Concurrent Session Onsite and Online
ENG2356. Navigating Your Third Party Technology and Cybersecurity Risk (TCH, PRAC, FIN)
Our worlds and our businesses are becoming more and more interconnected. Name a company, non-profit, government entity or agency that is able to keep all of their data on internally created applications; that can run without third-party technology. Of course, with each new application and third-party, our cybersecurity risk increases. There are various tools and techniques available to help us navigate our third-party risk. "Silver Bullets" don't work on these were-risks. Putting in the effort to acknowledge, comprehend, and document the third-party risk will allow you to communicate that risk appropriately to those charged with governance so they can decide to accept, mitigate, transfer or avoid the risk.
Learning Objectives:
- Understand how to properly evaluate a SOC 2 report (or a framework compliance certificate) from your vendor
- Understand how to integrate 3rd party risk into the organization Risk Assessment using a Cyber Risk Assessment
- Understand how 3rd party technology impacts your cybersecurity risk
- Understand the how a data inventory (or lack thereof) can impact your cybersecurity risk
- Understand the importance of culture on 3rd party technology risk management
Date/Time
–
CPE Credits
1.5
NASBA Field of Study
Information Technology
Level
Basic
Prerequisites
0-2 years in the Profession
Advanced Preparation
NA