Hi [[ session.user.profile.firstName ]]

Third Party Risk Management: How to Conduct a High-Quality Virtual Assessment

Everyone around the globe is responding to an unfamiliar market landscape where business continuity plans are being tested and stressed. For security teams trying to keep up with not only their own rapidly shifting environment but that of their vendors, third party risk management adds additional layers of complexity. Questions like: Is my supplier capable of delivering what we need? Do their cybersecurity management capabilities remain sound? Should we bring on new vendors to safeguard us against any points of failure?

In a time where speed is critical and standard operating procedures seem null and void, SecurityScorecard and Crowe will speak to how you can handle vendor assessments online, in a comprehensive manner with confidence. They’ll share how they’ve seen companies pivot and adapt to newly crafted best practices for the current operating environment. Our speakers are veteran subject matter experts in Third Party Risk, Information Security and Data Privacy and have 40+ years of combined industry experience.
In this session you will learn:
•The benefits and disadvantages of virtual assessments
•How to conduct a comprehensive virtual assessment with a fully remote process and framework
•What pitfalls to avoid in order to ensure a high-quality virtual assessment
Recorded Apr 27 2020 47 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Drew Wilkinson, VP of Customer Success for SecurityScorecard & Jill Czerwinski, Partner, Crowe
Presentation preview: Third Party Risk Management: How to Conduct a High-Quality Virtual Assessment

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Cloud Security – a dynamic approach to cloud risk monitoring and reporting Mar 16 2021 3:00 pm UTC 45 mins
    Benoit Heynderickx, Principal Analyst, ISF
    On Tuesday 16th March at 15:00 GMT, Benoit Heynderickx Principal Analyst at the ISF will be hosting a live webinar exploring cloud security and a dynamic approach to cloud risk monitoring and reporting.

    In this session we will be looking at:

    - Some of the new challenges faced by security and risk function when it comes to monitoring the risks posed by the multitude of cloud services recently acquired
    - The various solutions at-hands for cloud risk monitoring and reporting across the whole multi-cloud environment
    - Future trends leveraging the use of AI techniques for cloud risk monitoring.

    Benoit is a principal analyst at the ISF. He is the project lead for the ISF’s Supply Chain suite of products and the research lead for cloud security. Benoit has over 20 years’ experience in information security risk and assurance and has worked across various industries and large organisations. Benoit also has a special interest in the emerging quantitative techniques in risk analysis.
  • Change Automation: Turning Network Security Alerts into Action Mar 11 2021 5:00 pm UTC 45 mins
    Leslie McIntosh, Senior Engineer, AlgoSec
    You use multiple network security controls in your organization, but chances are, they’re not talking to each other. And while you probably get alerts from SIEM solutions and vulnerability scanners, responding to them feels like a twisted game of whack-a-mole.

    So, if manual, error-prone changes are insufficient for your multi-device, multi-vendor hybrid network, what’s the solution? Simple: Network security change automation.

    On Thursday 11th March, 17:00 GMT, the ISF will be joined by Leslie McIntosh, Senior Engineer, AlgoSec for a webinar exploring how enterprise-wide change automation can transform your network security policies—without replacing existing business processes:

    1. Comprehensive Change Automation: Increase agility, accelerate incident response, and reduce compliance violations and security misconfigurations

    2. Smarter Security, Part 1: Automate security policy changes without breaking core network connectivity

    3. Smarter Security, Part 2: Analyze and recommend changes to your network security policies

    4. Smarter Security, Part 3: Push network security policy changes with zero-touch automation to your multi-vendor security devices

    5. Use What You’ve Got: Maximize ROI of your existing security controls by automatically analyzing, validating, and implementing network security policy changes
  • Continuous Supply Chain Assurance: Always know your risk Recorded: Feb 25 2021 47 mins
    Richard Absalom, Senior Research Analyst, ISF
    It is impossible to operate a business without having a supply chain. In the increasingly globalised environment, suppliers help to keep daily operations moving in every organisation. But this also brings information risk: supplier vulnerabilities are an increasingly common cause of compromise. Keeping a watchful eye on the security status of suppliers – always knowing the risk they present – is an important part of building resilience and maintaining operations.

    On Thursday 25th February, 14.00 GMT, Richard Absalom, Senior Research Analyst at the ISF and author of the Continuous Supply Chain Assurance report, will host an interactive panel discussing the need to continuously monitor supplier security and exploring the tools and techniques that organisations can use right now. He will be joined by David Aubrey-Jones, Threat Readiness Team Leader at NatWest Group, Elli Tsiala, Information Security Expert at ABN AMRO Bank N.V., and Phil Ramage, Head of Security Operations for Defence & National Security at Fujitsu.
  • Cybercrime Trends of 2021: A look into Cybercrime, Nation State and Ransomware Recorded: Feb 18 2021 47 mins
    Jared Phipps, SVP Worldwide Sales Engineering at SentinalOne
    Ransomware is on the rise—there's no doubt about that.

    On Thursday 18th February, 14:00 GMT/15:00 CET, the ISF will be joined by Jared Phipps, SVP Worldwide Sales Engineering at SentinelOne for a webinar looking into the cybercrime trends to look out for in 2021.

    Tune into this webinar and you will:
    • Understand who is behind today's ransomware attacks
    • Find out their motivation
    • Take a tour of the major nation-state players in cybercrime, including their methods, as well as providing mitigations to keep your infrastructure safe
  • Human-Centred Security: Positively influencing security behaviour Recorded: Feb 3 2021 45 mins
    Daniel Norman, Senior Solutions Analyst, ISF
    Human error and negligence still contribute to a significant number of security incidents, yet current approaches to mitigating this risk are failing to have the desired impact. Many organisations have not always prioritised the effective management of this risk and have historically relied upon security awareness to influence security behaviour. Yet this only resolves a small part of the problem and neglects other factors. A robust human-centred security programme is required.

    This webinar will help you to:

    - understand the key factors that influence behaviour
    - deliver impactful security education, training and awareness
    - design systems, applications, processes and the physical environment to account for user behaviour
    - develop metrics to measure behaviour change and demonstrate return on investment.
  • Why 5G security standards are so important and what is the latest progress? Recorded: Jan 26 2021 43 mins
    Yoann Klein, Senior Cyber Security Advisor
    5G promises many new capabilities and use cases, making this technology the coming preferred platform for the digitalized world. That is why security and resilience of our telco networks will become even more critical in the future. Our 5G networks must be built on a strong assurance system.

    NESAS is a collaborative, agreed and promoted standard amongst the telco industry. From vendors to operators but also at governmental level, it is perceived as the major foundation for answering our telco security challenges. But what is exactly the NESAS standard ? How is it making 5G more secure? And what can we expect from it today and in the future ?

    This webinar will propose you an overview of the 5G security standard ecosystem and to discover what are the latest updates on NESAS
  • Managing the Insider Threat: Human-Centred Security Recorded: Jan 20 2021 44 mins
    Daniel Norman, Senior Solutions Analyst at ISF, Dr Margaret Cunningham of Forcepoint, Oz Alashe of CybSafe
    The insider threat comes in many forms, with employees acting maliciously, negligently and even accidentally to compromise information assets. Managing the insider threat is arguably the biggest challenge in information security, with the majority of security incidents coming from a human source. A lack of understanding of behaviour, mismanagement of resources and an inability to measure the success of initiatives has contributed to the wider issue.

    On Wednesday 20th January, 13:00 GMT, Daniel Norman, Senior Solutions Analyst at the ISF and author of the ISF Human-Centred Security research series will be joined by Dr Margaret Cunningham, Principal Research Scientist for Human Behavior at Forcepoint, and Oz Alashe MBE, CEO at CybSafe for a live interactive panel discussion exploring the insider threat and the impact it has on cybersecurity.

    About our speakers
    Dr Margaret Cunningham, Principal Research Scientist for Human Behaviour, Forcepoint

    Dr. Margaret Cunningham is Principal Research Scientist for Human Behavior within Forcepoint X-Labs, focused on establishing a human-centric model for improving cybersecurity. Previously, Dr Cunningham supported technology acquisition, research and development, operational testing and evaluation, and integration for the U.S. Department of Homeland Security and U.S. Coast Guard

    Oz Alashe MBE, CEO, CybSafe

    Oz Alashe MBE is CEO and Founder at CybSafe, a behavioural science and data analytics company that builds software to better manage human risk. A former UK Special Forces Lieutenant Colonel, Oz is focused on making society more secure by helping organisations address the human aspect of cyber security. He has extensive experience and understanding in the areas of intelligence insight, complex human networks, and human cyber risk and resilience. He’s also passionate about reducing societal threats to stability and security by making the most of the opportunities presented through advancements in technology.
  • A Wizards Guide to Security in the Cloud Recorded: Jan 12 2021 43 mins
    Ell Marquez, Linux and Security Advocate, Intezer
    A Horcrux is a powerful object in which a Dark wizard or witch [attacker] has hidden a fragment of his or her soul [code] for the purpose of attaining immortality [persistence].

    Creating a Horcrux gives one the ability to anchor their own soul [code] to earth[environment], if the body [process] is destroyed.

    In this session, we will come to understand how attackers are able to not only compromise our cloud environments but also maintain persistence—while our security teams are distracted by a mountain of false alerts. If we focus on the root cause of all cyber attacks: unauthorized spells, wait, I mean unauthorized code.
  • Using AI, automation and open standards to modernize security Recorded: Dec 15 2020 47 mins
    Chris Meenan, Director of Threat Management Offering Management and Strategy at IBM Security IBM Security
    As organizations manage increasing cloud-based workloads and a remote workforce, the need to shift to a modernized, remote security operations center (SOC) is a high priority for security leaders. SOC teams need to be able to analyze user, device and application behaviors across devices, networks and multiple cloud services. They have to do this while maintaining existing staffing levels and a fragmented security tool environment. In order to address these challenges, security leaders are adopting a modern, unified approach to managing threats that brings together automation, AI and a standards-based approach that provides better visibility and detection across hybrid, multicloud deployments.

    Join this webinar to hear how IBM Security is addressing these challenges by bringing together threat management and data security solutions, leveraging an open, multicloud platform and working to simplify and streamline the analyst workload.


    Chris Meenan
    Director of Threat Management Offering Management and Strategy at IBM Security
    IBM Security

    Chris Meenan is the Director of Threat Management Offering Management and Strategy within the IBM Security division. He has over 15 years of experience in product management and has been involved in developing, managing, releasing and selling software products for over 25 years. Chris has an extensive market, domain, and customer knowledge in IT Security, Customer Relationship Management and Telecom OSS solutions. Chris holds a 1st Honours degree in Physics and has a PhD in telecommunications.
  • Emerging Cyber Threats for 2021 Recorded: Dec 9 2020 47 mins
    Steve Durbin, Managing Director, ISF
    The fallout from COVID-19 has presented a complex set of interrelated factors, causing a ripple effect that impacts the global economy, every geographic region and all industry sectors.

    Organisations have been thrust into chaos, and the role of the Security Officer and security function is about to come under increasing pressure with a number on previously unanticipated scenarios and threats over the coming months.

    On Wednesday 9th December, 13:00 GMT, join Steve Durbin, Managing Director of the ISF for our annual emerging threats webinar, exploring the key information security threats to look out for in 2021 and how you can prepare for them.

    Throughout this webinar, Steve will explore the following threats:
    •The insider threat
    •Edge computing pushes security to the brink
    •The digital generation becoming the scammers dream
  • Looking Forward to 2021: The Future of Security Intelligence Recorded: Dec 3 2020 28 mins
    Jason Steer, director of EMEA presales at Recorded Future
    On Thursday 3rd December, 11:00 ET/ 16:00 GMT, the ISF will be joined by Jason Steer, director of EMEA presales at Recorded Future for a webinar exploring the future of security intelligence and what we can expect in 2021.

    It’s critical for organisations to know how to evaluate a security intelligence provider, and ultimately choose one that will effectively reduce alert fatigue, improve decision making across the business, and deliver unique insights on a broad range of threats.

    But what are the capabilities you should be looking for in a provider to best enable your business to benefit?
  • Assess. Comply. Assure: Eight Cyber Challenges in an Uncertain World Recorded: Nov 12 2020 45 mins
    Alex Jordan, Senior Analyst, ISF
    Cybercrime flourishes in an economic downturn, and as more organisations
    adopt digitalisation and move operations online, their need to protect data
    and critical assets increases.

    We live in an uncertain world where budgets and resources are tight, yet
    the need to manage information risk and establish resilience has never been
    more important.

    On Thursday 12th November, 09:00 GMT, Alex Jordan, Senior Analyst at the ISF will be exploring eight cyber challenges in an uncertain world and how the ISF Aligned Tools Suite 2020 equips you to respond.

    This webinar will help you answer questions such as:

    ‒ How do you prioritise when resources are under pressure?
    ‒ How do you determine a manageable level of information risk?
    ‒ How do you assure your supply chain?
    ‒ How do you manage compliance across multiple standards?
  • The Hitchhiker’s Guide to Cybersecurity Recorded: Nov 4 2020 44 mins
    Ashley Ward, Cloud CTO at Palo Alto Networks
    Imagine, like Arthur Dent, that you have to deal with rapid change brought on by forces beyond your control. In this talk we’ll look at how cybersecurity has had its “Earth” demolished to make way for a “DevOps bypass” and how security can and will adapt to this new future.

    This talk uses Douglas Adams’ book The Hitchhiker’s Guide to the Galaxy as a basis to provide both structure and entertainment. Roughly following the book’s plot, we’ll showcase how cybersecurity has had its world turned upside down and how processes in this new world sometimes appear to be counterintuitive. In this way, we’ll examine how DevOps, cloud native computing, and agile ways of working can be used by security teams to adapt and improve their cybersecurity technology and outcomes even though they might initially seem very alien.

    We’ll pepper the talk with actionable ideas for teams to embrace and enhance the security of their organizations.

    Learning outcomes
    1. Understand that cybersecurity expertise is needed more than ever in cloud native environments. Once thought of as “blockers,” security teams are now actually business enablers.
    2. Appreciate that security leaders have to learn to automate and operate more efficiently or be overwhelmed. With the right technology in place, it’s possible to scale security teams as needed to be able to respond to any and all threats.
    3. Get excited about this new way of working – having gone through a DevOps digital transformation with a financial services organisation, I’ll give senior cybersecurity leaders intel they can use to sidestep the pitfalls that usually accompany this level of change.
  • Slackers, Go-Getters, & Evildoers: Understanding Negative Workplace Behaviors Recorded: Oct 29 2020 46 mins
    Dr. Margaret Cunningham, Principal Research Scientist for Human Behavior, Forcepoint X-Labs
    Understanding bad behavior is critical to establishing effective cybersecurity solutions. Be part of the live conversation as the ISF explores three different types of rule breakers with Forcepoint’s research scientist Dr. Margaret Cunningham, and tries to understand how their motivations can jeopardize security.

    Key takeaways for attendees will include the identification of challenges and strategies for mitigating the risks that stem from negative workplace behaviors.

    Dr. Margaret Cunningham is Principal Research Scientist for Human Behavior within Forcepoint X-Labs, focused on establishing a human-centric model for improving cybersecurity. Previously, Cunningham supported technology acquisition, research and development, operational testing and evaluation, and integration for the U.S. Department of Homeland Security and U.S. Coast Guard
  • Becoming a next-generation CISO Recorded: Oct 15 2020 35 mins
    Mark Ward, Senior Research Analyst, ISF
    As organisations undergo digital transformation to make themselves more responsive, Chief Information Security Officers (CISOs) are coming under pressure to help these far-reaching changes succeed.

    These demands have brought about the rise of the next-generation CISO, a security professional who is adapting to the new environment, mastering new skills and advancing the discipline of information security.

    The ISF’s research into the changing role of the CISO has revealed six core characteristics that next-generation leaders exhibit which ensure risks are managed effectively as the organisation rapidly transforms.

    Throughout this webinar, our topic expert Mark Ward, Research Analyst at the ISF, will be presenting key insights and findings from the Becoming a next-generation CISO briefing paper.
  • Phishing Defence in 2020: What the Heck Just Happened & What's Next? Recorded: Oct 14 2020 46 mins
    Cofense Security Solutions Advisor, Tonia Dudley and Senior Director of Sales Engineering, David Mount.
    2020 has been quite the year. And it’s not over yet! If you’re still trying to get a grip on what has happened in the phishing threat landscape - from COVID-themed phishing attacks to data stealing ransomware and everything in between – you aren’t alone. We are all getting through this together and uniting to fight phishing.

    Join us on 14 October at 14:00 BST to hear from Cofense Security Solutions Advisor, Tonia Dudley and Senior Director of Sales Engineering, David Mount. They’ll walk you through the threats observed by Cofense, the predictions we’re making for the remainder of the year, and the lessons we’ve learned on how to protect organizations from the phishing threats that evade perimeter defences.

    Highlights will include:
    • Insights of various phishing campaigns that evaded SEGs and reached end users, delivering credential phish and malware.
    • How threat actors are evolving and adapting their tactics, making it more difficult for end users to know what’s safe and what’s not.
    • Expert predictions of what is coming in the remainder of 2020 and into 2021.
  • BSIMM11: Here’s What’s New! Recorded: Sep 29 2020 47 mins
    Adam Brown, Managing Consultant, Synopsys
    The Building Security In Maturity Model (BSIMM) is a study of existing software security initiatives (SSIs). The BSIMM provides a way to assess the current state of your software security initiative, identify gaps, prioritize change, and determine how and where to apply resources for immediate improvement. In this webinar, Adam Brown, Managing Consultant, Synopsys Software Integrity Group, will give an introduction to BSIMM and how organizations can use it, then dive into the changes observed in the latest version 11.

    Register for this webinar to learn how Synopsys is helping to improve businesses software security efforts.

    We’ll discuss:
    - How organizations are building their software security initiatives
    - How DevOps is affecting the way organizations perform software security
    - How emerging engineering-driven security cultures are changing approaches to software security
  • Subnet Masks Required: How Covid-19 is changing the cyber security landscape Recorded: Sep 3 2020 48 mins
    Seth Wahle, Cyber Security Principle, NASA
    Covid-19 has forced many companies to work remote which has increased their risk surface.

    On Thursday 3rd September at 14:00 BST, the ISF will be joined by SecurityScorecard and Seth Wahle, Cyber Security Principle at NASA, for a live webinar exploring how COVID-19 is changing the cybersecurity landscape

    In this webinar we will discuss:

    Risks now facing network security with consumer grade equipment at the perimeter.
    Difficulties of managing and securing your threat surface with a remote workforce.
    Poor management leading to miss-configurations, resulting in negative incidents.
    Changes you can make to secure your network and protect your assets.
    Seth Wahle, a U.S. Navy veteran, was featured in Forbes and BBC for hacking android phones using an implanted NFC chip in 2015. After selling his cyber security company, Seth now supports NASA’s Agency Applications Office.

    Seth is additionally a major advocate for privacy and cyber security and is a frequent speaker at conferences such as the National Cyber Summit, Defcon, and HackMiami.
  • Why Secure Email Gateways are not enough: Defending against phishing threats Recorded: Aug 19 2020 48 mins
    Cofense Senior Director of Sales Engineering David Mount and Sales Engineer Alain Salesse
    On Wednesday 19th August at 14:00 BST, the ISF will be joined by Cofense for cybersecurity expert insight into the challenges of defending against sophisticated phishing attacks, specifically, how to defend against the phishing email that evades your secure email gateways.

    Cofense Senior Director of Sales Engineering, David Mount, and Sales Enginer, Alain Salesse, will be sharing insight into the current threat landscape as seen through the eyes of the end user and how threat actors are getting past security perimeter controls.

    Highlights will include:
    - Insights of various phishing campaigns that evaded SEGs and reached enterprise end users, delivering credential phish and malware.
    - How threat actors are using trusted services, such as online business surveys and document sharing platforms, to evade SEGs.
    - Expert predictions of what we will continue to see through the remainder of 2020.
  • Account Takeover: Data Findings, Popular Tools, and Prevalent Actors Recorded: Aug 12 2020 40 mins
    Digital Shadows Photon team - Alex Guirakhoo, Kacey Clarke, Michael Marriott
    On Wednesday 12th August at 14:00 BST, the ISF will be joined by the Digital Shadows Photon team, Alex Guirakhoo, Threat Researcher, Team Lead, Kacey Clarke, Threat Researcher, and Michael Marriott, Senior Product Marketing Manager, to learn about their latest research on account takeover. This combines data findings from Digital Shadows’ repository of 15 billion credentials and activity from the cybercriminal underground.

    Throughout this webinar, we will discuss:

    · The size of the problem
    · The attacker toolkit for performing account takeovers
    · Current approaches to brute forcing
    · Most active actors
    · Best practices for preventing account takeovers
Live monthly webcasts for CISO’s and business leaders
Steve Durbin, Managing Director of ISF Ltd and ISF analysts will present the ISF webinar series: "In pursuit of the secure organisation..."
We will be sharing thought leadership and practical guidance drawn from ISF Members, which include many of the world’s leading Fortune and Forbes listed organisations) on how to address cyber, information security and risk management issues facing businesses and their security teams.

1. Emerging Cyber Threats (ISF Threat Horizon annual series)
2. The role of the CEO and business leaders in cyber security
3. Being a successful CISO
4. Cyber-attack trends
5. Critical Asset Management
6. Data breach prevention
7. Supply chain
8. Insider Threat and the role of the end user

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Third Party Risk Management: How to Conduct a High-Quality Virtual Assessment
  • Live at: Apr 27 2020 1:00 pm
  • Presented by: Drew Wilkinson, VP of Customer Success for SecurityScorecard & Jill Czerwinski, Partner, Crowe
  • From:
Your email has been sent.
or close