Increasingly, regulatory agencies are pressuring organizations to assess and attest to the cybersecurity of their business partners. In this video interview, Jay Jacobs of Bitsight Technologies discusses strategies for third-party management.
Learn how Financial Services organizations have moved from trustbased
continuous monitoring of vendor security.
The Financial Services industry has long been a pioneer in developing risk management
practices. As third party data breaches have increased in recent years, regulators...
Choosing the right MSSP partner is an important decision in an organization's overall security. Writing an RFP is the first step in the process to finding the right fit for the organization. By using this document, an organization should be able to choose an MSSP and write a tailored RFP/RFI that will help make the...
New guidance for cyber-resilience, vendor management and breach notification are expected for New York state banks in early 2016. And the tone set by these guidelines may have a ripple effect, influencing the actions of federal banking regulators.
Many recent breaches have exploited security weaknesses in third party vendors and suppliers
to attack organizations across all industries. In this SANS What Works Case Study, Chris
Porter, Deputy CISO at Fannie Mae details:
His experience using BitSight Security Ratings to assess the cybersecurity level of...
SANS, NIST and other industry standard methodologies offer thousands of potential questions you could ask your vendor about security. How can you determine which of them are the most important?
Security questionnaires and assessments are integral parts of comprehensive vendor
risk management (VRM) programs. But...
The whole idea behind vendor risk
management is that you want to be
able to verify the effectiveness of your
vendors' security practices. But with current solutions that rely on
self-reporting questionnaires, how
do you actually go about doing that?
Download this whitepaper to explore the flaws of...
One of the first steps to creating a
vendor risk management program
includes identifying what kind of
access your vendors have to your
network and where your greatest
risks lie. Unfortunately some organizations dwell on identifying those risks rather than remedying them.
Download this whitepaper to explore...
Upper management doesn't always buy
in to or fully understand the importance
of a vendor risk management program.
Download this whitepaper for expertise on how to properly communicate the
risk (and management of that risk) in
a way that executives can understand
Relationships with vendors are
important (or even vital) for many
organizations, but unfortunately,
there's a trade-off - the more data you
share, the more risk you acquire.
It is extremely difficult to measure
the security posture of each of your
vendors, let alone create objective
metrics around those...
Do you have a supply chain or just vendors? Do any or all of them present a breach potential? We apply massive resources to hardening perimeters and preventing infiltration of our information security systems, but what if our adversaries have a built-in presence and already have a foothold in the software, hardware,...
While vendor risk management has long been an area of concern for Financial Institutions, regulators are now looking for banks to do more and provide a higher level of assurance about the security practices of their vendors. But how? With regulators continuously raising the bar, one thing is clear: the vendor reviews...
BitSight Technologies is out with its annual Industry Benchmark Report, and cybersecurity ratings are low for the energy and utilities industry. BitSight's Mike Woodward shares insights for all sectors.
Gartner, the world's leading information technology research and advisory company, has named
BitSight Technologies a "Cool Vendor" in Vendor Management for 2015. The report highlights
three vendors for offering "tools and services to support vendor risk management and improve
Blue Coat CTO Dr. Hugh Thompson speaks about the future of security, the constants that need attention, and lessons to be learned from the U.S. when it comes to writing meaningful breach notification laws.