Name: Best Practices for Effective Third-Party Security Risk Management
Start: 2023-02-21T16:00:00Z
End: 2023-02-21T16:01:01.000Z
Location: BrightTALK
Rating: 5

Shared Assessments is a global membership organization dedicated to developing the best practices, education, and tools to drive third party risk assurance. We are creators of the industry standard third party risk toolkit, used by over 15,000 organizations worldwide. 

Third-Party Risk Management programs must manage a delicate balance between keeping up with new threats, navigating the evolving regulatory landscape, introducing new technologies, and always trying to do more with less. Join TPRM experts for a discussion on how forward-thinking TPRM teams are managing this balance by incorporating new relationships, technologies and techniques to mature their risk-reduction capabilities.

Beyond the Questionnaire: Tips to Modernize Your TPRM Program

Artificial Intelligence (AI) and Machine Learning (ML) technologies are evolving rapidly, bringing the potential to transform Third Party Risk Programs and paving the way for remarkable efficiencies. With great promise comes significant risk that must be understood and mitigated. Dive into the cutting-edge world of AI and ML solutions for Third Party Risk Management. Panelists will share their expertise and preview Shared Assessments’ AI/ML Risk domain and associated controls aligning with NIST AI RMF.

Navigating the Risk & Reward of AI & Machine Learning

Managing the third-party lifecycle involves stakeholders across many business units: information security, privacy, legal, finance, procurement, and others. When these teams collaborate to streamline workflows, efficiency can be realized in contracting and holding third parties accountable for their obligations. This session will focus on weaving contracting into the third-party lifecycle to limit risk exposure while automating processes. You will learn:

• How to align third-party risk management and contracting/procurement teams
• Insights on types of risk that can be managed through contracting
• Best practices to limit risk exposure through contracting
• Ways to monitor your third parties and their contractual obligations

Where Contracting Fits in the Third-Party Risk Lifecycle: 5 Opportunities

In today’s digital age, cyber threats are a rising concern to organizations, ransomware being one of the most insidious of those threats. Join subject matter experts from Shared Assessments and Digital Asset Redemption, a compliance-focused service provider to companies involved in cybersecurity incident response, for a discussion on the current ransomware threat landscape, and ways to protect, defend, and respond to those threats. About Digital Asset Redemption: DAR aims to be the light that shines through the shadows of blackmail, spanning the shortest distance between cyber incident and response. We champion a suite of personalized, protective, precise Payment Solutions to provide a clear, confident response in times of duress.

Out of the DARk: Shining Light on the Ransomware Threat

This session explores how to simplify meeting reporting obligations for the most impactful third-party risk management regulations and requirements including GDPR, CCPA, HIPAA, and SOX. The right risk strategies empower organizations with frameworks to manage risk appropriately. Panelists will examine the complexities of third-party risk reporting and provide insight into practical tools and techniques (such as the Shared Assessments SIG) to improve reporting processes and outcomes.

Simplify Reporting Against the 5 Most Impactful TPRM Regulations

In this session, we provide an enterprise-wide, TPRM-focused approach to ransomware. Discussion includes meaningful process and program guidance improvements and practical tools for organizations of all sizes, whether operating locally or globally.

Ransomware Best Practices for Third Party Risk Professionals Webinar

Time is a valuable resource, especially when trying to manage a third-party risk program at scale. With countless third parties to manage, hundreds of assessments to send, and even more risks to analyze, how do you keep up?

Streamlined workflows throughout the third-party risk management (TPRM) lifecycle, from onboarding to offboarding, can create a sense of order and accountability.

5 Best Practices for Streamlining Your Third-Party Risk Management Workflows

Optimizing Efficiency and Maturation of Strategic Supplier Management Programs

Journey to Standardization

From speculating that vendors have terrifying security posture to guessing that vendors have water-tight security practices, organizations make assumptions around cybersecurity too often. What does the cybersecurity standing between business and their vendors actually look like? In a new study, RiskRecon by Mastercard and Cyentia Institute examine security assessments across more than 50,000 B2B relationships. Through this data, this session will illustrate:
<ul><li>• The likelihood of your firm or a firm you are working being involved in a breach event</li>
<li>• How firms can be exposed to a variety of new security risks via third parties</li>
<li>• The impact of poor assessment practices on your cybersecurity standing</li>

Debunking Vendor Cyber Security Myths

In this session, we will show the ESG SIG product alongside a discussion of use cases, key features and benefits. We will touch on the regulations, standards and frameworks mapped to by the ESG SIG and learn how this solution was made.

ESG SIG Product Launch Webinar

The “cloud-first” strategy at many companies today translates into an ever-increasing number of third-parties, and even greater number of risks. While cybersecurity technology is better than ever, in a world where so much of every business operation is outsourced, your third-parties’ attack surface is your attack surface -- and your existing cyber stack may not help you. This webinar will explore the top 5 tips to effectively scale a third-party cyber risk management program in order to manage the mounting number of third-parties.

Top 5 Tips to Scale Your Third-Party Security Risk Program

We’ll discuss:

• Why ESG matters to third party (and Nth party) risk management
• EU and German Supply Chain Due Diligence Regulations (environment and human rights) and what sets them apart from other ESG regulations
• Newly approved EU Corporate Sustainability Reporting Regulation and SEC Climate Reporting proposal
• ESG and the U.S. 2024 election’s impact on regulations
• ESG Standards consolidation – ISSB
• Proposed New York State Department of Financial Service Guidance for New York State Regulated Banking and Mortgage Institutions Relating to Management of Material Financial Risks from Climate Change and existing Insurance industry guidance
• Bank of England observations on climate related risks

And more!

Diverging Paths In ESG Regulation?

Leveraging third parties can lead to significant efficiencies, but it is not without risk. This session will explore criteria used to establish inherent risk and provide approaches for assessing a critical third-party relationship.

Panelists will share the results of a recent Shared Assessments Critical Third-Party Survey covering TPRM processes including: Risk Tiering Techniques; Inherent Risk Criteria; Critical Third Party Criteria; Number of Critical Third Parties and Assessment Timeframe Approvals. Additionally, panelists will highlight work being done by Shared Assessments members on an Inherent Risk Product.

Note: You can review our Corporate Due Diligence blog and download our responses to regulation enhancements requested by:

• Prudential Regulatory Authority - Operational Resilience: Critical Third Parties to the UK Financial Sector;
• NYS- Department of Financial Services - Cybersecurity Requirements;
• Security Exchange Commission - Rule on Outsourcing by Investment Advisors

Determining the Risk of Critical Third Parties

Shared Assessments has updated and upgraded the 2023 Third Party Risk Management Product Suite to align with a changing regulatory and threat environment. Content has been adjusted to focus on Cybersecurity, Data Governance, Operational Risk, and Resilience. This session includes full details about updates and upgrades to the SIG, SCA, VRMMM, Data Governance Tools, including content organization and updates to industry and regulatory standards.

New 2023 Product Suite: Standardized Excellence To Meet Today’s Risk Environment

The increased focus on efficiency of Third-Party Risk control assessments, performed on vendors and supply chains requires all organizations to improve their use and integration of products, techniques, and technologies. Regulators are increasing their focus on nth parties and recognize the increased need for more collaboration. This webinar will examine the benefits and challenges of using assessment exchanges and seek to provide guidance to organizations using and or considering the use of a TPRM exchange.

Exchange/Assessment Efficency

Your third-party risk management program is on solid footing and bringing in short term success. But how do you keep the momentum going? What does a dynamic, agile program look like? Join Tom Garrubba, Vice President of Shared Assessments, and Alastair Parr, Senior Vice President of Global Products & Services at Prevalent, as they: <p>
<ul><li> • Discuss pragmatic, actionable long-term TPRM program goals</li>
<li> • Review considerations for appropriate resource planning and constraint management</li>
<li> • Show you best practices for business engagement and data collection</li>
<li> • Assess mechanisms for improving vendor interaction</li>
<li> • Explore how to create consistency in metrics for analysis and reporting</li>

The 5 Criteria for Long-Term Third-Party Risk Management Program Success

InfoSec, IT risk and digital supply chain management professionals know the key to minimizing the risk of third-party breaches: implementing a comprehensive and efficient third-party security risk management (TPRSM) process. This webinar will explore the challenges surrounding third-party security and provide steps for efficient and effective TPSRM.

This session will cover:

• Why third-party information security is more challenging now than before
• Essentials in the third-party security risk management process and what common gaps
• Guidance for CISOs to ensure third parties comply with regulatory requirements
• Automation of third-party security (Is it possible to assess a third party’s attack surface with an automated platform?)
• Communication with vendors to remediate cyber gaps
• Onboarding new suppliers securely

Best Practices for Effective Third-Party Security Risk Management

Information Security

Information Management

Information Risk

Security

Risk Management

Risk Mitigation

Risk Assessment

Cyber Security

Supply Chain

Third-Party Breaches

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful environmental insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on environmental strategies and initiatives with reliable data that is sorely missing from this community.

Environment

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Research and Development

Get powerful procurement and sourcing insights for your business. Connect with experts and colleagues to get the most up-to-date knowledge on which strategies are proving to be the most effective for managing vendors, improving performance and reducing cost.

Procurement and Sourcing

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Best Practices for Effective Third-Party Security Risk Management

Presented by

About this talk

More from this channel