Aligning Third-Party Risk Controls to Your Security Framework
According to one study by Ponemon Research Institute, about 53% of organizations say they’ve had at least one third-party breach in the past two years with an average cost of $7.5 million dollars, and the majority of organizations still have immature third-party risk programs. As a result many organizations today are making deep investments into cybersecurity and implementing third-party risk assessment frameworks (such as NIST and ISO) to drive risk management and protect against constantly advancing cyber attacks.
In some cases, your organization’s needs may be so diverse that you’ll benefit from adopting best practices from more than one framework.
Watch this CPE webinar to learn how to go about this, including how to:
- Identify, establish, assess, and manage supply chain risk management processes
- Establish contracts with third-party vendors to ensure implementation of security measures that align with your organization’s cybersecurity, compliance, and risk management standards
- Routinely assess your third-party suppliers with audits and test results and other evaluations to ensure they’re meeting your contractual agreements
- Conduct response and recovery planning and testing with your supply chain partners