March 2019 | SC Media March 2019

Print Issue: March 2019

Vendor risk management

Vendor risk management (VRM) technologies offer the means to measure, monitor and manage risk exposure from third parties, whether they’re  IT vendors or those that have access to enterprise information. Products in this group should deliver the management, assessment, monitoring/response and reporting capabilities needed to ensure vendors and third-party providers are performing effectively, efficiently and…

Vendor risk management

The SC Labs team this month took a deep dive into vendor risk management (VRM) solutions. According to Gartner, VRM is the process of ensuring that service providers and IT suppliers don’t create an unacceptable potential for business disruption or negative impact on business performance. While our team regularly looks at GRC solutions, this is…

Whistic Vendor Security Management Platform

Whistic was built for ease of use with the goal of getting customers fully functional within 30 days. The pre-setup process is done in the program’s automation section before deploying the product, outlining what business units are available for reporting and tracking purposes as well as internal systems impacting risk. Criticality levels are provided out…

SecurityScorecard

SecurityScorecard uses predictive AI analytics and a breach prediction algorithm to give an organization visibility into risk. It can rate any company in minutes, surpassing human validation, and globally locate company assets for digital footprint visibility. With a convergence of outside-in ratings, inside-out data and onsite audits, it provides tools and services to assist auditors…

RiskRecon Portal (SaaS)

RiskRecon is a highly intuitive, user-friendly application that offers third-party risk management teams the necessary understanding for risk mitigation. The customizable out-of-the-box questionnaires, automated risk scoring, downloadable reports and built-in search feature make this an attractive option. The Portal Dashboard Page shows a high-level view of risk and assigns overall portfolio scores. Risk is scored…

Panorays

Panorays provides a full perimeter overview of vendor risk. Evaluators and suppliers can dispute or validate findings, leading to higher collaboration. It looks at security through the eyes of 10,000 hackers and combines smart questionnaires and big data to produce actionable insights and personalized ratings. The solution provides dynamic ratings, research, tools, and analysis for…

iTrust Cyber Risk Ratings

A cloud-based platform with a comprehensive view of risk structured around the NIST cybersecurity framework, iTrust Cyber Risk Ratings has more than 100 proprietary data points. This cloud architecture stores data on the back end, provides resources, and schedules scans. Vendor self-assessment is conducted through internal surveys of cybersecurity practices and scored with crowdsourced reputation…

CyberGRX Exchange

CyberGRX is a SaaS platform whose mission is to help customers and the third parties with whom they do business solve the challenge of risk management. It is built on NIST-based assessments, mapped to the ISO 27001 framework and can be mapped to most other frameworks as well. Onboarding vendors is simple with a search…

BitSight for Third Party Risk Management

BitSight is a non-intrusive SaaS platform with data-driven security performance ratings based on data gathered outside of organizations. The cyber risk approach is automated at scale, with statistical rigor, some human validation and crowd-sourced collaboration. It brings efficiency and automation to the cyber risk evaluation process, with ratings evaluated across 23 different vectors, graded A…

Next post in Insider Threats