Reevaluating Your Third-Party Risk StrategyJonathan Swanson of CyberGRX on Elements of a Holistic Program
The SolarWinds attack has cybersecurity leaders everywhere taking a hard look at third-party risk. But it’s one thing to have a fresh strategy and quite another to actually start holding vendors accountable for their own security. Jonathan Swanson of CyberGRX offers advice.
In this video interview with ISMG, Swanson discusses:
- The areas that risk managers commonly overlook;
- Key elements of a holistic third-party risk program;
- The most effective types of vendor assessments.
Swanson, head of the client services function at CyberGRX, is a seasoned cybersecurity leader specializing in third-party risk. He has spent more than a decade building security and risk management programs for some of the largest and most innovative companies in the U.S.