When building a vendor questionnaire or reviewing a questionnaire completed by a vendor, it’s essential to ask the right questions to properly understand the vendor’s cybersecurity environment. [...]
Complementary User Entity Controls (CUECs), also known as User Control Considerations (UCCs), are controls that the vendor has included within its system and rely on the user entity (you) to [...]
We know your organization is more than likely investing in their cybersecurity program to take precautions and prevent unnecessary breaches, but are your third and fourth party vendors?
I will admit I was surprised to learn that even the largest companies may have third party risk sitting on the corner of ONE person’s desk. Worse yet, it is often times just ONE FACET of a busy [...]
October being National Cybersecurity Awareness Month reminds us to take a look at vendor cybersecurity.
On September 7th at around 4 pm, reports came out in the media that one of the three national credit reporting agencies – Equifax – had disclosed a large data breach. Estimates so far is that it [...]
We recently had an opportunity to discuss the state of vendor oversight with a former FDIC examiner. During our meeting, we discussed the importance of third party oversight and the convergence of [...]
DocuSign has confirmed that a data breach resulted in widespread malware phishing attacks targeting email addresses of more than 100 million of its customers. Companies that utilize DocuSign as a [...]
If you have listened to some of our webinars, you’ve heard me recommend reviewing legal analysis of the voluminous or complex new vendor management regulatory guidance. Rather than digging through [...]
As tiring as it may sound, training is still the most important risk mitigation factor in reducing the number of insider threats. Insider threats originate either through the vulnerability of [...]
Your vendor should be guarding against intrusion into the systems network from the outside and conducting regular penetration testing through a qualified credible resource.
You should insure that [...]