A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


The Overlooked Cyber-Security Risk: 3rd Party Risk Management - Rose Songer BSides Cleveland 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

The Overlooked Cyber-Security Risk: 3rd Party Risk Management
Rose Songer

@rosesonger

An entire business can be put at risk with the simple click of a button. Speed is often considered the priority when an organization realizes a third party can offer value through increased sales, increased throughput or decreased operational expense. However, the failure to properly vet your third party relationships can have serious consequences for your business and your customers. Establishing a mature third party information risk assessment process is neither easy, nor a one-time event. This program uses a combination of effective policies and procedures, IT security control frameworks as part of the vendor risk assessment questionnaire, vendor management platform, automation, risk scoring, and working with business partners to facilitate an understanding of risks. This presentation will cover a more thorough examination into the lifecycle of a 3rd party vendor, with the focus on cyber security. We will also take a look into lessons learned with techniques that didn't quite hit the mark on improving the program.

Rose a GRC Consultant with Seiso. She has a lot of experience building Third Party Risk Management Programs that including incorporating and building risk assessments on non-merchandise third party vendors, communicating risk with business stakeholders, and establishing a scoring methodology that accurately determines risk associated with vendors. Rose has a diverse IT and Security background spanning over twelve years in network security and administration, enterprise and vendor risk management, and security awareness program development and implementation. She brings over 8 years of experience from her time spent in the Navy as an Information System Technician. Rose also has her M.S. in Cyber Security and Information Assurance and a B.S. in Advanced Networking. Her industry experience spans health care, federal government, and retail.


Back to BSides Cleveland 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast