Optiv Blog

Three Steps for Management and Remediation of Security Vulnerabilities with Third Parties

· By James Robinson · 0 Comments

Over the years, security organizations have had to deal with many vulnerabilities that required quick response and remediation. Some examples that come to mind include Heartbleed, Shellshock, numerous specific vendor product vulnerabilities, and as we saw recently: WannaCry. All of these advisories require our organizations to quickly assess the exposure and impact; however, many of us stop at our own infrastructure. As we have seen with mobile, cloud and continued outsourcing, maintaining focus within our own virtual walls is not enough. There is significant risk and exposure to information if we have decided to leverage a service offering or third party.

Continue reading 0 Shares

Three Steps to Enhancing Your Third-Party Risk Program

· By Peter Gregory, James Robinson · 0 Comments

In the world of third-party and vendor risk management, many new practices are being adopted. Over the past few weeks, members of Optiv’s third-party risk team have initiated conversations with key industry leaders through a series of roundtable discussions. These thought leaders own or participate in their organizations’ third-party strategies. During these sessions, we shared leading practices and principles, and identified a number of common trends.

Continue reading 0 Shares

OCC Updated Guidance on Third-Party Risk

· By Peter Gregory · 0 Comments

Recently, the Office of the Comptroller of the Currency (OCC), released updated guidance for bank examiners as they scrutinize third-party risk programs in banks and other financial institutions.

Continue reading 0 Shares

Business Driven Vendor Risk Assessment Template

· By Michael Myaskovsky · 0 Comments

The pace and level of outsourcing has continued to evolve and now includes any and all business areas and cloud services. Outsourcing decisions often occur under the radar focusing on the economics of the agreement and not risk management oversight. In these scenarios, it is quite common to perform a risk assessment after a contract has been signed leaving a company with very little leverage to address critical audit findings.

Continue reading 0 Shares

Six Steps for Establishing a Vendor Risk Management Program

· By Michael Myaskovsky · 0 Comments

One of the key problem areas of enterprise risk management is vendor risk. Managing hundreds to thousands of vendors, suppliers, outsourcers and other third-party relationships is difficult in the best of financial times. But with shrinking budgets and smaller staffs, how can vendor risk management be performed correctly?

Continue reading 0 Shares

Five Ways to Minimize Risk Exposure

· By Jason James · 0 Comments

Risk management is something to be taken very seriously. Few things are more harmful to a company's reputation and bottom line, than a breach of client information. However, many companies are busy managing their solution over managing risk or using complicated and expensive resources, practices and solutions to identify risks.

Continue reading 0 Shares

The Best ISO 27001 Risk Assessment Approach

· By Jason James · 0 Comments

Information security management took a big step in 2005 with the introduction of ISO/IEC 27001. The standard provided organizations with best practices to protect vital data, both internally and entrusted to their vendors. ISO 27001 underwent a major revision in 2013, strengthening the guidelines while providing companies with more flexibility to achieve compliance.

Continue reading 0 Shares

Common Failures of Third-Party Risk Assessments

· By Chris Gray · 0 Comments

Third-party risk analysis – whether used to evaluate partners, service providers or suppliers – is a necessity in today’s business landscape. Assessing the services provided by external agencies is often as critical to an organization’s success as their own internal practices. However, many companies follow inconsistent approaches that don’t give an accurate picture of the

Continue reading 0 Shares

Reviewing Third-Party Security Controls

· By James Christiansen · 0 Comments

In our last blog post, we discussed how to secure your house against theft—that is, how to protect your organization against third-party risks. Luckily, you don’t have to put bars on all the windows and station guard dogs at every entrance. An intelligent review of the relative risk of each third party can help you assign

Continue reading 0 Shares

How Do You Measure Third-Party Risk?

· By James Christiansen · 0 Comments

How often do thieves use the front door to commit a robbery? I don’t know from experience, but I’ve been told that most go through a window or back door. Third parties can be the back door of a company, and increasingly the source of security failures, financial difficulties, and other problems that disrupt business

Continue reading 0 Shares
(13 Results)