Name: Best Practices for Effective Third-Party Security Risk Management
Start: 2023-02-21T16:00:00Z
End: 2023-02-21T17:01:39.000Z
Location: BrightTALK
Rating: 5

Shared Assessments is a global membership organization dedicated to developing the best practices, education, and tools to drive third party risk assurance. We are creators of the industry standard third party risk toolkit, used by over 15,000 organizations worldwide. 

Optimizing Efficiency and Maturation of Strategic Supplier Management Programs

Journey to Standardization

From speculating that vendors have terrifying security posture to guessing that vendors have water-tight security practices, organizations make assumptions around cybersecurity too often. What does the cybersecurity standing between business and their vendors actually look like? In a new study, RiskRecon by Mastercard and Cyentia Institute examine security assessments across more than 50,000 B2B relationships. Through this data, this session will illustrate:
<ul><li>• The likelihood of your firm or a firm you are working being involved in a breach event</li>
<li>• How firms can be exposed to a variety of new security risks via third parties</li>
<li>• The impact of poor assessment practices on your cybersecurity standing</li>

Debunking Vendor Cyber Security Myths

In this session, we will show the ESG SIG product alongside a discussion of use cases, key features and benefits. We will touch on the regulations, standards and frameworks mapped to by the ESG SIG and learn how this solution was made.

ESG SIG Product Launch Webinar

The “cloud-first” strategy at many companies today translates into an ever-increasing number of third-parties, and even greater number of risks. While cybersecurity technology is better than ever, in a world where so much of every business operation is outsourced, your third-parties’ attack surface is your attack surface -- and your existing cyber stack may not help you. This webinar will explore the top 5 tips to effectively scale a third-party cyber risk management program in order to manage the mounting number of third-parties.

Top 5 Tips to Scale Your Third-Party Security Risk Program

We’ll discuss:

• Why ESG matters to third party (and Nth party) risk management
• EU and German Supply Chain Due Diligence Regulations (environment and human rights) and what sets them apart from other ESG regulations
• Newly approved EU Corporate Sustainability Reporting Regulation and SEC Climate Reporting proposal
• ESG and the U.S. 2024 election’s impact on regulations
• ESG Standards consolidation – ISSB
• Proposed New York State Department of Financial Service Guidance for New York State Regulated Banking and Mortgage Institutions Relating to Management of Material Financial Risks from Climate Change and existing Insurance industry guidance
• Bank of England observations on climate related risks

And more!

Diverging Paths In ESG Regulation?

Leveraging third parties can lead to significant efficiencies, but it is not without risk. This session will explore criteria used to establish inherent risk and provide approaches for assessing a critical third-party relationship.

Panelists will share the results of a recent Shared Assessments Critical Third-Party Survey covering TPRM processes including: Risk Tiering Techniques; Inherent Risk Criteria; Critical Third Party Criteria; Number of Critical Third Parties and Assessment Timeframe Approvals. Additionally, panelists will highlight work being done by Shared Assessments members on an Inherent Risk Product.

Note: You can review our Corporate Due Diligence blog and download our responses to regulation enhancements requested by:

• Prudential Regulatory Authority - Operational Resilience: Critical Third Parties to the UK Financial Sector;
• NYS- Department of Financial Services - Cybersecurity Requirements;
• Security Exchange Commission - Rule on Outsourcing by Investment Advisors

Determining the Risk of Critical Third Parties

Shared Assessments has updated and upgraded the 2023 Third Party Risk Management Product Suite to align with a changing regulatory and threat environment. Content has been adjusted to focus on Cybersecurity, Data Governance, Operational Risk, and Resilience. This session includes full details about updates and upgrades to the SIG, SCA, VRMMM, Data Governance Tools, including content organization and updates to industry and regulatory standards.

New 2023 Product Suite: Standardized Excellence To Meet Today’s Risk Environment

The increased focus on efficiency of Third-Party Risk control assessments, performed on vendors and supply chains requires all organizations to improve their use and integration of products, techniques, and technologies. Regulators are increasing their focus on nth parties and recognize the increased need for more collaboration. This webinar will examine the benefits and challenges of using assessment exchanges and seek to provide guidance to organizations using and or considering the use of a TPRM exchange.

Exchange/Assessment Efficency

Your third-party risk management program is on solid footing and bringing in short term success. But how do you keep the momentum going? What does a dynamic, agile program look like? Join Tom Garrubba, Vice President of Shared Assessments, and Alastair Parr, Senior Vice President of Global Products & Services at Prevalent, as they: <p>
<ul><li> • Discuss pragmatic, actionable long-term TPRM program goals</li>
<li> • Review considerations for appropriate resource planning and constraint management</li>
<li> • Show you best practices for business engagement and data collection</li>
<li> • Assess mechanisms for improving vendor interaction</li>
<li> • Explore how to create consistency in metrics for analysis and reporting</li>

The 5 Criteria for Long-Term Third-Party Risk Management Program Success

In third-party risk management, to lower vendor and supplier risks to an acceptable level, practitioners must recognize which controls need to be in place. Understanding the types of vendors being onboarded and their potential inherent risks is key. This webinar will explore strategies for mitigating risk through consideration of crucial factors including location, type of data, and connection to the corporate network.

Third-Party Risk Assessments: Beyond Compliance Checks & IT Risk Management

Vendor onboarding is an essential early step in the third-party risk management lifecycle. What types of risk insights are helpful as you establish approved providers of technology, goods, or services? What should a successful supplier onboarding process look like in your organization? This session, presented by Director, TPRM Professional Services, Echelon Risk + Cyber, and Alastair Parr, Senior Vice President of Global Products & Services at Prevalent, will: <p>
<ul><li>• Identify challenges organizations face when onboarding new suppliers</li>
<li>• Explore the right metrics and risks to consider prior to onboarding a vendor including Cyber, Business, Hack/Breach, Financial, ESG, and Sanctions Intelligence</li>
<li>• Review the opportunities consolidated risk insights provide</li></ul>

The Top 4 Ways to Ease Third-Party Vendor Onboarding In Risk Management

Just as managing the risk of your direct suppliers is critical, understanding the risk of your suppliers' suppliers is imperative. While you may work most directly with secure third-party vendors and platforms, unknown Fourth Parties (vendors of vendors) can cause significant disruptions to your business. How do you manage the threats posed by these Fourth or Nth Parties? Participants will learn practical ways to identify and manage fourth parties through an overview of the tools and techniques experienced risk professionals use to effectively measure and address risk across all levels of the supply chain.

Fourth Parties And Beyond: Managing Risk In The Extended Supply Chain

Join Tom Garrubba and Paul Poh for a lively discussion about innovations that could change the way application developers approach common security pitfalls.

This session will explore application security best practices, and how adherence to these practices can prevent putting company networks, systems, and data at risk.

Innovations In Third Party Risk Processes: Application Security Controls

Modern businesses rely on numerous third parties and their supply chains to keep their businesses running. But many lack robust processes to assess and understand how these supply chains can pose additional risks. Understanding these risks to the supply chain enables businesses to take advantage of tried-and-true strategies that mitigate risk.

This session will feature third-party risk leaders to discuss trends in the supply chain.

Topics to be discussed include:
-Techniques for addressing supply chain risks
-Challenges – global footprint, supply chain complexity, cyber-attacks, regulations…
-Environmental, Social and Governance (ESG) – collaboration opportunities ,etc.
-Integrating and leveraging IT/OT processes, technologies and solutions
-Standardizing due diligence, risk assessments, standards (ISO, ISA 62443, …)
-Improving efficiencies and reducing costs
-Addressing organizational silos, process / technology solution integration, risk mitigation, and communication challenges

Managing Your Supply Chain Risk

Third parties operate globally, in unpredictable landscapes and geographies. As localized geopolitical events emerge, businesses need to react and adjust to ensure resilience of the supply chain and supporting parties.

This session will explore how to:
-Identify third parties impacted by geopolitical events
-Respond to events in a timely and proportionate manner
-Reduce the impact to key business functions

Geopolitical Events & Third Parties: How To React Across The Supply Chain

As more companies incorporate ESG across corporate programs, third party risk managers need to explore how new ESG regulations and standards will impact their third party risk management programs. This session will examine how risk leaders can shift to adopt ESG principles. Panelists will share best practices and emerging research on how to mitigate ESG Risk to ensure due diligence in their third party risk programs.

How Risk Leaders Mitigate ESG Risk In Supply Chains and Expedite Due Diligence

InfoSec, IT risk and digital supply chain management professionals know the key to minimizing the risk of third-party breaches: implementing a comprehensive and efficient third-party security risk management (TPRSM) process. This webinar will explore the challenges surrounding third-party security and provide steps for efficient and effective TPSRM.

This session will cover:

• Why third-party information security is more challenging now than before
• Essentials in the third-party security risk management process and what common gaps
• Guidance for CISOs to ensure third parties comply with regulatory requirements
• Automation of third-party security (Is it possible to assess a third party’s attack surface with an automated platform?)
• Communication with vendors to remediate cyber gaps
• Onboarding new suppliers securely

Best Practices for Effective Third-Party Security Risk Management

Information Security

Information Management

Information Risk

Security

Risk Management

Risk Mitigation

Risk Assessment

Cyber Security

Supply Chain

Third-Party Breaches

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful environmental insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on environmental strategies and initiatives with reliable data that is sorely missing from this community.

Environment

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Research and Development

Get powerful procurement and sourcing insights for your business. Connect with experts and colleagues to get the most up-to-date knowledge on which strategies are proving to be the most effective for managing vendors, improving performance and reducing cost.

Procurement and Sourcing

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Best Practices for Effective Third-Party Security Risk Management

Presented by

About this talk

More from this channel