for your organization.

TPSRM Fundamentals 2: Best Practices for Third-Party Security Risk Management

tprsm

Supply Chain

Information Security

third party risk security

third party security

Vendor Resiliency

Cyber Security

third party risk

IT Security

Risk Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

TPSRM Fundamentals 2: Best Practices for Third-Party Security Risk Management

Presented by

About this talk

More from this channel