16 March 2021
Addressing a Blind Spot – Third Party Risk
All organisations and their business models are reliant upon the contribution and efforts of third parties to keep their businesses running. However, in many cases an organisation’s approach to assessing and managing the risks associated with their reliance on third parties is weak or non-existent, which creates a blind spot.
When it comes to IT Third Party Cyber Risk Management, how do you ensure that the third parties engaged to do work for your organisation preserve the confidentiality, integrity, and availability of your information? Often the “work” could include access to your organisation's data, intellectual property, financials, operations, or other sensitive information.
Some questions to consider are
We all have a reliance on third parties to make things happen so it’s important to ensure the risks associated with engaging them are analysed, understood and managed appropriately.
Some examples of steps you can take to make improvements in this area include – identifying and categorising your third parties based on agreed criteria; identifying and classifying the information to be used by or shared with third parties; determining the level of due diligence you will apply upfront and ongoing to each of your third party categories, investigating whether any of those third parties have had an information security incident, and so on. Investing some time and effort to get this aspect of your IT and business operations in hand will help to protect you and the business from a range of possible issues - reputation, regulation, profit and litigation.
Give us a call if you would like to discuss how we can assist your IT Third Party Cyber Risk Management program.
Incident Response - “By failing to prepare, you are preparing to fail”
The saying “By failing to prepare, you are preparing to fail” is attributed to Benjamin Franklin.
If he were around today, we’d consider asking him to endorse our Incident Response Execution Pack
The key elements of our Incident Response Execution Pack are
Assessment Phase
Prepare and Deliver Phase
The benefit of having a comprehensive IR plan (including a bespoke set of playbooks) is that you can improve the speed and effectiveness of your team in dealing with a real-life incident.
Our Incident Response experts can assist an organisation to develop an IR plan or refresh the key components of an existing one.
To ensure the IR plan execution steps are clearly understood, we can formalise the “war room” structure, walk through an IR scenario using a sample playbook, and prepare suitable supporting IR documentation, including a library of our 18+ IR playbooks.
Click Here to view information on our Incident Response Optimisation service.
Fast and very cost-effective evidence collection - start your incident response process in seconds
For those organisations that want to quickly start an actual incident response process without having to wait for external expertise, we have developed a First Responder Forensic Toolkit (FRFT). Having the FRFT onsite means that within minutes you can react to a potential incident, and start collecting the data necessary to complete an initial triage exercise, which is paramount in conducting an effective investigation during incident response. The toolkit is kept updated, supported by our team, and compliant with standards including ISO 27035-1, 27035-2, 27037, and 27043 thus ensuring that information collected with the FRFT is admissible in court, should it be required.
Drive Security Maturity With An “IT Road Code” For Your Organisation >