tprm

In this podcast episode, Brent Deterding, the CISO at Afni, joins Matthew Davies, the VP of Product at SureCloud. They discuss Brent's approach to organizational risk. Brent outlines his four steps for significantly reducing risks within businesses in a manner that is simple, easy, and inexpensive.

Contact Brent Deterding
👉 Brent's LinkedIn:  / brent-deterding 
👉 Afni' website: https://afni.com/

Contact Matthew Davies
👉 Matthew's LinkedIn:   / matthew-daviesgrc 
👉 SureCloud's Website: https://www.surecloud.com/

Guest: Laura Robinson, ESAF Program Director at RSA Conference [@RSAConference]

On Linkedin | https://www.linkedin.com/in/laurarobinsoninsight/

At RSA | https://www.rsaconference.com/experts/laura-robinson

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Laura Robinson, the ESAF Program Director at RSA Conference, about the changing landscape of third-party risk management. They explore the need for organizations to shift their approach in assessing third-party risk and the limitations of relying solely on questionnaires. Laura emphasizes the importance of more detailed assessments and manageable requirements for suppliers.

The conversation touches on the significance of fostering a culture of security and collaboration between organizations and their third-party partners. They discuss the challenges faced by small businesses in meeting complex regulatory requirements and the difficulties in finding the right cybersecurity services and talent. The episode showcases case studies that highlight successful third-party risk management programs and their positive impact, including significant reductions in incidents and quantifiable risk reduction.

The discussion also delves into the potential benefits of standardization in the industry, such as shared assessments, resources, and frameworks such as NIST CSF and HITRUST. Sean and Laura underscore the importance of collaboration, community, and a change in mindset to effectively address third-party risk in the evolving cybersecurity landscape. Throughout the conversation, practical insights and success stories are shared, providing listeners with a deeper understanding of the progress being made in third-party risk management while acknowledging that there is still work to be done.

The episode offers a thoughtful exploration of the topic, focusing on the need for collaboration, cultural shifts, and the development of more effective assessment approaches in order to mitigate third-party risk effectively.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

CISO Perspectives on Transforming Third-Party Risk Management: https://www.rsaconference.com/library/webcast/158-ciso-persp-transfer-third-party?utm_source=x&utm_medium=social&utm_content=158-ciso-persp-transfer-third-party-webcast&utm_campaign=september-2023-rsac365&postID=11353906220

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: Laura Robinson, ESAF Program Director at RSA Conference [@RSAConference]

On Linkedin | https://www.linkedin.com/in/laurarobinsoninsight/

At RSA | https://www.rsaconference.com/experts/laura-robinson

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Laura Robinson, the ESAF Program Director at RSA Conference, about the changing landscape of third-party risk management. They explore the need for organizations to shift their approach in assessing third-party risk and the limitations of relying solely on questionnaires. Laura emphasizes the importance of more detailed assessments and manageable requirements for suppliers.

The conversation touches on the significance of fostering a culture of security and collaboration between organizations and their third-party partners. They discuss the challenges faced by small businesses in meeting complex regulatory requirements and the difficulties in finding the right cybersecurity services and talent. The episode showcases case studies that highlight successful third-party risk management programs and their positive impact, including significant reductions in incidents and quantifiable risk reduction.

The discussion also delves into the potential benefits of standardization in the industry, such as shared assessments, resources, and frameworks such as NIST CSF and HITRUST. Sean and Laura underscore the importance of collaboration, community, and a change in mindset to effectively address third-party risk in the evolving cybersecurity landscape. Throughout the conversation, practical insights and success stories are shared, providing listeners with a deeper understanding of the progress being made in third-party risk management while acknowledging that there is still work to be done.

The episode offers a thoughtful exploration of the topic, focusing on the need for collaboration, cultural shifts, and the development of more effective assessment approaches in order to mitigate third-party risk effectively.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

CISO Perspectives on Transforming Third-Party Risk Management: https://www.rsaconference.com/library/webcast/158-ciso-persp-transfer-third-party?utm_source=x&utm_medium=social&utm_content=158-ciso-persp-transfer-third-party-webcast&utm_campaign=september-2023-rsac365&postID=11353906220

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

In 1904, a fire broke out on a steamboat full of families enjoying a ride along New York City’s East River. The panicked passengers quickly discovered they had an even bigger problem on their hands - the ship’s life preservers. The safety equipment turned an emergency into a catastrophe. 

When you run a business, you build relationships with other businesses. They become your vendors and suppliers. But what happens when these third parties make decisions that put your customers and your business at risk?

We talk with Edward T. O’Donnell, author of Ship Ablaze: The Tragedy of the Steamboat General Slocum, and Matt Moog, General Manager of Third Party Risk Management at OneTrust, to find out how an untrustworthy vendor can sink your brand and your business.

In this episode I'm looking at the 4-month long investigative report by the New York Times into the damning claims of wide-spread, systemic exploitation of underaged migrant workers in some of the biggest, most beloved household brands in America.

The articles headed by journalist Hannah Dreier, presented one of several investigative pieces into the enormous scale of trafficked and enslaved young people across America.
 
So who is looking after these kids?  More specifically, who is looking after the downstream 3rd party suppliers who introduced these illegal and unethical practices  into the supply chains and why did the enterprise supplier risk vetting fail so miserably?

We'll break that down and look at three ways we can all do more to mitigate this from happening in our companies.

Resources and Citations: 

Referenced News Articles:

• https://www.nytimes.com/2023/02/25/us/unaccompanied-migrant-child-workers-exploitation.html (you can Google the Mar, Apr, May links from there) 
• https://www.msnbc.com/the-reidout/reidout-blog/joy-reid-child-labor-migrants-rcna72944
• https://www.nytimes.com/2023/05/07/us/politics/child-labor-immigration-democrats-republicans-biden.html?smid=nytcore-ios-share&referringSource=articleShare
• https://www.minimum-wage.org/colorado/child-labor-laws#:~:text=8%20hours%20of%20work%20per,hours%20per%20week%20are%20allowed 
• https://www.gartner.com/en/newsroom/press-releases/2023-02-21-gartner-survey-shows-third-party-risk-management-misses-are-hurting-ororganizations 

TPRM Resources:
✅  Get My FREE Third Party Risk for Leaders eGuide HERE  

• https://assets.kpmg.com/content/dam/kpmg/uk/pdf/2021/04/outsourcing-and-third-party-risk.pdf 
• https://www.upguard.com/resources/whitepaper-third-party-risk-management-services 

✅  Past blog on forced labour and human trafficking HERE  

Want to hear more about these topics? Please leave us a like and a review or join our mail list for information upcoming courses like our Negotiation Foundations course due out MARCH 2024! www.kelliconfidential.com

Every month, our experts Nick, Hugh and Arron will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization.

June's Cyber Threat Briefing covers:

💡 The Worldwide Impact of the MOVEit Breach and the Latest Tactics for Future Prevention
💡 CISA Sounds Alarm: iPhone Zero Day & Triangulation Trojans - Urgent Patch Required for Stealthy iMessage Exploit

💻 Register for our next episode here: www.surecloud.com/resources/webinars/surecloud-live-cyber-threat-briefing

👉 Learn more: www.surecloud.com/cyber-security-services/cybersecurity-as-a-service

👂 Questions? Email: 𝗯𝗿𝗶𝗲𝗳𝗶𝗻𝗴@𝘀𝘂𝗿𝗲𝗰𝗹𝗼𝘂𝗱.𝗰𝗼𝗺

👉 Nick Hayes' LinkedIn: www.linkedin.com/in/nickjhayes/
👉 Hugh Raynor's LinkedIn: www.linkedin.com/in/hughraynor/
👉 Arron Dowdeswell's LinkedIn: www.linkedin.com/in/dowdeswell/

The supplier risk landscape for corporates today is shaped by sanctions, ESG commitments, and potential for reputational harm - which is just the start. But amid all this, there is competitive advantage to be found through optimized third-party risk management.

No stranger to the topic is Vincent Scales, Director of Third-party Risk Management at Verizon and Chairman of the Board for the Third-party Risk Association. After participating in a primary research study conducted by Moody’s Analytics, Vincent joins this episode of KYC Decoded, bringing the findings of the research to life.

Also joining is Enrico Aresu, Moody’s Analytics Compliance and Financial Crime Practice Lead for the DACH region and central eastern Europe.

Highlights of this engaging conversation include:

• Context for increased commitment to TPRM
• Controllable vs. uncontrollable risk in supply chains
• The difference a compliance culture can make
• Gaining advantage with Governance Risk and Compliance (GRC) platforms

For additional resources, check out:

• The rising tide of third-party risk management report from Moody’s Analytics, in partnership with Context Consulting
• Moody’s Analytics third-party risk management insights
• Third Party Risk Association (TPRA) website and LinkedIn profile
• Shared Assessments website and its Standardized Information Gathering (SIG) Questionnaire

To find out how Moody’s Analytics can help elevate third-party risk management and supplier due diligence in your organization, visit our website and get in touch any time.

In this episode, host Bidemi Ologunde spoke with Lee Bristow, the Chief Technology Officer at Phinity Risk Solutions.

The conversation touched on several topics, such as the need to automate risk management; the risk voting process his company uses to prioritize and operationalize strategic risks across business units; context-based regulatory checklists, and the bottom-up approach to quantifying and analyzing risk within an organization; the impacts of geopolitics and the Environmental, Social, and Governance (ESG) framework on third-party risk management; and lots more.

=======

Receive $25 off orders of $149+ with code SWAPSRF at Snake River Farms!

Whether you're a seasoned veteran or a beginner to beef, the pioneers of American Wagyu have got you covered with $25 off your order.

Shop Delicious Meats Now

=======

Organize your work and life, finally.

Become focused, organized, and calm with Todoist. The world’s #1 task manager and to-do list app.

Start for free

=======

Productive businesses use 1Password to secure employees at scale.

1Password is the world’s most-loved password manager, with top ratings from G2Crowd and Trustpilot, and has been named top password manager by leading media outlets including Wired, The New York Times, and CNET.

Start protecting your data today

=======

Turn your Airtable or Google Sheets into modern business tools you need.

Softr lets you stop waiting for developers. Build software without devs. Blazingly fast. Trusted by 100,000+ teams worldwide.

Start building now.

=======

Sesame Care - Doctor appointments as low as $19.

Find the best price for the highest quality physicians. Book an appointment in minutes.

Get Started

=======

In this episode I talk about real situations I’ve experienced.  I won’t name companies, only industry and relative geography so as not to expose any entities.  Some of these are more egregious than others, all are good learning experiences, for early as well as experienced professionals.  Many look to join Cyber Security and wonder what it’s really like out there, these tales should provide some insight to that curiosity.  

I encourage each of you to think of solutions to these problems.  While I give some throughout the episode, there are many ways to solve problems.  Don’t just think about technical solutions.  What processes or procedures could these organizations implement?  How about training, not just their IT and security staff but their end users as well.  Spending money may solve a problem; however, if the product or service is not installed or utilized properly, will money really make it better?  Use these stories to grow yourself and help you understand what the real world of cyber security, on the ground, really looks like.