onShore Security

Because Security Gives Us Freedom.

  • Managed Security Services
    • Panoptic Cyberdefense
      • Panoptic Cyberdefense Overview
        • Cybersecurity in Banking
      • Security Management and Reporting
      • Managed Detection and Response
      • Security Orchestration
      • The Panoptic Approach
    • Cybersecurity Leadership
      • Cybersecurity Leadership
      • Continuous Vulnerability Management
      • Security Assessments
        • Security Assessments
        • Security Maturity Assessment
    • Managed Security Solutions
      • Managed Security Solutions
      • Panoptic Sensor
      • Managed Firewall
  • Media
    • Blog Posts
    • Press
    • Videos
    • Case Studies
  • About Us
    • Our Mission
    • Leadership Team
    • onShore Security Jobs
  • Contact

How to Assess Third-Party Vendor Risk: Cyber Security Guest Blog

February 28, 2018 By Josh Eklow

The following is a guest blog, published with the author’s permission. Click here to read the original post at Third Party Trust.

Metrics drive the measure of progress and stand as benchmarks during any assessment, audit or review process. They are the life blood of reporting and when it comes to vendor risk management, it is not as straight forward as you might think. Let’s take a deeper look into what Guy Dulberger of Ritchie Bros. has to say about the key metrics to track when assessing vendor risk and how a risk-based approach is the new norm for vendor risk management.

“I think an important aspect of what makes a great security report, KPI or metric is understanding your business and where your greatest organizational risk lies.” – Guy Dulberger, Information Security Executive

In a recent post on Digital Guardian, Dulberger outlines a series of metrics to track when assessing third party risk. As always, the first step is to create a list of your most critical vendors, usually ones that carry PHI, PII, PCI, etc or have network access. Then from there, create a risk rating system that is clearly communicated to management and understood by the rest of the organization. This is primarily done through a numerical rating system or something similar to low, medium, high rating.

Once the rating system has been finalized, it’s time to rate vendors based on seven critical areas:

  1. Volume of Information

  2. Type of Information

  3. Size of Commitment

  4. Criticality of the Service

  5. Ease of Replacement

  6. Brand reputation

  7. Threat intelligence

After rating each vendor on each of these subjects, there should be a quantifiable way of presenting and reporting to management and the rest of the organization.

At ThirdPartyTrust, benchmarking and reporting are at the heart of the platform. Utilizing a customizable, risk-based approach is difficult when dealing with hundreds of vendors, but by standardizing critical issues, like network access, information security teams can easily do more assessments while maintaining a standard base.

We’ve created automated reporting, such as the heat map above, to provide insights to  vendor populations. Enterprises can use subjects like “vendor requires PCI compliance” or “vendor has network access” to measure impact (helpful link) and trust (helpful link) of the vendor.

Read the original post at Third Party Trust.

Contact us to learn more about managed security services

Filed Under: Cyber Security, Vendor Management

312-850-5200
info@onShore.com

HQ
1407 W. Chicago Ave.
Chicago, IL 60642

Data Center
216 W. Jackson Blvd.
Chicago, IL 60606

  • Email
  • Facebook
  • LinkedIn
  • Twitter
  • YouTube
  • Home
  • Managed Security Services
  • Jobs

Copyright © 2021 · Genesis Framework · WordPress · Log in