Premium Content

Access "Third-party risk management: Horror stories? You are not alone"

MacDonnell Ulsch, Contributor Published: 18 Jul 2013

Cyberattacks leap from the headlines almost daily, yet senior management at some companies still believe their organizations are not potential targets: “Nobody knows who we are, why would anyone want to attack us?” One consistent breach finding may get their attention: Almost without exception, a third-party vendor or affiliate is involved. It may be the client, or it may be the origination point of the breach. The third party is often a quasi-insider, enjoying some degree of the trust afforded employees. Based on a relationship’s longevity and personal interactions, third-party trust levels sometimes meet or exceed the level of insider trust. Unfortunately, the conveyance of trust does not always end well. This is why third-party management and service-level agreements (SLA) are so critical in the management of risk. SLAs are negotiable instruments that reflect the company’s appetite or tolerance for risk; its size and complexity, geographic distribution, type of information managed, as well as the ability to effectively monitor the third-party management ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Continuous monitoring program demystified
    ism_1014.png
    E-Zine

    For many security teams, "continuous monitoring" is a vague concept associated with FISMA compliance. A continuous monitoring program can be simple ...

  • Does Windows 8.1 meet the demands of the BYOD age?
    windows_shopping_8-1.png
    E-Handbook

    The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...

  • Application security policy after Heartbleed
    ISM_0914.png
    E-Zine

    Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...