We all manage IT risk with our vendors, but this process is often immature. As we continually outsource to external parties, we must evolve to ensure we are protecting our organization from those often unseen, critical risks. This presentation will help us understand how to take Third-Party Risk Management to the next level.
After completing this session, learners will:
- Understand the criticality of proper assessment of third-party IT risks
- Learn the foundational concepts upon which a mature third-party IT risk management program should have
- Find ways to stratify risks, so that each assessment is not a one-size-fits-all approach, is done efficiently and effectively
- to provide a targeted, high-value assessment
- Learn from real-world experience in a large, enterprise healthcare organization with varied and highly-regulated initiatives
Randall Frietzsche is the CISO for Denver Health, and an Adjunct Professor teaching Ethical Hacking and Digital Forensics. Randall has worked in InfoSec for 15 years, including seven years with Catholic Health Initiatives. Randall is an ISSA Distinguished Fellow, holds a Master’s Degree in Information Security, and is a former law enforcement officer.