|
|
| Vendor preparedness is crucial for an effective third-party risk management(TPRM) |
|
|
|
|
|
| Summary: |
|
As we know, reliance on a rather long and complex supply-chain of third-party vendors is growing. Third parties help organizations in attaining their strategic objectives by increasing revenues, reducing costs, and expanding customer base. They can also enhance competitiveness, provide opportunities to diversify and strengthen security and compliance by transferring risks. However, they reduce company’s direct control and thus increase the overall information security risk, especially during pandemic, while most of us are working remotely.
The question is how much to trust the third-party vendors and what is the basis for that. Is it sufficient to give a 500 questions long questionnaire to the vendor at the time of signing the contract? What is the most efficient way to assess vendor risks? What about the vendor side? How to reduce vendor pain-points and how to coach them to enhance their security controls to the expected level?
This presentation is aimed to answer above questions through some practical use-cases and real-life scenarios to provide experience-based guidance on making the TPRM process effective and worthwhile for both the sides, vendor as well as business. Additionally, we shall discuss where to look for help, and how to avoid pitfalls to realize potential of leveraging supply-chain for business.
|
|
|
|
|
| Agenda: |
6:00 - 6:05 - Welcome and Introduction
6:05 - 6:45 - Session: Vendor preparedness is crucial for an effective third-party risk management(TPRM)
6:45 - 6:55 - Q & A
6:55 - 7:00 - Wrap-up |
|
|
|
|
|
|
| Speaker: |
| Sanjay Mathur |
| Information Security Specialist |
| Frictionless Security LLC |
|
|
|
|
| An accomplished IT security professional who held various technical and business responsibilities with big four consulting, Fortune 1000, and start-ups. Motivated by innovation and risk mitigation, Sanjay has been enabling business to securely achieve its goals. Currently, he is providing consulting and advisory services to startup growth companies. Prior to this, he was managing information security at KLA-Tencor and a business leader at Visa managing IT Audits & IT Security initiatives. In addition, Sanjay has an accomplished global consulting experience. He has MSc and MBA degrees with CISM, CISSP and CRISC certifications. A regular speaker at ISACA Silicon Valley and San Francisco chapters on topics, such as: Mobile security risk mitigation, moving from network-based security to data-driven security, Accelerating IT Audit fieldwork using visual constructs, to name a few. Co-instructor for a Two-day training program on “Trusted E-Systems for FDA and HIPAA Compliance” at UC Berkeley Extension. Published technical and business papers in ISSA Journal and other technical magazines, and a regular blogger-contributor to Pulse/LinkedIn and various other online forums. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Interested in speaking at our event or know someone who is?
Suggest names of speakers and/or topics for our chapter events by sending email to theboard@isaca-sv.org |
|
|
|
|
| ISACA Silicon Valley Job Portal |
| Looking for your next career move? (or) Do you have an opening in your company/team? |
| ISACA helps you reach 3000+ members and non-members including ISACA certified professionals working on Information Security/ Internal Audit/ Risk Management/Governance. Post your job opening at the ISACA Silicon Valley website. |
| Visit our Job Portal |
|
|
|
|
| New Self Service Portal |
| ISACA would like to introduce a new Self Service Portal for members and non members to sign-up for our newsletters, manage your personal profile, view attended events and CPE earned. |
|
|
|
|
|
|
| ISACA Membership & Certification Renewal |
| If you haven't done already, please log on to www.isaca.org to renew your ISACA annual membership. To complete your certification renewal, visit www.isaca.org/reportCPE to submit CPEs. |
|
|
|
|
| Follow us on social media |
|
|
|
|
|
|
|
|
|
|
|