Explore the complexities of managing third-party risk in modern enterprises through an analogy to ascending Mount Everest in this conference talk from Central Ohio Infosec 2015. Delve into the background of IT security challenges, examining how unmanaged risk can lead to obvious and organization-specific impacts. Learn about common risk areas in third-party relationships and traditional management methods. Discover why resolving these issues can seem overwhelming but is ultimately achievable. Examine tiering criteria for IT security and explore tools like Shared Assessments, NetSkope, and BitSight. Gain insights into the role of third parties in incident response and review a simplified roadmap for addressing these challenges in your organization.
Overview
Syllabus
Intro
BACKGROUND
THE MOUNT EVEREST CONNECTION
RISK LIES IN THE UNMANAGED
STATE OF IT SECURITY TODAY
THE EFFECTS ARE OBVIOUS
IMPACT DIFFERS BY ORGANIZATION
TABLE STAKES: COMMON AREAS OF RISK IN THIRD-PARTY RELATIONSHIPS
TRADITIONAL THIRD-PARTY RISK MANAGEMENT METHODS
TOO BIG TO RESOLVE?
DIFFICULT, BUT NOT IMPOSSIBLE
TIERING CRITERIA (IT SECURITY)
SHARED ASSESSMENTS
NETSKOPE
BITSIGHT
THERE'S MORE TO THIS STORY...
THIRD-PARTIES & INCIDENT RESPONSE
AN (OVER)SIMPLIFIED ROADMAP
