Access your Pro+ Content below.
Third-party risk management: Horror stories? You are not alone
This article is part of the July/August 2013 / Volume 15 / No. 6 issue of Information Security magazine
Cyberattacks leap from the headlines almost daily, yet senior management at some companies still believe their organizations are not potential targets: “Nobody knows who we are, why would anyone want to attack us?” One consistent breach finding may get their attention: Almost without exception, a third-party vendor or affiliate is involved. It may be the client, or it may be the origination point of the breach. The third party is often a quasi-insider, enjoying some degree of the trust afforded employees. Based on a relationship’s longevity and personal interactions, third-party trust levels sometimes meet or exceed the level of insider trust. Unfortunately, the conveyance of trust does not always end well. This is why third-party management and service-level agreements (SLA) are so critical in the management of risk. SLAs are negotiable instruments that reflect the company’s appetite or tolerance for risk; its size and complexity, geographic distribution, type of information managed, as well as the ability to effectively ...
Access this PRO+ Content for Free!
Features in this issue
In this special report, Dave Shackleford explores advanced network security architectures that help segment and isolate traffic with in your data center.
Cover story: Want to shed appliances? Consolidation and new platforms hold promise for security teams.
The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.
Almost 60% of respondents in our 2013 Enterprise Mobile Security Survey believe mobile devices present more risk now than in Q2 2012. What’s changed?
Columns in this issue
We polled readers in our annual Enterprise Mobile Security Survey and the 2013 results are in.
A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws.
Big data presents big challenges for computer science programs from classification to cloud security. Are industry partnerships the answer?