Access "Third-party risk management: Horror stories? You are not alone"
This article is part of the July/August 2013 / Volume 15 / No. 6 issue of Unlock new pathways to network security architecture
Cyberattacks leap from the headlines almost daily, yet senior management at some companies still believe their organizations are not potential targets: “Nobody knows who we are, why would anyone want to attack us?” One consistent breach finding may get their attention: Almost without exception, a third-party vendor or affiliate is involved. It may be the client, or it may be the origination point of the breach. The third party is often a quasi-insider, enjoying some degree of the trust afforded employees. Based on a relationship’s longevity and personal interactions, third-party trust levels sometimes meet or exceed the level of insider trust. Unfortunately, the conveyance of trust does not always end well. This is why third-party management and service-level agreements (SLA) are so critical in the management of risk. SLAs are negotiable instruments that reflect the company’s appetite or tolerance for risk; its size and complexity, geographic distribution, type of information managed, as well as the ability to effectively monitor the third-party management ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Unlock new pathways to network security architecture
by Dave Shackleford
Cover story: Want to shed appliances? Consolidation and new platforms hold promise for security teams.
-
Enterprise mobile security by the numbers
by Kathleen Richards, Features Editor
Almost 60% of respondents in our 2013 Enterprise Mobile Security Survey believe mobile devices present more risk now than in Q2 2012. What’s changed?
-
Unlock new pathways to network security architecture
by Dave Shackleford
-
-
Third-party risk management: Horror stories? You are not alone
by MacDonnell Ulsch, Contributor
The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.
-
Third-party risk management: Horror stories? You are not alone
by MacDonnell Ulsch, Contributor
-
Columns
-
New data on enterprise mobile security
by Kathleen Richards, Features Editor
We polled readers in our annual Enterprise Mobile Security Survey and the 2013 results are in.
-
Ten years later: The legacy of SB 1386 compliance on data privacy laws
by Randy Sabett, Contributor
A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws.
-
Is big data education a big failure?
by Doug Jacobson and Julie A. Rursch
Big data presents big challenges for computer science programs from classification to cloud security. Are industry partnerships the answer?
-
New data on enterprise mobile security
by Kathleen Richards, Features Editor
More Premium Content Accessible For Free
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...
Enterprise network security visibility: Beyond traditional defenses
E-Handbook
Organizations have implemented various network security technologies to gain better visibility into their networks. However, these security ...