Risk & Compliance/Legislation

W1-3B. Managing Third Party Risk as a Security Professional

Wednesday, June 12, 2024 9:15 AM - 10:15 AM

Room 3BC

Description

We’re expected to secure all aspects of the enterprise, but often security isn’t brought in when purchasing services or technology. The compromise of vendors to get to.companies using them has become standard fare in the last few years. So, what can you do when you aren’t part of procurement, but are held accountable when they fail? The business understands risk, but in their own way and terms. They don’t think about building cross-functional teams to ensure vendors contracts cover business risk, why we assess risk, what we’re assessing and why. This session will give you a starting point to begin building positive relationships with business stakeholder and designing a repeatable, measurable program.

Learner Objectives

1. Provide the attendee with foundational knowledge around 3PM 2. Building stories around risk that resonate with leadership 3. Basic metrics 4. Items & relationships to consider when building a 3PM program 5. Basic risk assessment and life cycle management