15      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778573 - How to Effectively Communicate to the Board about Third Party Risk

Oct 18, 2021 4:15pm ‐ Oct 18, 2021 5:15pm

Credits: None available.


Cybersecurity risk posture only considers the capability of bad guys to penetrate network defenses, but risks resulting from doing business with third-party vendors who have unvetted access to company data pose just as great a risk. Communicating this to a board of directors may pose the biggest challenge of all to cybersecurity leaders. Whether your company outsources software developers not properly trained in security or uses a payment processing vendor whose cyber defenses are not as stringent as their customers', you are exposing your data to exploitable vulnerabilities. This session will detail the third-party risk issues that are fundamental to a mature cyber risk program and offer a process you can take to effectively communicate this to your board.

Learning Objectives:
  • Discover how to evaluate a third party's security posture and perform a gap analysis to uncover any cyber gaps.
  • Explore tactics for explaining third-party risk type of risk to company board members.
  • Learn how to monitor vendors throughout the business relationship to identify any new cyber gaps and provide updates to the board.


Tags: Intermediate


  • 1.00 - CPE

You must be logged in and own this session in order to post comments.