Optiv Blog

Business Driven Vendor Risk Assessment Template

· By Michael Myaskovsky · 0 Comments

The pace and level of outsourcing has continued to evolve and now includes any and all business areas and cloud services. Outsourcing decisions often occur under the radar focusing on the economics of the agreement and not risk management oversight. In these scenarios, it is quite common to perform a risk assessment after a contract has been signed leaving a company with very little leverage to address critical audit findings.

Continue reading 0 Shares

Six Steps for Establishing a Vendor Risk Management Program

· By Michael Myaskovsky · 0 Comments

One of the key problem areas of enterprise risk management is vendor risk. Managing hundreds to thousands of vendors, suppliers, outsourcers and other third-party relationships is difficult in the best of financial times. But with shrinking budgets and smaller staffs, how can vendor risk management be performed correctly?

Continue reading 0 Shares

Five Ways to Minimize Risk Exposure

· By Jason James · 0 Comments

Risk management is something to be taken very seriously. Few things are more harmful to a company's reputation and bottom line, than a breach of client information. However, many companies are busy managing their solution over managing risk or using complicated and expensive resources, practices and solutions to identify risks.

Continue reading 0 Shares

The Best ISO 27001 Risk Assessment Approach

· By Jason James · 0 Comments

Information security management took a big step in 2005 with the introduction of ISO/IEC 27001. The standard provided organizations with best practices to protect vital data, both internally and entrusted to their vendors. ISO 27001 underwent a major revision in 2013, strengthening the guidelines while providing companies with more flexibility to achieve compliance.

Continue reading 0 Shares

Common Failures of Third-Party Risk Assessments

· By Chris Gray · 0 Comments

Third-party risk analysis – whether used to evaluate partners, service providers or suppliers – is a necessity in today’s business landscape. Assessing the services provided by external agencies is often as critical to an organization’s success as their own internal practices. However, many companies follow inconsistent approaches that don’t give an accurate picture of the

Continue reading 0 Shares

Reviewing Third-Party Security Controls

· By James Christiansen · 0 Comments

In our last blog post, we discussed how to secure your house against theft—that is, how to protect your organization against third-party risks. Luckily, you don’t have to put bars on all the windows and station guard dogs at every entrance. An intelligent review of the relative risk of each third party can help you assign

Continue reading 0 Shares

How Do You Measure Third-Party Risk?

· By James Christiansen · 0 Comments

How often do thieves use the front door to commit a robbery? I don’t know from experience, but I’ve been told that most go through a window or back door. Third parties can be the back door of a company, and increasingly the source of security failures, financial difficulties, and other problems that disrupt business

Continue reading 0 Shares

Managing Third-Party Risk

· By James Christiansen · 0 Comments

Today, most organizations are outsourcing critical business operations to third parties. While internal business activities present a level of risk, third-party relationships can significantly increase the level of risk an organization is facing.  The quantity, cost and difficulty of performing due diligence on third parties makes managing third-party risk especially challenging. Earlier today we published

Continue reading 0 Shares

Why Shift Information Risk Management Out of IT?

· By James Christiansen · 0 Comments

In my previous blog posts, I discussed how the role of the CISO is changing due to the additional responsibilities that come with managing the risk of information regardless of where it resides, and the shift in security strategies. It is important to understand this background information as it frames the discussion for moving the

Continue reading 0 Shares

The Evolution of the CISO to CIRO

· By James Christiansen · 0 Comments

Over the past five years the role of the Chief Information Security Officer (CISO) has changed dramatically, and will probably go through an even more dramatic change during the next five. The CISO typically had a technical role, coming up through the ranks with an IT background, and then moved into security. Their main job function

Continue reading 0 Shares
(10 Results)

Get In Touch

Whether you are looking for general information or have a specific question, we want to help.

Contact Us