Data Security, Identity, Network Security

Third Party Risk Management: The Russian nesting doll of infosec challenges

By Marcos Colon

For security practitioners, the name of the game is risk management.  

These risks come in all shapes and sizes, from system vulnerabilities and the onslaught of evolving malware, to threats posed by insiders. We’re not talking about the Edward Snowdens of the world; we mean accounts compromised by miscreants or even honest employees that fall into the increasingly convincing phishing scams hitting their inboxes.

Nonetheless, there’s a lot to take into account, but when it comes to the slew of third parties that are connected to an organization’s network, that’s when things get interesting.

Organizations depend on third parties to function. The problem is that those parties also depend on third parties, and so on and so forth.

While it may seem like a never ending cycle that poses a behemoth challenge, there is hope.

In this video, IT risk management consultant Jerod Brennen shares some tips on what security managers can do to asses a large number of these third-party vendors.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.