Blog

Explore our blogs for the latest insights, tips, and best practices in third-party risk management. Stay informed and protect your organization by navigating the complexities of third-party relationships with confidence. Read on to enhance your risk management strategy!

Blog Category - Information Security

Cybersecurity, Information Security

Cybersecurity vs. Information Security

You like potato and I like potahto You like tomato and I like tomahto Potato, potahto, tomato, tomahto. Let's call the whole thing off... --Ella Fitzgerald, Let’s Call the Whole Thing Off (featuring Louis Armstrong)   You say information security,...

Read More
Data & Cybersecurity, Data Protection, Information Security, Third Party Risk Management

Principle of Least Privilege Security Principle

Shared Assessments' Insurance Vertical Strategy Group came together for its quarterly meeting last week. Conversation was engaging and covered the widening scope of assessments, the multitude of third party types and the need for re-risking vendors in light of the...

Read More
Data & Cybersecurity, Information Security

Guide to Cybersecurity: Information Security Needs a New Narrative

Many companies have a fundamental information security problem, according to the co-authors of the A Leader’s Guide to Cybersecurity (Harvard Business Review Press, 2019). Those organizations pay too much attention to network and system vulnerabilities and too little attention to...

Read More
Data & Cybersecurity, Information Security, Privacy

2020 Information Security and Data Privacy Perspectives: 5 Not-So-Pretty Predictions

When we asked Santa Fe Group Vice President and CISO Tom Garrubba to gaze into his crystal ball last month, he identified several events related to Third Party Risk Management that he thinks may materialize this year, including:   Privacy...

Read More
Data Breach, Information Security, PHI

Holistic Information Security – People, Process and Technology

The attention to People and Process is lagging far behind   In reviewing the recent plethora of data breach stories, I am beginning to see a pattern here. While many companies answer to breaches with more and more technology, it...

Read More
Information Security, Outsourcing, Third Party Risk, Vendor Security

The NSA, Snowden and Third-Party Risk: Preliminary Lessons Learned

Remember this: Edward Snowden Worked for a Third-Party Vendor. While it remains uncertain what exactly Mr. Snowden shared with other nations, we do know this: he wasn’t authorized to disclose classified information. Some may believe he is a hero, others...

Read More
1 2