Vendor Risk Management: Ten Frequently Asked Questions

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
Next Vendor Risk Management: Ten Frequently Asked Questions-4 Next

Vendor Inclusion/Exclusion

Do I have to implement a VRM program for all of my vendors or just the most critical?

If you have unlimited resources to spend on a VRM program, you can go ahead and monitor every single one of your vendors. But that's likely not your scenario. So, most organizations should start by monitoring the most critical vendors. In order to do that, you'll need to prioritize which vendors pose the greatest security risk. This is where most companies get into trouble, so don't underestimate the importance of this step.

Take Target, for example. They probably had a VRM program before their infamous 2013 breach, but it seemingly didn't include the HVAC vendors. What they didn't take into account was how much access they had actually given this particular vendor. Because the vendor had a great deal of access, that made the vendor critical. Let that be a lesson; it's not just the sensitivity of the data that a vendor has access to, but the amount of access they have in your network as well.

As cyber threats become more sophisticated and complex, businesses need not only to ensure they are secure, but that their vital partners, suppliers and vendors are protecting themselves as well. According to the 2015 Verizon DBIR, 70 percent of observed cyber attacks involved a secondary victim. To avoid being blindsided, organizations are beginning to monitor the security of their third parties to reduce the likelihood of a data breach.

Gartner estimates that around 10 percent of companies have formalized IT risk management programs, but that the figure will grow to 40 percent by 2018. If you're just beginning to implement a vendor risk management (VRM) program, BitSight Technologies has identified 10 frequently asked questions to help you get started.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

PAM PAM Solutions: Critical to Securing Privileged Access

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.