This week, Prevalent published an infographic developed by analyst firm EMA focused on vendor threat management.

The infographic starts with a simple question ‘Do We Need Vendor Threat Management?’  It highlights a senior executive speaking with a team member asking whether his organization is prepared to take on third-party risk.  The team member answers that they are not, but neither are 92% of other organizations.  The simple fact that EMA’s research identifies most companies are not prepared for 3rd party risk management is indicative of overall cyber risk preparedness given the trends in outsourcing, the use of the cloud, and managed services.

Read More

Shared Assessments held its inaugural international roundtable in London this week and I was very fortunate to be able to participate.  The event was attended by leading financial services firms and service providers.  This event was put together by the Shared Assessments International Subcommittee headed by Shared Assessments member Lin Lu, Americas CISO for Deutsche Bank and sponsored at their London offices.  The inaugural event highlighted the need for educational and standards leadership by Shared Assessments in the UK region.

While many Shared Assessments members are global firms, the program itself has been primarily focused in the United States.  The conversation was excellent and extremely timely given new regulations and changing privacy requirements for both US and European firms.  In fact, the very day of the event Safe Harbor was effectively struck down allowing more oversight by European regulators over data being sent to the US.

Read More

By Emil Kranz, VTM Analyst at Prevalent, Inc.     

The newly proposed Dodd-Frank rewrite, which is currently part of the $21 billion funding bill being deliberated by the Senate, would cause a shakeup in the riskiness of third-party relationships with banks and financial services organizations which have less than $500 billion of assets on their books, causing companies to have to reevaluate their risk profiles.

In 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act was enacted to tighten the regulations imposed on Financial Institutions following the 2008 financial crisis. The major issues addressed within Dodd Frank were: increase capital reserve requirements, creation of the Consumer Financial Protection Bureau (CFPB), and increased transparency in derivative trading.

Read More

By Robin Slade, as featured on the Shared Assessments Blog and RSA Blog

Today’s companies are outsourcing more critical functions as part of their business operations in today’s complex environment. Every member of the supply chain must be evaluated to ensure they are properly protecting systems and data. With hackers specifically targeting third parties as a way to get to outsourcers’ data, this further emphasizes the need for rigorous information security and risk management programs.

The service provider control evaluation process has long been inefficient and costly. The verification performed during the onsite assessment is a necessary component to ensure sufficient third party controls in place, but today this process is time and resource intensive, inefficient and a burden on both the outsourcer and the service provider.

Read More

Prevalent CEO, Jonathan Dambrot, was recently polled by CIO Magazine on Innovative Ways IT Can Impact the Business in 2015

Build an app-centric IT environment

“By driving this app-centric ethos, organizations are putting performance first and employees can perform their job duties faster and more effectively to generate profit,” said Joel Dolisy (@solarwinds), CIO for SolarWinds. “Organizations can excel in an app-centric IT environment by enabling IT to build deep troubleshooting capabilities to identify issues with latent applications and proactively break down traditional IT silos that prevent full visibility into the application stack.”

Intermedia president Michael Gold (@Intermedia_net) fears that the explosion in application use will cause productivity to dwindle as it will take significant time to deploy and manage numerous applications.

“IT needs to look into services that streamline the process of administering and managing applications to boost overall productivity,” said Gold.

All this does not come without risk as Jonathan Dambrot (@PrevalentNet), CEO and co-founder of Prevalent notes you must manage third-party risk through the entire vendor lifecycle. He advises a standardization process for automating 3rd party cybersecurity monitoring and evidence collection.

Read the full article HERE