Articles

Planning Your Vendor Risk Assessment Questionnaire

Business requires trust, but knowing whether your vendors merit that trust is difficult. With the rise of information technology, the ways in which trust can be broken, intentionally or unintentionally, have multiplied and become more complex. Vendor risk assessment questionnaires are one method for verifying that third parties follow good information security practices so your business can weigh the risk of entrusting them with your data.

Filed under: cyber risk, third-party vendor risk, vendor risk

Five Things to Know About Third Party Risk

In managing cyber risk, it’s not enough to ensure that your business’s systems and enterprise web presence are secure. You must look beyond your perimeter properly vet the third and fourth-party vendors who will have access to your data without being subject to your governance. If an organization outsources technological functions to third parties, or uses them in its supply chain or data handling, the risk is compounded by these parties’ weaknesses. The 2013 Target data breach, which began at an air conditioning subcontractor, is a well known example, but the danger of third-party vendor risk has only increased. More third party breaches are being discovered than ever before.

Filed under: cyber risk, third-party vendor risk

BitSight vs SecurityScorecard

Information technology has changed the way people do business. For better, it has brought speed, scale, and functionality to all aspects of commerce and communication. For worse, it has brought the risks of data exposure, breach, and outage. The damage that can be done to a business through its technology is known as cyber risk, and with the increasing consequences of such incidents, managing cyber risk, especially among third parties, is fast becoming a critical aspect of any organization. The specialized nature of cyber risk requires the translation of technical details into business terms. Security ratings and cyber risk assessments serve this purpose, much like a credit score does for assessing the risk of a loan. But the methodologies employed by solutions in this space vary greatly, as do their results.

Filed under: cyber risk, third-party vendor risk, vendor risk, vendor risk scoring

Cavirin vs RiskRecon

The emergence of the cyber risk assessment space marks a strategic shift in how enterprises handle digital threats, from traditional, ineffective security-centric approaches to blended frameworks that combine layered security and risk management. Let's see how Cavirin and RiskRecon stack up when it comes to measuring enterprise cyber risk.

Filed under: security, cyber risk, digital resilience, Cavirin, RiskRecon