The Overlooked Security Risk: 3rd Party Risk Management - Rose

BSides Vancouver 2021 An entire business can be put at risk with the simple click of a button. Speed is often considered the priority when an organization realizes a third party can offer value through increased sales, increased throughput or decreased operational expense. However, the failure to properly vet your third-party relationships can have serious consequences for your business and your customers. Establishing a mature third-party information risk assessment process is neither easy, nor a one-time event. This program uses a combination of effective policies and procedures, IT security control frameworks as part of the vendor risk assessment questionnaire, vendor management platform, automation, risk scoring, and working with business partners to facilitate an understanding of risks. This presentation will cover a more thorough examination into the lifecycle of a 3rd party vendor, with the focus on cyber security. We will also take a look into automating workflows utilizing tools readily available when there is not a budget for a SaaS.