Print this page

Aligning Third-Party Risk Controls to Your Security Framework

Written by  Webmaster

25 April 2022

On-Demand

032422TN

Recorded:    April 21 | 2022      Attend

According to one study by Ponemon Research Institute, about 53% of organizations say they’ve had at least one third-party breach in the past two years with an average cost of $7.5 million dollars, and the majority of organizations still have immature third-party risk programs. As a result many organizations today are making deep investments into cybersecurity and implementing third-party risk assessment frameworks (such as NIST and ISO) to drive risk management and protect against constantly advancing cyber attacks.

In some cases, your organization’s needs may be so diverse that you’ll benefit from adopting best practices from more than one framework. Attend this CPE webinar to learn how to go about this, including how to:

  • Identify, establish, assess, and manage supply chain risk management processes
  • Establish contracts with third-party vendors to ensure implementation of security measures that align with your organization’s cybersecurity, compliance, and risk management standards
  • Routinely assess your third-party suppliers with audits and test results and other evaluations to ensure they’re meeting your contractual agreements
  • Conduct response and recovery planning and testing with your supply chain partners

Moderated by:

colin whittakerColin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.

Panel

JonEhretNeal Roylance, Director of Security Research from RiskRecon, a Mastercard Company. As a Cybersecurity expert, Neal has been focused on protecting digital assets of large financial companies over the last 17+ years. Neal has acted in CISO and Director level roles to implement effective security programs and governance at these institutions. Neal has also spent time in engineering and architecture roles that have contributed to a strong understanding of "what works" at all levels of a security organization. Neal is currently focused on delivering objective security assessments that empower organizations to build effective risk management of critical 3rd party relationships.

MattBianchiMatthew Bianchi is the Lead Product Manager, Solutions and Ecosystem at ProcessUnity. Matt is a part of ProcessUnity’s product solutions team and is responsible for the company’s solutions and partner ecosystem. In his tenure at ProcessUnity, Matt has helped hundreds of organizations streamline their risk and compliance programs as well as bring new industry leading solutions and integrations from world-class content providers through the ProcessUnity platform.

 

MMMatthew Moog, General Manager of Third-Party Risk at OneTrust, the category-defining enterprise platform to operationalize trust. In his role, Matthew advises companies throughout their third-party risk management implementations to help meet requirements relating to relevant standards, frameworks, and laws.Prior to joining OneTrust, Matthew spent 18 years at EY where he led their Global Third-party Risk offering for Financial Services and their Third-party Risk Managed Service offering for the Americas. Moog is a CISA and has a BS in Management Information systems from Rensselaer Polytechnic Institute in Troy, NY.

JonEhretAdam Rosen, serves as Vice President of Product Strategy at Stealthbits Technologies. An expert on managing and securing data, Adam has helped organizations of all sizes implement controls and policies to meet security, compliance, and efficiency objectives. In his current capacity, he manages Stealthbits’ portfolio of data security and data privacy technologies depended on by enterprises around the world to protect their most critical information.