Overview
Learn about effective third-party risk governance in this conference talk from the Central Ohio InfoSec Summit 2016. Explore strategies for managing commercial off-the-shelf software, fostering a security-focused culture, and assessing product and services risks. Delve into fourth-party relationships, various risk assessment frameworks, and key determination questionnaires. Discover best practices for remote access, business impact analysis, and security contracts. Gain insights on data retention requirements and how to implement a standalone security supplement document to enhance your organization's risk management approach.
Syllabus
Introduction
How do you deal with commercial offtheshelf software
Culture of security
Product and services risk
Fourth party relationships
Assessing risk
Different frameworks
Determination questionnaire
Risk Questionnaire
Remote Access
Business Impact Analysis
Risk Assessments
Security Contracts Supplement
Security Supplement as a Standalone Document
Data Retention Requirements