Vendor Risk Management: Ten Frequently Asked Questions

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
Next Next

Legal

How much will I need to work with our legal counsel to develop a program? Aren't my vendors legally obligated to share security information will me?

One of your legal team's main priorities will be to establish a disclosure obligation with your vendors. Pretend once more that you are Coca-Cola. If your vendor is breached and they lose customer data or other sensitive information, there are laws in place to protect the customer – in other words, you are legally required to tell a customer if their information – like their credit card number – has been compromised. But what happens if one of your vendors is breached and Diet Coke's secret formula has been compromised? Are they legally bound to tell you, Coca-Cola? No; unless they have a legal obligation to do so, that is.

So, you can see how important it is to have your legal team intimately involved in the VRM process. You need to be sure that your vendors are legally bound to inform you if an incident that affects your security position takes place. You are also able to tell your vendors how secure you want your data through your contracts. And, if they don't comply, you'll be able to take legal action against them.

As cyber threats become more sophisticated and complex, businesses need not only to ensure they are secure, but that their vital partners, suppliers and vendors are protecting themselves as well. According to the 2015 Verizon DBIR, 70 percent of observed cyber attacks involved a secondary victim. To avoid being blindsided, organizations are beginning to monitor the security of their third parties to reduce the likelihood of a data breach.

Gartner estimates that around 10 percent of companies have formalized IT risk management programs, but that the figure will grow to 40 percent by 2018. If you're just beginning to implement a vendor risk management (VRM) program, BitSight Technologies has identified 10 frequently asked questions to help you get started.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

Security117-190x128.jpg 5 Steps to Protect Executives from a Whale-Phishing Attack

Whaling is a type of spearphishing targeting "big fish" in an organization with access to sensitive, highly-valuable information. ...  More >>

Security116-190x128.jpg 5 Common Failures Companies Make Regarding Data Breaches

Five common failures companies make when preparing for, and responding to, a data breach, as well as guidance for companies on how they can tackle these issues. ...  More >>

Security115-290x195 Data-Centric Approach Starves Data-Hungry Cybercriminals

Incorporating security capabilities such as encryption, better control and management and a data security framework will help alleviate the burden breaches place on the organization and people's lives. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.