0      0

(ISC)2 Security Congress 2022

2101745 - Cybersecurity & Third-Party Risk: Third Party Threat Hunting

Oct 11, 2022 10:35am ‐ Oct 11, 2022 11:35am


Based upon the book Cybersecurity & Third-Party Risk: Third-Party Threat Hunting (endorsed by (ISC)2), we will break the old way of thinking that third-party risk is a compliance, check-box activity into one that is innovative and forward-leaning into the risk. Billions of dollars have been spent by CISOs to secure their organizations, and yet we've largely ignored our supply chain and third-party risk. From physical validation, contractual terms and conditions, fourth parties, due diligence optimization and predictive analysis, methods will be explored to drastically lower this risk area with solid cybersecurity due diligence and due care.

Learning Objectives:
  • Determine steps needed to develop a risk-based, cybersecurity-focused third-party risk program
  • Develop a risk-based, cybersecurity-focused program with physical validation and other due diligence, due care activities to drastically lower the risk from third-parties and their supply chain
  • Learn the steps needed to drop the reactive approach and become more predictive of third-party and supply-chain risks.


  • Gregory Rasner, CISSP, CCNA, CIPM, ITIL, Author of "Cybersecurity & Third-Party Risk" and SVP, Cybersecurity, Truist Financial Corp.

You must be logged in and own this session in order to post comments.