Third Party Risk Management

Security Breach Report June 2020

Monthly Breach Report June 2020

This report summarizes the top breaches between mid May to June 2020 accounting for the major breaches the world has seen. This helps you in keeping track of the latest hacks and safeguarding your organization by looking at the trends. We share insights to the breach 1.“Bank Of America (BofA) Data Breach” Bank Of America… Read More »Monthly Breach Report June 2020

Guide to building a third [arty risk management program

Steps To Build An Enterprise Third-Party Risk Management Program

Vendor or enterprise third party risk related breaches are at an all time high. Several of the high profile breaches like Uber, Amazon, British Airways & more has been caused due to 3rd party. Most of the major security related framework, guidelines, compliance and regulations has made 3rd party risk management a mandatory part of overall security program. Following are the key steps for building an effective third party risk management (vendor risk management) program.

Free Supplier Security Assessment Questionnaire

This document is on Supplier Security Assessment Questionnaire (SSAQ) (Security self-Assessment and Reporting) (Courtesy Halkyn Consulting).  This includes the following sections –  Document Control Supplier Name & Address Assessment Completed by Date of assessment Additional Documents ProvidedRelevant Network Diagram Relevant Security Diagram Relevant System Architecture Technical Interface Design Relevant 3rd Party Security Assessment(s) (e.g. SAS… Read More »Free Supplier Security Assessment Questionnaire

Free Third Party Data Security Assurance Questionnaire

This free document is on 3rd party data security assurance (Courtesy UCF,  Information Security Office, VR Program).  The document is made in a way such that vendors must answer the questions in a yes/no. Third Party/ Vendor Data Security Assurance Questionnaire (SAQ)Document covers questions from various sections –  Policies & Procedures  Disaster Recovery & Business Continuity  Physical… Read More »Free Third Party Data Security Assurance Questionnaire

Free 3rd Party Outsourcing Information Security Assessment Questionnaire

This free document is on 3rd party Outsourcing Information Security Assessment Questionnaire (Courtesy UBC IT). This questionnaire document has various information section on :  Company Information Policies, Standards and Procedures Architecture Configurations Product Design Compliance Access Controls Monitoring Physical Security Contingency Vendor’s Business Associates Download Document The document can be viewed below and downloaded from… Read More »Free 3rd Party Outsourcing Information Security Assessment Questionnaire

( Free ) Third Party Risk Management Checklists And Frameworks From The Web

( Free ) Third Party Risk Management Checklists And Frameworks From The Web

FireCompass content and research team has curated some top checklists and frameworks on third party risk management that were available on the web for free. You will find these frameworks and guidelines simple and ready to use. Free 3rdParty Outsourcing Information Security Assessment Questionnaire V1.4 This checklist has 2 parts to it with all segment wise… Read More »( Free ) Third Party Risk Management Checklists And Frameworks From The Web

Third Party Risk

How Missing Continuous Monitoring Makes Third-Party Risk Management Programs Ineffective

Many organizations have hundreds of vendors and the Third-Party risk exposure is one of the biggest threats. Most of the organizations depend upon partners, vendors, suppliers, contractors and other third-parties for day-to-day operations. Each of them presents some potential risk to the organization. Third-Party Risk Management programs helps in assessing the cybersecurity of vendors/3rd parties that… Read More »How Missing Continuous Monitoring Makes Third-Party Risk Management Programs Ineffective

Managing Shadow IT

6 Must-Know Facts About Shadow IT

Shadow IT refers to IT applications and infrastructure that are managed and utilized without the knowledge of the enterprise’s IT department. Shadow IT risks exists in most organizations but most IT leaders and CISOs underestimate about its reach. In this blog, we will uncover the important facts that every business leader should understand about Shadow… Read More »6 Must-Know Facts About Shadow IT

Third Party Risk

Third-Parties: Risks & Threats Associated With Them

Third-Party risks are more as the Third-Party breaches continue to dominate and these breaches are expensive to organizations. Third-parties are those companies that you directly work with such as data management companies, law firms, e-mail providers, web hosting companies, subsidiaries, vendors, sub-contractors. Third-Parties are  basically any organization, whose employees or systems have access to your… Read More »Third-Parties: Risks & Threats Associated With Them