Access "Third-party risk management: Horror stories? You are not alone"
This article is part of the July/August 2013 / Volume 15 / No. 6 issue of Unlock new pathways to network security architecture
Cyberattacks leap from the headlines almost daily, yet senior management at some companies still believe their organizations are not potential targets: “Nobody knows who we are, why would anyone want to attack us?” One consistent breach finding may get their attention: Almost without exception, a third-party vendor or affiliate is involved. It may be the client, or it may be the origination point of the breach. The third party is often a quasi-insider, enjoying some degree of the trust afforded employees. Based on a relationship’s longevity and personal interactions, third-party trust levels sometimes meet or exceed the level of insider trust. Unfortunately, the conveyance of trust does not always end well. This is why third-party management and service-level agreements (SLA) are so critical in the management of risk. SLAs are negotiable instruments that reflect the company’s appetite or tolerance for risk; its size and complexity, geographic distribution, type of information managed, as well as the ability to effectively monitor the third-party management ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Unlock new pathways to network security architecture
by Dave Shackleford
Cover story: Want to shed appliances? Consolidation and new platforms hold promise for security teams.
-
Enterprise mobile security by the numbers
by Kathleen Richards, Features Editor
Almost 60% of respondents in our 2013 Enterprise Mobile Security Survey believe mobile devices present more risk now than in Q2 2012. What’s changed?
-
Unlock new pathways to network security architecture
by Dave Shackleford
-
-
Third-party risk management: Horror stories? You are not alone
by MacDonnell Ulsch, Contributor
The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.
-
Third-party risk management: Horror stories? You are not alone
by MacDonnell Ulsch, Contributor
-
Columns
-
New data on enterprise mobile security
by Kathleen Richards, Features Editor
We polled readers in our annual Enterprise Mobile Security Survey and the 2013 results are in.
-
Ten years later: The legacy of SB 1386 compliance on data privacy laws
by Randy Sabett, Contributor
A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws.
-
Is big data education a big failure?
by Doug Jacobson and Julie A. Rursch
Big data presents big challenges for computer science programs from classification to cloud security. Are industry partnerships the answer?
-
New data on enterprise mobile security
by Kathleen Richards, Features Editor
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...