Many recent breaches have exploited security weaknesses in third party vendors and suppliers
to attack organizations across all industries. In this SANS What Works Case Study, Chris
Porter, Deputy CISO at Fannie Mae details:
His experience using BitSight Security Ratings to assess the cybersecurity level of...
SANS, NIST and other industry standard methodologies offer thousands of potential questions you could ask your vendor about security. How can you determine which of them are the most important?
Security questionnaires and assessments are integral parts of comprehensive vendor
risk management (VRM) programs. But...
The whole idea behind vendor risk
management is that you want to be
able to verify the effectiveness of your
vendors' security practices. But with current solutions that rely on
self-reporting questionnaires, how
do you actually go about doing that?
Download this whitepaper to explore the flaws of...
One of the first steps to creating a
vendor risk management program
includes identifying what kind of
access your vendors have to your
network and where your greatest
risks lie. Unfortunately some organizations dwell on identifying those risks rather than remedying them.
Download this whitepaper to explore...
Upper management doesn't always buy
in to or fully understand the importance
of a vendor risk management program.
Download this whitepaper for expertise on how to properly communicate the
risk (and management of that risk) in
a way that executives can understand
Relationships with vendors are
important (or even vital) for many
organizations, but unfortunately,
there's a trade-off - the more data you
share, the more risk you acquire.
It is extremely difficult to measure
the security posture of each of your
vendors, let alone create objective
metrics around those...
Do you have a supply chain or just vendors? Do any or all of them present a breach potential? We apply massive resources to hardening perimeters and preventing infiltration of our information security systems, but what if our adversaries have a built-in presence and already have a foothold in the software, hardware,...
While vendor risk management has long been an area of concern for Financial Institutions, regulators are now looking for banks to do more and provide a higher level of assurance about the security practices of their vendors. But how? With regulators continuously raising the bar, one thing is clear: the vendor reviews...
BitSight Technologies is out with its annual Industry Benchmark Report, and cybersecurity ratings are low for the energy and utilities industry. BitSight's Mike Woodward shares insights for all sectors.
Gartner, the world's leading information technology research and advisory company, has named
BitSight Technologies a "Cool Vendor" in Vendor Management for 2015. The report highlights
three vendors for offering "tools and services to support vendor risk management and improve
The federal government is licensing a government-built anomaly detection tool known as PathScan to Ernst & Young, which, in turn, will refine the software and market it. In an interview, DHS's Mike Pozmantier explains why the government is offering its technology to the private sector.
Blue Coat CTO Dr. Hugh Thompson speaks about the future of security, the constants that need attention, and lessons to be learned from the U.S. when it comes to writing meaningful breach notification laws.
An inspector general's memo that highlights three significant information security deficiencies that have plagued the U.S. Department of Labor for the past five years points out problems that most federal agencies confront.
Relationships with vendors are vital for many organizations, but the more data you share, the more risk you acquire. And mitigating this risk requires a degree of visibility into vendor systems that most organizations are hard-pressed to achieve.
Download this guide to explore:
Five of the most impactful...
There is no denying that the attack methods for stealing your organization's data are continuing to expand with third party vendors - which is the most invisible risk in your partner and supplier ecosystem.
Regulators in many industries, including financial services and healthcare, are tightening their grip on...