When: March 12 | 2020 Attend
As organizations evolve and become more connected, their reliance on third-party ecosystems continues to grow. While these business relationships undoubtedly add value, they also introduce significant new risk and compliance challenges. The third-party risk management process is complex and involves more stakeholders and data sources than many people may think including: cyber risk information, supply chain, financial, IT, compliance, legal, and privacy risk data. But even with loads of available data, it’s extremely difficult for risk teams to know how to prioritize risk and focus remediation and response efforts without the proper context or processes.
As a result risk management teams are turning to governance, risk, and compliance (GRC) solutions to help centralize all of this information in order to gain a more holistic view of their third-party ecosystem. Cyber third-party risk data is a critical piece of the puzzle to a holistic third-party risk program within a GRC solution. Having access to a threat-centric view of cyber risk provides risk management teams with real-time insights that enable them to make faster, more confident decisions and effectively manage third-party risk.
On this CPE accredited webinar our panel of experts will address how to bring threat intelligence into the third-party risk management process and discuss:
- The importance of holistic risk management and sustainable ongoing monitoring,
- How to incorporate external content sources and create a centralized data repository for a more holistic view of your vendors,
- Ways to advance your third-party risk maturity with threat intelligence.
Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. At APACS he started the move to confront the reality of the threat to payment systems and the implications this has on any risk and security decisions taken. He was instrumental in helping the industry coordinate the response to the wave of e-banking attacks that started in 2004, and the development of a card based customer authentication strategy to protect e-banking channels. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. This included contributing to the strategic development of the Council through representing Visa Europe at the PCI SSC's Executive Committee, as well as the technical development of the standards. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe. Colin was responsible for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. He has now built on this experience by learning first-hand what PCI DSS means to merchants through his experience at Carlson Wagonlit Travel. Applying PCI DSS to probably one of the most complex industry verticals and one where it is almost impossible to spend money as a customer without using credit cards! He is now working as a freelance consultant helping retailers and service providers solve their cyber security and payment security compliance dilemmas.
Todd Boehler, Vice President of Product Strategy, at Process Unity. Todd collaborates with customers, partners and internal product teams to develop and deliver high-value risk and compliance solutions. In his role, he drives the company’s cloud services roadmap and defines ProcessUnity’s overall strategic direction. For nearly 20 years, Todd has served in product management and strategy roles for leading technology providers. In 2003, his governance, risk and compliance (GRC) startup was purchased by Stellent, which was soon after bought by Oracle Corporation. Todd worked for Oracle for seven years before joining ProcessUnity in 2014. He has extensive GRC experience, working with organizations’ engineering, services and sales teams to develop solutions, enable sales and deliver customer success.
Allan Liska is a senior security architect at Recorded Future. Allan has more than 15 years of experience in information security and has worked as both a security practitioner and an ethical hacker. Through his work at Symantec, iSIGHT Partners, FireEye, and Recorded Future, Allan has helped countless organizations improve their security posture using more effective intelligence. He is the author of “The Practice of Network Security, Building an Intelligence-Led Security Program,” and “Securing NTP: A Quickstart Guide,” and the co-author of “DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion.”
Kelly White, CEO and Founder (CISSP) at RiskRecon. Kelly has nearly 20 years of experience in assessing and defending complex enterprises. Prior to dedicating his full attention to RiskRecon in 2015, White held various enterprise security roles, including CISO and Director of Information Security for financial services companies. White was also practice manager and senior security consultant for CyberTrust and Ernst & Young. White is an active supporter of the security community, a frequent speaker at industry conferences such as the Cybercrime Prevention Summit, United Security Conference, RSA Conference and eFraud Global Forum, and is a member of the eFraud Global Conference Board.
Jeff Tongel, Sales Manager, Americas at OneTrust. Jeff is a strategic and consultative business development professional, specializing in helping organizations achieve measurable business value through the use of emerging technology.