ISACA Ireland - Mid-West Conference - Limerick - First Party risk – OK, but Third and Fourth Party Risk – Who’s taking care of that?
ISACA Ireland Chapter is pleased to announce a full one-day Regional Conference following on from the success of previous Regional events in Letterkenny (North West Conference) and Cork (South West Conference)
The 2013 Target data breach, which began at an air conditioning subcontractor, is a well known example of a third party risk becoming reality. More third party breaches are being discovered than ever before. It's no longer enough to simply ensure that an organization's systems are secure. The now ubiquitous GDPR may allow the sharing of responsibility but not ultimate accountability.
A risk management program needs to look beyond the perimeter of an organization to properly vet the third and fourth-party vendors who will have access to data without being subject to an organisations internal risk management process. The use of third parties in a supply chain or for data handling creates potential risks that can be compounded by third-party weaknesses should they exist.
The discipline of third-party risk management (or TPRM) has evolved to help manage this new type of risk exposure. This conference will hope to raise some awareness of these risks and enlighten attendees as to how to address them.
Who should attend:
IT Managers, Vendor Managers, Vendors, Risk and Compliance professionals and advisors, Procurement Managers and anyone concerned with the risks that can arise from Third Party dependencies.
The topics and speakers are being finalized and attendees will be updated as the day's program takes shape.
09:00 Open Conference Feargal O’Neill Chapter President ISACA Ireland Chapter
09:15 Tom Fitzgibbon Dell - Keynote Speaker
10:45 Eamonn McCoy ISO27001 – Third Party Risk
11:15 Martin Davies - Pramerica There’s a hole in my S3 bucket, dear Liza, dear Liza
12:00 John Brady 3rd party risks and project risks
13:45 Kenneth Murphy - Ward Solutions - SOC & NOC
14:15 Gerry Joyce - Vendor Due Diligence and Outsourcing Arrangements
“What is VDD and why is it important? Which vendors need to be assessed and who should do it? When and how should it be done? These are some of the questions that will be covered in this presentation.”
15:30 Stephen Breen The reality of our Cyber Threat Surface due to 3rd party services
Engaging with 3rd parties service providers that host and secure line of business application, and collaboration and productivity ICT services, has many advantages. However, these commercial and technical arrangements incur some significant challenges from an IS governance and cyber security perspective. This presentation explores the difficulties for organisations to understand, govern and mitigate cyber threats in these environments.
16:00 Wrap Up /Spot Prizes & networking - Feargal O’Neill
This event will attract 8 verified CPE's