Third-party risk management (TPRM)

Slides:

Advertisements

Similar presentations

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

Advertisements

Options appraisal, the business case & procurement

HP Quality Center Overview.

Dr. Julian Lo Consulting Director ITIL v3 Expert

Viewpoint Consulting – Committed to your success.

© 2013 IBM Corporation Information Management Discovering the Value of IBM InfoSphere Information Analyzer IBM Software Group 1Discovering the Value of.

Vulnerability Assessments

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

CUSTOMER PERFORMANCE MANAGEMENT PROGRAM WHAT IS IT ALL ABOUT? Evalu8r is an Operational Management Tool that enables business to successfully retain,

Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.

Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Engagement at The Health Trust Presented by Quantum Workplace 2014 Executive Report - The Health Trust.

Corporate Social Responsibility LECTURE 25: Corporate Social Responsibility MGT

Project management Topic 5 Risk. What is risk? An uncertain outcome – either from a positive opportunity or negative threat Risk management is about:

NIH Change Management Program Change Management Program Overview March 8,

Info-Tech Research Group1 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine.

SW Rural Update- Royal Agricultural College, Cirencester (Fri 23 rd Nov 07) Waste Management in the Rural Sector- from Legislation.

Procurement Development Programs

Carol Hedly High Potential Leadership Development Consultant

Customer Experience: Create a digitally led customer experience

Insider Connectivity Review & Savings Analysis

Data Minimization Framework

Running a Privacy Impact Assessment (PIA)

Overview – SOE PatchTT November 2015.

COMP3357 Managing Cyber Risk

ServiceNow Implementation Knowledge Management

Financial Health Nancy Castillo.

Running a Privacy Impact Assessment (PIA)

Speaker’s Name, SAP Month 00, 2017

Description of Revision

Security Testing of Oracle Interfaces using MFT process

PDCA Problem Solving Guide

Microsoft SAM Managed Service Program

Messaging: A New Approach for Executive Conversations:

Small Charities Challenge Fund (SCCF) Guidance Webinar

Making Information Security Manageable with GRC

Office 365 Security Assessment Workshop

Making Information Security Actionable with GRC

The Insurance Brokers Code of Practice - an update

Change Assurance Dashboard

Data Security and Protection Toolkit

Our new quality framework and methodology:

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Enabling step change in your PPM Maturity

Cybersecurity compliance for attorneys

EHC Online Portal Project Lead: Liz Lake

Change Assurance Update

Windows 10 Enterprise subscriptions in CSP – Messaging Summary

Microsoft SAM Managed Service Program

Change Assurance Findings for UK Link Release 3 Health-check 2

Key Value Indicators (KVIs)

Portfolio, Programme and Project

Cyber Security in a Risk Management Framework

GRC - A Strategic Approach

Third-party risk management (TPRM)

DSC Contract Management Committee Meeting

Security Assessments Offered

Robin Youll Office for National Statistics

Sales operations Project support overview Presenter's Name

Sales talent management

Workforce Planning Project support overview Presenter's Name

Internal controls Project support overview.

Gartner for Sales Leaders

<offer name> with Microsoft 365 Business Secure Deployment

{Project Name} Organizational Chart, Roles and Responsibilities

Sample Assessment & Governance Results

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

Third-party risk management (TPRM) An ITC managed security service

65% 94% 83% Market conditions of breaches linked to third parties plan to spend more over next 12 months 83% of business leaders lack confidence Organisations are experiencing a growth in third-party associated cyber security risks …meaning a greater focus on third-party related governance and reporting …however, traditional TPRM programmes are resource intensive, complex and error prone.

Organisations need a way to translate and distil this cyber activity into meaningful information so they can identify key risks and create effective TPRM programmes.

Market conditions Cyber Security ratings provide a quantifiable correlation to third-party risk and data breaches: 5x more likely if your rating is below 400, than one above 700 3x more likely if 50% of your computers are running updated OS 2x Open Port risk vector grade is F But they require considerable effort to administer effectively, at a time when companies often have resource shortages and skills gaps.

Our TPRM solution A fully managed service that helps organisations measure, manage and reduce their exposure to third-party cyber risk. Providing continuous monitoring of third parties, using an industry recognised scoring system to identify where risk is highest. Giving clear guidance to enable productive interactions with third parties where risks exist, how they should be mitigated to ensure quick resolution for reduced cyber risk exposure.

Why you need it Whether managing a number of third-party vendors, potential new clients, new partner or acquisitions, continuous visibility of their security performance is critical. Poorly rated third parties carry a significantly higher risk (up to 5X) of cyber breach, understanding and mitigating this risk to your own business is a key business imperative.

The solution – three components ITC TPRM managed service 1. Setup and onboarding Monitoring and alerting Regular monthly reporting Expert cyber security knowledge to help you translate and distil all cyber activity and data into a tailored and actionable programme where the customer can identify, measure, and continuously monitor risk. Establish rules of engagement, standardised scoring, service processes (internal and external RACI) and governance policies around monitoring activities and thresholds.

The solution – three components ITC TPRM managed service 1. Setup and onboarding 2. Monitoring and alerting Regular monthly reporting Continuous monitoring of identified critical third parties, by a expert cyber analyst. Daily Event alerts indicating significant third-party profile and risk changes, including recommended remediation actions to enable easy collaboration with affected third party. Updated status for critical third-party remediation actions within the current month to enable vendor follow-up.

The solution – three components ITC TPRM managed service 1. Setup and onboarding 2. Monitoring and alerting 3. Regular monthly reporting Monthly performance reporting and trend analysis highlighting overall third-party and risk posture, industry trends, benchmarking, and threat activity. Deep-dive analysis on any flagged ‘at risk’ third-parties. Monthly de-brief call with a cyber analyst. Annual programme review and refinement workshop.

The solution – key features ITC TPRM managed service Setup and onboarding Initial TP Risk Assessment Report – overview of identified priority risk vendor rating performance, review of current framework, and guidance on how rating and alert data could integrate into these processes and policies Onboarding Workshop informed by report to identify and agree vendor categorisation / risk tolerance, initial remediation guidance, definition of service processes (RACI), and set alerting thresholds and preferences Monitoring and alerting Continuous monitoring Daily alerts based on: Rating, and risk vectors changes Infections, vulnerabilities and breaches Full details and remediation guidance Alert Status Tracker: updated status to track evidence of remediation Triaged and sent via email in password protected .pdf On-demand cyber expert support 2hours month Annual programme review and refinement workshop Regular monthly reporting Vendor Performance overview of monitored vendors, by score rating and risk changes Trend analysis / vendor deep-dive Significant rating / grades drops Performance vs benchmarks Summary of infections, vulnerabilities, breaches, by affected vendors Remediation and alerts status summary Benchmark insights (ratings vs industry) Emailed password protected .pdf De-brief call – Q&A, threshold refinement

Benefits of our solution Expert advice for best practice set up, monitoring, and management of third-party risk Alerts backed by professional analysis for improved risk insight Effective remediation guidance to reduce the risk of breaches and facilitate easy vendor engagement Tracking and trend information to monitor individual companies Peer-based benchmarking