Name
G3. Herding Vendors: Implementing Third Party Risk Programs
Date & Time
Thursday, May 11, 2017, 2:00 PM - 3:00 PM
Speakers
Description
Session Description:
The structure of most organizations’ information processing involves large numbers of third party organizations that have access to organizations’ most critical and sensitive data. Even modest sized organizations have hundreds of third parties. Without mature structure for effective management of third parties, organizations fail to uncover and manage risks they would find unacceptable had they been known. This session discusses program structure for managing third party risk, including the concept of risk tiering, based on various criteria, with corresponding levels and types of due diligence activities, including short and long questionnaires, requests for evidence, on-site visits, assessments by expert security firms, and intrusive monitoring.
Learn how to build a risk based third party risk program for your organization, including risk tiering, up front and ongoing due diligence, and management reporting.
Location Name
Room 708/710
Full Address
Colorado Convention Center
700 14th Street
Denver, CO 80202
United States
700 14th Street
Denver, CO 80202
United States
Category
Audit, Risk & Compliance
Learner Objectives
After completing this session, the learner will:
- Understand the reasons to build a third party risk program
- Know how to establish risk tiers
- Understand how to vet third parties at each level of risk
- Deal with exceptions and problems
Speaker Bio(s)
Peter H Gregory is Executive Director at Optiv, and serves as CISO-for-hire for Optiv's clients in the Western U.S. and Canada. He is the author of over forty books on information security, and teaches a course on information systems security at the University of Washington.
Sorting Order
6