Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
July/August 2013 / Volume 15 / No. 6

Third-party risk management: Horror stories? You are not alone

Cyberattacks leap from the headlines almost daily, yet senior management at some companies still believe their organizations are not potential targets: “Nobody knows who we are, why would anyone want to attack us?” One consistent breach finding may get their attention: Almost without exception, a third-party vendor or affiliate is involved. It may be the client, or it may be the origination point of the breach. The third party is often a quasi-insider, enjoying some degree of the trust afforded employees. Based on a relationship’s longevity and personal interactions, third-party trust levels sometimes meet or exceed the level of insider trust. Unfortunately, the conveyance of trust does not always end well. This is why third-party management and service-level agreements (SLA) are so critical in the management of risk. SLAs are negotiable instruments that reflect the company’s appetite or tolerance for risk; its size and complexity, geographic distribution, type of information managed, as well as the ability to effectively ...

Features in this issue

  • Enterprise mobile security by the numbers

    by  Kathleen Richards, Features Editor

    Almost 60% of respondents in our 2013 Enterprise Mobile Security Survey believe mobile devices present more risk now than in Q2 2012. What’s changed?

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close