Vendor Security Management
Managing Your Outsourced Risk
Vendor Security
An Overlooked Threat Vector
The Problem
Recently many well protected companies such as Target and Home Depot’s cyber-security breaches were noted as being attributed to their trusted third party vendors. Such data breaches clearly demonstrate the significance about how adequate company security is often undermined by the “weakest link” in a company’s security.
The Increasing frequency and magnitude of cyber security breaches, brought about by laxity upon the part of an organizations third party vendors, is often attributed to:
- Organizations misunderstanding the full scope of their system boundaries with respect to their service providers and the protections required.
- Organizations overlooking the threat vector imposed by their vendors inattentiveness to the application of good security controls .
The Solution
Establishing a robust Vendor Risk Management Program and making it a significant part of the organization’s security governance.
Infoguard Vendor Security Services
At Infoguard, our consultants, as Shared Assessments Program Certified Third Party Risk Professionals (CTPRP) and as US Federal Government authorized FedRAMP Third Party Assessor clearly understand the importance of establishing a reasonable basis of vendor security assurance, what it takes to look beyond a body of vendor-supplied documentation, and develop a meaningful understanding of the extent to which they have designed and implemented the right security controls, whether those controls are operating effectively over time, and producing the outcomes intended.
We work closely with our clients to help them understand
how risk vectors can manifest themselves in the vendor supply chain, and
how mitigating actions can reduce risk to an acceptable level.<
We would like the opportunities for a collaborative relationship with our clients – finding ways in which they can leverage our extensive experience and substantial expertise, towards meeting their Third-Party Risk Assessment objectives in the following ways:
Outsource their Vendor Risk Assessment and retain Infoguard as approved partner to conduct vendor assessment on their behalf. This partnership will benefit clients’ Vendor Security Management Team as follow:]
Help provide an assurance that the security of their information is not placed at undue risk by limitations of internal resources.
Infuse a level of maturity into their vendor security assessment methodologies that produces a more meaningful output with a higher risk determination value.
Provide their stakeholders with a higher level of confidence that their vendors’ information security posture has been properly reviewed, that deficiencies have been identified, and that remediation and mitigating or compensating actions have been verifiably implemented.
Retain Infoguard to develop and implement a comprehensive Vendor Risk Management Program within your organization which will include the following oversight components:
– Program Governance
– The setting of Policies, Standards and procedures
– Contract security review
– Vendor Risk Identification and Analysis
– The creation of company security tools and metrics for the measurement and analysis of ongoing company vendor management
– Continuous and ongoing monitoring and review of company vendor management efficiencies
Please see the following topics covered in our Resource Tab.
- Cloud Service Providers Risk Management: 50+ Contracts Key Components
- Cloud Service Providers Risk Management: Contract Management
- Cloud Service Providers Risk Management: Importance of Identifying Challenges Early
- Cloud Service Providers Risk Management: Understanding Your Risk Exposure
- Cloud Service Providers Risk Management: Service Level Agreement (SLA)