ENG2356. Navigating Your Third Party Technology and Cybersecurity Risk (TCH, PRAC, FIN)

Our worlds and our businesses are becoming more and more interconnected. Name a company, non-profit, government entity or agency that is able to keep all of their data on internally created applications; that can run without third-party technology. Of course, with each new application and third-party, our cybersecurity risk increases. There are various tools and techniques available to help us navigate our third-party risk. "Silver Bullets" don't work on these were-risks. Putting in the effort to acknowledge, comprehend, and document the third-party risk will allow you to communicate that risk appropriately to those charged with governance so they can decide to accept, mitigate, transfer or avoid the risk.

Learning Objectives:

• Understand how to properly evaluate a SOC 2 report (or a framework compliance certificate) from your vendor
• Understand how to integrate 3rd party risk into the organization Risk Assessment using a Cyber Risk Assessment
• Understand how 3rd party technology impacts your cybersecurity risk
• Understand the how a data inventory (or lack thereof) can impact your cybersecurity risk
• Understand the importance of culture on 3rd party technology risk management