Weitere ähnliche Inhalte Ähnlich wie Third party risk management with cyber threat intelligence (20) Kürzlich hochgeladen (20) Third party risk management with cyber threat intelligence2. (TPRM) is the process of analyzing and controlling risks
presented to your company, your data, your operations
and your finances by parties OTHER than your own
company.
Third Party Risk Management
What cyber threat information becomes once it has been collected,
evaluated in the context of its source and reliability, and analyzed
through rigorous and structured tradecraft techniques by those
with substantive expertise and access to all-source information.
Cyber Threat Intelligence
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC
4. Companies with red logos... potentially a huge RISK!
In 2014, these are the top companies hit by massive attacks…
Survey says
It is abundantly clear that, in many respects, a firm’s level of
cybersecurity is only as good as the cybersecurity of its
vendors.
Benjamin Lawsky, Superintendent
New York State Department of Financial Services, @BenLawsky
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC
5. Breaches by Sector
Data Breaches by Sector
Source: Symantec
3% Financial
3% Transportation
3% Insurance
3% Hospitality
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC
6. Data Breaches by Sector
Percent of Identities Exposed
Source: Symantec
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC
Healthcare, education and the public sectors accounted for 72% of all data breaches. But, the retail, computer software
and financial sectors accounted for 77%
7. Targeted Organization by Size
Spear Phishing Attacks by Size of Targeted Organization, 2011-2013
Source: Symantec
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC
50% 50% 61%
100%
2,501 +
Employees
1,501 to 2,500
1,001 to 1,500
501 to 1,000
251 to 500
1 to 250
50% 50%
39%
18%
31% 30%
8. Third Party Risk Highlights
Maintain a written
agreement that includes an
acknowledgement that the
service providers are
responsible for the security of
cardholder data.
Ensure there is an
established process for
engaging service providers
including proper due
diligence prior to
engagement.
Maintain a program to monitor
service providers’ PCI DSS
compliance status at least
annually.
Maintain information about
which PCI DSS requirements
are managed by each service
provider, and which are
managed by the entity.
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC
9. The Data Supply Chain
Organization Confidential
Data
3rd Party
Confidential
Data
Downstream
Vendor
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC
10. Top 5 Things Your Board Should Know
01Contracts are no longer enough
to protect the business.
02 A breach of your client’s or patient’s data at a
third party is your responsibility.
03 Single point-in-time assessment is
no longer sufficient.
04 Third-party risk should be part of your
cybersecurity plan.
05 Your CISO (or equivalent) should report those
risks directly to the board.
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC
11. Third Party Assessment –
Program Requirements
Compliance
Assessment
Threat
Monitoring
Technical
Monitoring
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC
12. Building and keeping relationships with third
parties in order to achieve long term business goals
can create complex supply chains that, over time,
more accurately resemble interconnected webs.
What you should know?
Prevent damage to your organization’s
finances and image by identifying
third-party vendor security risks before
a devastating breach.
An effective third party risk management (TPRM) program can make your business secure.
Netspective’s Opsfolio Attest provides companies with third-party risk management (TPRM) services that help them identify third-party risks.
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC
13. Opsfolio Attest Features
Current state assessment and gap
analysis based on leading practices.
Asking and managing risks around
third-parties and vendors.
Detailed risk assessment of
specified risk parameters.
Running third-party audit programs across operational,
information security, and compliance risk, etc.
Offering in-depth third-party
risk reports.
Sources: http://www.isaca.org, https://www.google.co.in/imghp?
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC