The accreditors of this session require that you periodically check in to verify that you are still attentive.
Please click the button below to indicate that you are.
Our worlds and our businesses are becoming more and more interconnected. Name a company, non-profit, government entity or agency that is able to keep all of their data on internally created applications; that can run without third-party technology. Of course, with each new application and third-party, our cybersecurity risk increases. There are various tools and techniques available to help us navigate our third-party risk. "Silver Bullets" don't work on these were-risks. Putting in the effort to acknowledge, comprehend, and document the third-party risk will allow you to communicate that risk appropriately to those charged with governance so they can decide to accept, mitigate, transfer or avoid the risk.
Learning Objectives:
Understand how to properly evaluate a SOC 2 report (or a framework compliance certificate) from your vendor
Understand how to integrate 3rd party risk into the organization Risk Assessment using a Cyber Risk Assessment
Understand how 3rd party technology impacts your cybersecurity risk
Understand the how a data inventory (or lack thereof) can impact your cybersecurity risk
Understand the importance of culture on 3rd party technology risk management
Speaker(s):
Ben
Hunter III,
CPA/CITP, CISA, CRISC, CDPSE, CISM,
Principal - TRC,
UHY ADVISORS