Premium Content

Access "Third-party risk management: Horror stories? You are not alone"

MacDonnell Ulsch, Contributor Published: 18 Jul 2013

Cyberattacks leap from the headlines almost daily, yet senior management at some companies still believe their organizations are not potential targets: “Nobody knows who we are, why would anyone want to attack us?” One consistent breach finding may get their attention: Almost without exception, a third-party vendor or affiliate is involved. It may be the client, or it may be the origination point of the breach. The third party is often a quasi-insider, enjoying some degree of the trust afforded employees. Based on a relationship’s longevity and personal interactions, third-party trust levels sometimes meet or exceed the level of insider trust. Unfortunately, the conveyance of trust does not always end well. This is why third-party management and service-level agreements (SLA) are so critical in the management of risk. SLAs are negotiable instruments that reflect the company’s appetite or tolerance for risk; its size and complexity, geographic distribution, type of information managed, as well as the ability to effectively monitor the third-party management ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Strategies for a successful data protection program
    data_protection_2014.png
    E-Handbook

    Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...

  • Devices, data and how enterprise mobile management reconciles the two
    ISM_supp_1014.png
    E-Zine

    The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...

  • Putting security on auto-pilot: What works, what doesn't
    security_auto-pilot.png
    E-Handbook

    For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...