Third Party Risk Management (TPRM) is an essential component of any organizational cybersecurity risk management program. This is because TPRM programs help identify and mitigate risks to your organization introduced by external parties, ultimately trying to achieve the reduction of cyber risk provided by third parties.
Running an effective TPRM program is a large undertaking for any organization, and many organizations rely on outside vendors to help perform some, or even all, of the TPRM functions. The challenge, however, is that not all TPRM functions are free of risk themselves. Research indicates that some functions even introduce the very thing they are designed to suppress: information useful to attackers for compromising your, or even their, organizations.
David Meyer is the CIO and Managing Director of Advanced Assessments at Neuvik Solutions. He is responsible for end-to-end Red Team engagements, network penetration testing, web apps assessments, and more. He has been the offensive Red Team director for technical consulting firms as well as a member of the Red Team at Citibank.