Optiv Blog

DDoS Threats: Are Your Third Parties Protecting You?

· By James Robinson · 0 Comments

There’s evidence that ransomware may be evolving beyond holding data hostage. In recent news, DDoS attacks were used as a threat against organizations, shutting down their internet connections and holding the organization for ransom. DDoS attacks aren’t new. And while this new use of DDoS may be alarming, we need to pause and look at how business works in our interconnected world.

Continue reading 0 Shares

Recovering From a Credential Breach, Part 2

· By Peter Gregory · 0 Comments

Probably the most important step to take when a user suspects that his or her user account has been compromised is to notify the organization’s IT service desk. End users should notify the IT service desk right away in the event of the loss or theft of a laptop computer, tablet or smartphone.

Continue reading 0 Shares

Recovering From a Credential Breach, Part 1

· By Peter Gregory · 0 Comments

A few years ago while on a business trip, I was out to dinner and left my luggage in my rental car (I had not yet checked in to my hotel). When I finished dinner and went back to my rental car, I found it had been broken into and my luggage was gone. My keyring with keys to my house, car and other places was in my luggage.

Continue reading 0 Shares

DEF CON is Here: A Reminder to Manage and Remediate Security Vulnerabilities of Your Third Parties

· By James Robinson · 0 Comments

Every year I like to take a look at the talks at Black Hat and DEFCON to see if there are areas of risk I need to review. This year, like others, has focused on different hacking and defensive techniques. It also included a theme on cloud components as well as IoT, and new vulnerabilities within both. If your organization develops these products, you have the ability to talk with the development teams and review the devices for the vulnerabilities.

Continue reading 0 Shares

Three Steps for Management and Remediation of Security Vulnerabilities with Third Parties

· By James Robinson · 0 Comments

Over the years, security organizations have had to deal with many vulnerabilities that required quick response and remediation. Some examples that come to mind include Heartbleed, Shellshock, numerous specific vendor product vulnerabilities, and as we saw recently: WannaCry. All of these advisories require our organizations to quickly assess the exposure and impact; however, many of us stop at our own infrastructure. As we have seen with mobile, cloud and continued outsourcing, maintaining focus within our own virtual walls is not enough. There is significant risk and exposure to information if we have decided to leverage a service offering or third party.

Continue reading 0 Shares

Three Steps to Enhancing Your Third-Party Risk Program

· By Peter Gregory, James Robinson · 0 Comments

In the world of third-party and vendor risk management, many new practices are being adopted. Over the past few weeks, members of Optiv’s third-party risk team have initiated conversations with key industry leaders through a series of roundtable discussions. These thought leaders own or participate in their organizations’ third-party strategies. During these sessions, we shared leading practices and principles, and identified a number of common trends.

Continue reading 0 Shares

OCC Updated Guidance on Third-Party Risk

· By Peter Gregory · 0 Comments

Recently, the Office of the Comptroller of the Currency (OCC), released updated guidance for bank examiners as they scrutinize third-party risk programs in banks and other financial institutions.

Continue reading 0 Shares

Business Driven Vendor Risk Assessment Template

· By Michael Myaskovsky · 0 Comments

The pace and level of outsourcing has continued to evolve and now includes any and all business areas and cloud services. Outsourcing decisions often occur under the radar focusing on the economics of the agreement and not risk management oversight. In these scenarios, it is quite common to perform a risk assessment after a contract has been signed leaving a company with very little leverage to address critical audit findings.

Continue reading 0 Shares

Six Steps for Establishing a Vendor Risk Management Program

· By Michael Myaskovsky · 0 Comments

One of the key problem areas of enterprise risk management is vendor risk. Managing hundreds to thousands of vendors, suppliers, outsourcers and other third-party relationships is difficult in the best of financial times. But with shrinking budgets and smaller staffs, how can vendor risk management be performed correctly?

Continue reading 0 Shares

Five Ways to Minimize Risk Exposure

· By Jason James · 0 Comments

Risk management is something to be taken very seriously. Few things are more harmful to a company's reputation and bottom line, than a breach of client information. However, many companies are busy managing their solution over managing risk or using complicated and expensive resources, practices and solutions to identify risks.

Continue reading 0 Shares
(17 Results)