How CSOs can better manage third-party risks

Scott Schneider from CyberGRX chats with CSO about how security managers can secure their data when dealing with third-party vendors

cloud data disaster breach 100453001 orig
Stephen Sauer

As more companies outsource and move to the cloud on several new projects, making sure those relationships are secure (especially company data) becomes the highest priority. In light of the Target data breach, in which hackers were able to exploit a third-party vendor relationship to get into the retailer’s systems, companies need to perform risk analysis with their third-party vendors much more frequently.

In the latest episode of Security Sessions, I spoke with Scott Schneider from CyberGRX, a startup in the third-party risk analysis space, about how companies can do more with their vendors than just sending them out a checklist of items.

Among the highlights of the video are the following sections:

0:55 Overview of the market for third-party risk analysis, and why it’s important.

2:15 Good starting points and best practices for third-party risk analysis.

3:07 What kind of information does a company pull from its third-party vendor in terms of its security?

3:38 What is the most important question a company should ask their third-party vendors?

4:17 How does a company know that information a third-party vendor gives them is reliable?

4:55 What does a company do after it collects information from the third party?

New! Download the State of Cybercrime 2017 report