Recorded: March 24 | 2022 Attend
According to a recent survey by security vendor Anchore, 64% of businesses were affected by a supply chain attack in the past 12 months, and this year supplier attacks are expected to quadruple according to the European Union Agency for Cybersecurity. Third-party breaches can result in severe financial losses, downtime, loss of sensitive information, loss of reputation, breach of compliance, fines, and other legal liabilities.
A well-orchestrated TPRM program can not only mitigate third-party cyber risks but also boost the ability to on-board, manage, and maintain third-party suppliers. Join us on this expert panel as we discuss how to build a strong TPRM program, including how to:
- Establish the quality of data coming in, and keep your reporting flexible
- Create a central repository of all your third-party vendors
- Determine risk potential and “Tier” your exposure
- Develop a security scorecard and address risks in order of priority
- Continuously monitor, optimize, strengthen, and streamline
Moderator
Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.
Panel
Jon Ehret is Vice President of Strategy and Risk for RiskRecon. Jon brings 20+ years of experience in technology and risk, including extensive experience building, maturing and running third party risk programs in both the finance and healthcare industries. Before joining RiskRecon, Jon built and lead the third party risk program for BlueCross BlueShield of WNY and also served as President and Co-founder of the Third Party Risk Association, an international professional association of third party risk practitioners and vendors. Jon is a frequent speaker at third party risk conferences and holds a BS in Information Technology from the Rochester Institute of Technology, as well as the CISSP, CISA and CRISC professional.
James McQuiggan, Security Awareness Advocate for the U.S. McQuiggan has over 20 years of experience in cybersecurity. Prior to joining KnowBe4, he worked at Siemens where he held various cybersecurity roles, including product and solution security officer for Siemens Gamesa Renewable Energy. In this role, he consulted and supported various corporate divisions on cybersecurity standards, information security awareness and securing product networks. McQuiggan is a part-time faculty professor at Valencia College in the Engineering, Computer Programming and Technology division. He also volunteers for several initiatives through (ISC)2, including president of the (ISC)2 Central Florida Chapter, a member of the Board of Trustees for the Center for Cyber Safety and Education and Safe and Secure Online education and awareness program volunteer where he has educated over 7,000 students, parents and teachers.
Matthew Bianchi is the Lead Product Manager, Solutions and Ecosystem at ProcessUnity. Matt is a part of ProcessUnity’s product solutions team and is responsible for the company’s solutions and partner ecosystem. In his tenure at ProcessUnity, Matt has helped hundreds of organizations streamline their risk and compliance programs as well as bring new industry leading solutions and integrations from world-class content providers through the ProcessUnity platform.
David Stapleton, Vice President & CISO at CyberGRX | CISSP. David is a cybersecurity risk professional with over a decade of experience in both the public and private sectors. David began his career at the Department of Health and Human Services (HHS) where he developed and managed Risk & Compliance functions for the Food and Drug Administration (FDA) and Indian Health Service (IHS). David is a Certified Information Systems Security Professional (CISSP).