SecureTheVillage

Developing a Risk-Based Approach to Managing Third-Party Service Providers

Source: SecureTheVillage

Date: 10/16/2020

Focus Areas: Information Security Management / MSSP

Intended for: CISOs, Information Security Managers

This is a recording of SecureTheVillage’s webinar on October 16th, 2020, hosted by Stan Stahl, PHD.

Description: Financial institutions and businesses of all sizes are now heavily reliant on outsourcing and third-party vendors to offer world-class services at competitive prices. At the same time, the increased use of third-party services has dramatically altered the cybersecurity landscape and given rise to heightened scrutiny by regulators and the passage of privacy laws to protect consumers. Against this backdrop, it is now essential for banks and other businesses to implement a vendor management program based on the identification and evaluation of third-party risks. Using a risk-based approach, it is possible for banks and other businesses to easily implement a sound, cost-effective vendor management program that is tailored to the budget and risk profile of the business.

What You’ll Learn:

  1. How to evaluate existing vendors and prioritize management oversight based on the risk profile of each vendor
  2. How to assess the adequacy of existing risk mitigation controls and determine if controls need to be strengthened
  3. How to avoid complexity and unnecessary costs in assessing vendor risk
  4. How to tailor a vendor management program based on assessed risk and the needs of the business
  5. How to define reasonable requirements for managing third-parties throughout the vendor life cycle

Speaker: John Coleman, is Senior Associate with AuditOne LLC, a firm that provides audit and consulting services to U.S.-based financial institutions. He also provides independent consulting services through his own practice. John has over 30 years of experience as CIO, CISO, IT Director, and Audit Manager for financial services companies in the Los Angeles area. He graduated from The Ohio State University and earned designations as a Certified Information Security Manager (CISM) and Certified Internal Auditor (CIA). John also serves on the board of directors of SecureTheVillage and Crystal Stairs, Inc., both nonprofit organizations in Los Angeles, and is passionately committed to promoting cybersecurity awareness and is active as an organizer and speaker for industry events.

Related Resources

Reasonable Security 2022 Cyber Risk Management Managing Information Security Risk: Organization, Mission, and Information System View (NIST 800-39)

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge

SUPPORT US

SecureTheVillage is a community-based response to the cybersecurity and privacy crisis. We are a 501c(3) nonprofit with a vision of a cybersecure global village. We invite you to join with us as together we make the vision a reality. It takes the village.

Be a CyberPartnerDonate