Untitled 1

2nd Annual Vendor Risk Management Benchmark Study Shows Need for Step-Function Improvement

July 21, 2015 | Shared Assessments, Third Party Risk Management, Vendor Risk Management, Vendor Security

Early summer 2015 is proving to be a busy one for those interested in cyber security maturity models, first with the June 30th publication of the FFIEC’s Cyber Security Assessment Tool (which incorporates a cybersecurity maturity model) and now with the release of the second annual Shared Assessme ....

Dear Member of the Board

February 24, 2015 | Corporate Culture, Tone at the Top, Vendor Risk Management, Vendor Security

Whether you’re a board member of a retailer like Starbucks or sitting on a large financial services board like JPMorgan Chase, I’ll bet you’re pleased at this point that you said no to SONY board membership. Though Enron is now nearly 13 years behind us, you may recall the U.S. Senate subcomm ....

Why Handshakes Are Not Enough — Vendor Risk Management is in the Details

February 12, 2015 | Vendor Risk Management, Vendor Security

The days of doing business with a handshake and a smile are long gone. However, one thing continues to remain constant—how few vendor contracts are updated, even if the scope of service changes. This can be detrimental to an organization, particularly if the vendor is handling sensitive data such ....

Insider Threats – A Need to Rethink Enterprise Security?

November 6, 2013 | Cyber Risk, News, Security, Vendor Security

Cybercriminals are targeting privileged network users in ways that are increasingly devastating to security efforts across the financial services industry. These types of insider threats have become more prevalent in the past two years due to the combination of: Increased network activity volumes ....

OCC Releases Guidance on Third Party Relationships (OCC 2013-29)

October 31, 2013 | Regulations, Regulatory Compliance, Third Party Risk, Vendor Oversight, Vendor Security

Yesterday the OCC released its long awaited Guidance on Third-Party Relationships (OCC 2013-29). Notably, this Guidance, posted below, rescinds OCC Bulletin 2001-47, “Third-Party Relationships: Risk Management Principles,” and OCC Advisory Letter 2000-9, “Third-Party Risk.” The Guidance int ....

The NSA, Snowden and Third-Party Risk: Preliminary Lessons Learned

August 5, 2013 | Information Security, Outsourcing, Third Party Risk, Vendor Security

Remember this: Edward Snowden Worked for a Third-Party Vendor. While it remains uncertain what exactly Mr. Snowden shared with other nations, we do know this: he wasn’t authorized to disclose classified information. Some may believe he is a hero, others believe he is a villain. It is clear, tho ....

« Previous PageNext Page »