Hi [[ session.user.profile.firstName ]]

A Data-Driven Approach to Third-Party Risk Management

As organizations have increased their scope of vendors and partners, they have also increased their digital risk surface and are facing new challenges regarding vendor risk management. By taking a data-driven approach to identifying, understanding, and acting on risk, you can efficiently eliminate your organization's most critical third-party security gaps.

Register for this webinar to learn how you can leverage data to drive significant improvements in your third-party risk management program, including:

- Tips to measure your vendor risk exposure
- Insights into pioneering practices, program bench-marking and operation metrics
- Principles for fair and accurate security ratings
- How to utilize inherent risk methodologies to prioritize your vendors
Recorded Oct 21 2021 75 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Matthew Bianchi, ProcessUnity; Jon Ehret, Risk Recon; Roger Grimes, KnowBe4; and Dov Goldman, Panorays
Presentation preview: A Data-Driven Approach to Third-Party Risk Management

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • [CPE] How to Improve Threat Intelligence with Advanced Analytics Jan 27 2022 6:00 pm UTC 75 mins
    Panel Discussion moderated by Colin Whittaker
    Earn 1.5 CPE Credits on this webinar

    Keeping track of cyber threats isn’t easy. The sheer volume of information threat researchers must sift through makes it difficult to collect, analyze, and research that data on time. The key to success is leveraging advanced analytics. It has been estimated that it would take 8,774 analysts working full time for a year to process the same amount of security event data that advanced analytics can process in that same time frame. Advanced analytics takes you from simply monitoring cyber security threats to active threat analytics, management, and prevention.

    Attend this webinar to learn how advanced analytics and machine learning can power threat intelligence, and enable threat researchers to:

    - Conduct qualified and detailed threat assessments that can help keep your business secure
    - Detect malicious anomalies in your internet traffic and catch cyber security threats before they seriously impact your network
    - Gain total visibility of your attack surface and better determine what you need to do to prevent attacks
    - Utilize the ATT&CK knowledge base in your security strategy
  • [CPE] GRC 101: Aligning Compliance, Security, and Business Goals Dec 16 2021 6:00 pm UTC 75 mins
    Colin Whittaker with experts from LogicGate, Navex Global, BitSight, and MetricStream
    Earn 1.5 CPE Credits on this webinar

    Organizations today are tasked with meeting the challenges of the current business climate, one of which is managing GRC processes which are often siloed. GRC has a wide reach and impacts many departments across an organization, but when it is done right, benefits accrue. Organizations that integrate GRC processes and technology across departments can ensure the right people get the right information at the right times; that the right objectives are established; and that the right actions and controls are put in place to address uncertainty and act with integrity.

    On this panel discussion webinar we will address how to align GRC Processes with your business goals, including how to:

    - Enhance your risk posture and reduce costs
    - Implement consistent operational processes, including remediation and security gap assessments
    - Assesses and manages risks and controls across the enterprise via consistent, accessible analytics
    - Track and monitor strategic performance via a comprehensive view of risk and compliance goals, challenges, and progress
    - Make GRC-informed decisions related to enterprise development, procurement, and investments
  • [CPE] Paradigm Shift: Using NIST Cybersecurity Principles to Drive Risk Strategy Nov 16 2021 6:00 pm UTC 75 mins
    Todd Boehler, ProcessUnity; Ilia Sotnikov, Netwrix, Chris Poulin, BitSight, and David Stapleton, CyberGRX
    Earn 1.5 CPE Credits on this webinar

    Cybersecurity risks come in many forms, and most importantly, risks are evolving at an increasingly rapid pace. Organizations across industries should work to implement adaptive cybersecurity processes that enable them to predict, prepare and react to the shifting landscape of cyber threats. The NIST Cybersecurity Framework enables organizations to apply the principles and best practices of security to drive risk management and protect against constantly advancing cyber attacks.

    Attend this CPE webinar to learn how to go about this, including how to:

    - Outline the common security risks organizations face
    - Define cybersecurity threats, vulnerabilities, and consequences
    - Map the NIST CSF with security controls and reporting
    - Develop an established incident response plan
  • A Data-Driven Approach to Third-Party Risk Management Recorded: Oct 21 2021 75 mins
    Matthew Bianchi, ProcessUnity; Jon Ehret, Risk Recon; Roger Grimes, KnowBe4; and Dov Goldman, Panorays
    As organizations have increased their scope of vendors and partners, they have also increased their digital risk surface and are facing new challenges regarding vendor risk management. By taking a data-driven approach to identifying, understanding, and acting on risk, you can efficiently eliminate your organization's most critical third-party security gaps.

    Register for this webinar to learn how you can leverage data to drive significant improvements in your third-party risk management program, including:

    - Tips to measure your vendor risk exposure
    - Insights into pioneering practices, program bench-marking and operation metrics
    - Principles for fair and accurate security ratings
    - How to utilize inherent risk methodologies to prioritize your vendors
  • Strategies to Turn Risk into an Opportunity for Business Growth Recorded: Sep 23 2021 73 mins
    Hannah McClure, LogicGate; Jerry Caponera, ThreatConnect; John Checco, Proofpoint; and Joy Bhowmick, MetricStream.
    Earn 1.5 CPE Credits on this webinar

    We are all in the risk business. No risk, no business. The biggest risk points are usually where the biggest opportunities lie to better meet your strategic objectives, enable and drive growth, improve reputation management and confidence in decision-making — and face fewer surprises.

    A strong proactive risk management culture enables an organization to be more nimble, adaptable, and change-ready. On this panel discussion webinar we will address some of the key steps your organization can take to strengthen your risk management culture now and fuel business growth, including how to:

    - Ask the right questions to accurately assess the risks and put plans and controls in place to mitigate them.
    - Drive enterprise-wide accountability to break down silos.
    -Give your employees appropriate training to enable them to take ownership of risks and identify and manage them more effectively.
    - Develop communications plans for when events negatively affect perception of your organization.
    - Leverage the opportunities that align to your strategic goals.
  • Ransomware: How to Reduce Your Likelihood of Being a Victim Recorded: Sep 16 2021 73 mins
    Jacob Olcott, Vice President, Communications and Government Affairs, BitSight
    Earn 1.5 CPE credits by attending live.

    Colonial Pipeline. JBS meat processor. Scripps Health. The list of recent high-profile ransomware victims is long and growing. So are the costs to recover from these crimes.
    But what if you could take preventive steps to reduce your likelihood of becoming a ransomware victim? BitSight recently analyzed hundreds of ransomware incidents to identify common security performance gaps and challenges that lead to successful ransomware incidents. One finding: Poor patching performance is a strong indicator of increased risk to ransomware. In fact, organizations with less mature patching programs are 7x more likely to experience a ransomware incident.
    Register for this executive roundtable for new insights and discussion about:
    ● Sector-specific insights tied to recent ransomware trends
    ● Vulnerabilities that indicate heightened risk of ransomware
    ● Programmatic areas to reduce the likelihood of being a ransomware victim
  • Applying Threat Intelligence to Improve Visibility into Third-Party Risks Recorded: Aug 26 2021 75 mins
    Jason Steer, Recorded Future; David Klein, ProcessUnity; Alastair Parr, Prevalent; and Alex Valdivia, ThreatConnect
    Data breaches are one of the world’s biggest cybersecurity threats for organizations of all sizes. A recent survey conducted by the Ponemon Institute revealed that 59% of organizations have experienced one or more data breaches caused by a third party, costing an average of $7.5 million to remediate. Incorporating current threat intelligence is critical to building and maintaining an effective third-party risk program.

    A successful third-party risk program should provide comprehensive threat intelligence to empower teams to understand, and take action against potential risks by monitoring for key indicators, including data leakage, incident reports, domain abuse, email security, vulnerable infrastructure, web application security, dark web attention and breach intelligence. Join this expert panel discussion to learn how to determine the risk of third parties by applying threat intelligence, including how to:
    - Understand inherent risk and how that risk impacts our third party’s security
    - Assess third parties to identify, prioritize, and mitigate gaps in their security control implementation
    - Map out hacker workflows (kill chains) for identified attack scenarios
    - Continuously monitor and update everything in relationship to the current threat landscape
  • A Data-Driven Cybersecurity Masterclass Recorded: Jul 22 2021 76 mins
    Colin Whittaker with: Roger Grimes, KnowBe4; Todd Boehler, ProcessUnity; and Ilia Sotnikov, Netwrix
    Incident response teams, threat hunters and security operations centers need visibility into what’s happening on their networks so they can make sense of their traffic and move at the speed of attacks. Cybersecurity best practices have moved from protection to detection and response and the lens is refocusing again on data-driven security. Data is the key to making more informed, strategic cybersecurity decisions — and ensuring you’re spending your security dollars effectively. Continuous data-driven monitoring of security in your organization and in every vendor organization with access to your IT infrastructure is the only strategy that will keep you one step ahead of the bad guys.

    This webinar will outline how you can use a data-driven approach to gain visibility into security performance across your IT infrastructure, and:

    - Enable your organization to detect any attacks or abnormalities quickly
    - Measure the security performance of different business units and confidently report outcomes to senior executives and the board
    - Build data-driven action plans and guide your organization down the road to continuous process improvement
    - Prioritize areas in which organizations can apply focus to meet regulatory compliance and standards requirements
  • How to Improve Efficiencies in Your Vendor Risk-Management Program Recorded: Jun 24 2021 75 mins
    Jason Steer, Recorded Future; Todd Boehler, ProcessUnity, Shea Murphy, OneTrust, and Emily Shipman, RiskRecon.
    Traditional Vendor Risk Management tactics are inadequate for understanding the cybersecurity posture of your vendor ecosystem. Your organization should also make sure that your program is efficient in its processes and works to enable business, mitigate risk, ensure compliance and that it fits into your organization’s overall structure. Whatever your company size and regardless of the number of vendors you have, creating efficiencies across your vendor risk management program isn’t just helpful—it’s critical if you want to properly assess the security posture of your vendors.

    Join this expert panel webinar and learn how to make your VRM process more efficient, including how to:

    - Use automated solutions to drive continuous monitoring.
    - Tier your vendors based on their risk, and ensure your vendor knows the expectations set for them.
    - Organize your team to put a process in place and stick to it.
    - Make your cybersecurity posture a competitive advantage.
  • ACC Data Steward Program: A New Industry Model for Evaluating Law Firm Security Recorded: Jun 17 2021 63 mins
    Mark Diamond, CEO at Contoural. Bill Schiefelbein, ACC Data Steward Program. Jim Merklinger, ACC Credentialing Institute
    Corporations give their law firms more sensitive information than any other type of vendor. Yet surveys show that 70% of companies do not assess the security of their firms and legal service providers. The Association of Corporate Counsel through its 10,000 member companies is looking to change this. Based on a new and innovative model, ACC recently launched its Data Steward Program for assessing and accrediting law firms. Developed through an industry-wide collaboration, this global program is set to be the standard in the legal industry. Join ACC during this webinar as it discusses this easier and more thorough approach to assessing information security, including:

    - Why it’s difficult for companies to assess their law firms today, and why firms hate the traditional security assessment approach
    - How the ACC Data Steward Program has developed a standard, relevant and easier approach
    - How global standards such and NIST and ISO are winning out over proprietary controls – if the right controls are selected
    - How this model could become the standard approach across all industries

    Join us for what is certain to be an interesting and lively discussion.
  • GDPR and Privacy in 2021, where are we now? Recorded: May 26 2021 75 mins
    Colin Whittaker with: Rebecca Herold; Paul Breitbarth, TrustArc; Cillian Kieran, Ethyca; and David Klein, ProcessUnity.
    2021 is set to be an exciting one for privacy protection legislation as several notable privacy laws will begin enforcement, with several others falling in line to the new international standard set by the GDPR. Even though the General Data Protection Regulation (“GDPR”) became effective on May 25, 2018, its application to U.S.-based employers continues to evolve and increase in complexity. For U.S. employers of European Union (“EU”) residents, renewed concerns have arisen regarding cross-border data transfers, and with meeting GDPR compliance demands. This is particularly important with regard to remote working arrangements, COVID-19 contact tracing, and interaction with global HR data systems.

    Join this expert panel webinar and learn how to streamline compliance with global data breach notification regulations to operationalize critical functions at every stage of privacy program maturity. You will also learn:

    - Trends and key observations on the effect of GDPR since inception
    - The impact the GDPR has had on influencing newer regulations, as well as a look into other emerging GDPR-like regulations.
    - How to use risk scoring to determine if a breach requires notification to regulatory authorities and impacted individuals.
    - Strategies for implementing a best-in-class program that addresses all phases of privacy management.
    - How compliance with the GDPR has impacted privacy professionals’ work and our organizations.
  • Take a Third-Party Risk Deep-Dive: How to Operate Your Program Recorded: Apr 29 2021 75 mins
    Brenda Ferraro, Prevalent; Jon Ehret, RiskRecon; Perry Robinson, ProcessUnity; and Jaymin Desai, OneTrust.
    Earn 1.5 CPE Credits on this webinar.

    Procurement, IT, and Compliance leaders struggle to manage today’s complex regulatory environment, expansive supply chains, and compliance burdens. Difficulties increase as organizations subject themselves to additional risk by involving more third parties—suppliers, sales agents, and even charities—as regulations grow ever-more complex.

    These third-party threats can result in severe impact to your brand and bottom line—but compliance gaps can be managed more effectively, often by eliminating manual processes and embracing digital tools. On this CPE Accredited webinar our panel of experts will take a deep-dive into how to operate your program and drive effective third-party risk management, including:

    - KPIs to measure effectiveness and prove the impact and benefits of risk management strategies
    - Examples of real-life third-party risk management programs—what worked (and what didn’t)
    - Roles that Governance, Risk, and Compliance (GRC) play in your risk management
  • Automating Cyber Risk Management in a Pandemic Recorded: Mar 25 2021 74 mins
    Colin Whittaker with: Rami Raulas, SSH; Erich Kron, KnowBe4; Jerry Caponera, ThreatConnect; and Chris Ostrander, LogicGate.
    *Earn 1.5 CPE Credits on this webinar

    Cyber-risk management has been forever changed by COVID-19. From the sudden and exponential growth of the remote workforce to the increase in cyber threats that exploit the expanding attack surface, the pandemic has created new challenges which require new strategies for effectively managing cyber risk. This paradigm shift has accelerated the demand for efficiency and forced a new mindset for risk and compliance teams who are relying on automation technologies like never before.

    During this webinar our panel of experts will discuss the challenges to cyber risk management accelerated by the COVID-19 pandemic, and how to overcome these moving forward. You’ll learn about:

    - The new evolving risks and challenges
    - Strategies that can be used to help mitigate those risks
    - Using automation technologies to increase efficiency and agility
    - How to gain a competitive advantage by rapidly adjusting to shifting regulations
  • Applying Threat Intelligence to Drive Control Assurance and Effectiveness Recorded: Feb 25 2021 76 mins
    Colin Whittaker with: Andrew Pendergast, ThreatConnect, Alan Liska, Recorded Future, and Aubrey Turner, Ping Identity.
    *Earn 1.5 CPE Credits on this webinar

    The frequency and severity of security incidents has risen as cyber criminals continually adapt their methods of attack to maximize profit, from mass-market approaches, to compromising as many organizations as possible, to more sophisticated attacks that target specific companies. This is why building an IT security strategy that has data-driven threat intelligence (TI) at its core is so critical.

    However, many organizations view pure threat feeds as their best opportunity to “get started” with threat intelligence, and then struggle to make sense of the massive quantities data. During this webinar, our panel of experts will discuss what types of intelligence will prove truly beneficial to your organization and how to apply it to drive IT control assurance and effectiveness, including how to:

    - Understand the value of different intelligence sources and how to work with them.
    - Gain fully contextualized alerts in real time with no false positives.
    - Effectively detect new threats, methods, and incidents.
    - Implement quality intelligence that informs your entire security strategy.
    - Consistently improve the efficiency and efficacy of your security operations.
  • How to Adapt Third-Party Risk Management for Times of Disruption Recorded: Jan 28 2021 75 mins
    Colin Whittaker with: Jon Ehret, RiskRecon, Sam Mele, Coupa, Dan Harms, OneTrust, and Todd Boehler, ProcessUnity
    Earn 1.5 CPE Credits on this educational webinar.

    Last year, 59% of companies experienced a third-party data breach, and current global uncertainty is a reminder of the increasing complexity of managing third-party risk. Balancing the risks and benefits of using third parties to deliver business services has always been key and during a crisis, the risks can be significantly heightened. Current TPRM approaches may prove to be insufficient, both during and after the crisis. This begs the question: at a time when IT resources are already stretched, how can IT and security teams support the business in its use of third parties while minimizing the risks they create and improving business resilience?

    On this expert panel webinar we’ll discuss some of the current, crisis-related trends and break down how organizations can adapt their TPRM program to improve business resilience, including how to:

    - Determine your organization’s third-party resilience
    - Start new partnerships on a strong foundation
    - Protect your data by sharing only what you need to
    - Check your internal processes are up to the task
  • Enabling Agile Cloud Security for the Work From Home Enterprise Recorded: Dec 17 2020 77 mins
    Jacqueline Brinkerhoff, SailPoint Technologies; Jeff Aboud,Tenable; Matthew Gardiner, Mimecast; and Frederico Hakamine, Okta.
    *Attend live for 1.5 CPE Credits

    Working From Home (WFH) is rapidly becoming the new norm, and cyber criminals across the globe are leveraging the panic induced by this pandemic to launch disruptive cyber-attacks. In the new WFH normal, you will have to secure every aspect of the architecture, whether it’s on premise hardware, cloud infrastructure or your employee’s endpoint devices. Any weakness in this entire chain will expose your IT infrastructure to security risks.

    This means it is critical that businesses quickly find ways to support their workers to work remotely and to do so in a secure manner. On this CPE accredited panel discussion webinar our experts will examine how to build resilience in a digital enterprise with a focus on agile cloud security in the new WFH environment. Don’t miss this opportunity to question the experts on the dos and don’ts of securing your remote workers, strengthen your security posture in this time of extreme uncertainty, and:

    - Learn how to educate your home workers on basic security hygiene,
    - Understand the threat landscape and how cyber-criminals are leveraging fears around COVID-19 to attack your business,
    - Discover how to use cloud collaboration tools more securely,
    - Receive best practices you can put into place to eliminate security blind spots.
  • Executive Tips to Present Cybersecurity to the Board Recorded: Nov 19 2020 76 mins
    Hrishikesh Choudhari, MetricStream; Jake Olcott, BitSight; David Klein, ProcessUnity; and Teju Shyamsundar,Okta.
    Cyberattacks can cost an organisation its reputation, its customers and a great deal of money, making CEOs and board members more accountable. Yet, research shows that a high percentage of corporate boards are not actively involved in cybersecurity oversight. Nonetheless, Gartner estimates by 2021, 100% of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually.

    When communicating your cybersecurity program to the board, it is important to translate technical, tactical details about cybersecurity into business terms: risks, opportunities and strategic implications.In order to justify the desired cybersecurity expense, you must clearly present the risks, the plan you will implement to protect the company’s assets, and the rationale behind the cost. In this webinar, our expert panel will discuss how to present cybersecurity to the board and get buy-in, including how to:

    - Map out your cybersecurity program.
    - Get an independent view of your current cybersecurity state and present the facts.
    - Translate technical, tactical details about cybersecurity into business terms: risks, opportunities and strategic implications.
    - Propose concrete solutions and demonstrate ROI.
  • Accelerating Threat Detection with Real-Time Security Intelligence Recorded: Oct 22 2020 75 mins
    Steve Ginty, RiskIQ; Francois Lascelles, Ping Identity; Teju Shyamsundar,Okta; and Allan Liska, Recorded Future.
    Many organizations rely on governance, risk, and compliance (GRC) technology to consolidate risk information from internal sources (such as finance, IT, and operations) and external sources to understand their threat landscape. Yet as vendor ecosystems grow in size and complexity, risk management teams are increasingly struggling to procure and maintain high-quality, real-time data to feed their GRC systems.

    Creating a threat intelligence strategy is essential for a company to identify and prioritize threats effectively. But when it comes time to choose threat intelligence services and products it can be hard to know where to start. In this webinar, our expert panel will discuss how to use real-time threat intelligence to accelerate threat detection, including how to:

    - Understand the important distinction between threat data and intelligence.
    - Establish what types of intelligence will prove beneficial to your organization and be critical for ROI.
    - Gain complete visibility into all of your organization’s API traffic, and analyze relevant intelligence effectively from large volumes of threat data.
    - Empower your teams to leverage automation to detect and block threats to your organization. 
  • A Third-Party Risk Management Masterclass Recorded: Sep 24 2020 76 mins
    Stephen Boyer, BitSight; Jon Ehret, RiskRecon; Chris McCloskey, OneTrust; and Todd Boehler, ProcessUnity.
    Third-party risk management (TPRM) programs are designed to offload that risk, but the current approach isn’t providing the intended results. According to the Ponemon Institute, nearly 61% of U.S. companies have experienced a data breach caused by a third party.

    To build an efficient TPRM program, it's critical to understand which vendors and suppliers present the most risk, as well as which ones are essential to your operations. By understanding where to prioritize your time, you can onboard key vendors faster, spend the right amount of time performing due diligence, and invest the most resources assessing and monitoring the third parties that matter most, helping to increase security and performance.

    On this webinar our panel of experts will share their experiences and discuss how to:

    - Overcome the most common vendor risk challenges
    - Prioritize your third parties by criticality
    - Streamline your due diligence and vendor assessment process
    - Encourage effective communication between internal stakeholders
    - Establish a continuous improvement cycle to encourage better results year over year
    - Achieve efficiencies out of TPRM tools
  • Executive Tips to Modernize Your Compliance Program Recorded: Aug 27 2020 76 mins
    Chase Hinson, OneTrust; Todd Boehler, ProcessUnity, Jason Rohlf, Onspring; and Kevin Jacobson of LogicGate.
    Under the weight of new and changing regulations around the world, many organizations struggle to achieve compliance. They often lack a holistic view of their compliance profile and face increasing challenges due to digital transformation. Chief Compliance Officers who take a top-down approach are often met with resistance, but a successful program requires management to actively participate, not just sign off.  

    Organizations can no longer afford to apply check-the-box approaches to compliance. Executive management must take a variety of actions to demonstrate leadership and commitment to the company’s compliance management program. On this webinar our panel of experts will discuss the current compliance landscape and challenges facing today's organizations, and they will address best practices to modernize your compliance program, including how to:

    - Use a risk-based approach to meet regulatory demands.
    - Employ digital transformation in the management of compliance obligations.
    - Understand the impacts of regulatory changes and minimize resource-intensive manual processes.
    - Get buy-in from other departments and create a working group of stakeholders to develop and improve your compliance program.
Empowering the GRC Community
The IT GRC Forum produces online events and provides professional networking facilities and market intelligence to Governance, Risk Management and Compliance professionals.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: A Data-Driven Approach to Third-Party Risk Management
  • Live at: Oct 21 2021 5:00 pm
  • Presented by: Matthew Bianchi, ProcessUnity; Jon Ehret, Risk Recon; Roger Grimes, KnowBe4; and Dov Goldman, Panorays
  • From:
Your email has been sent.
or close