Presentation is loading. Please wait.

Presentation is loading. Please wait.

Third-party risk management (TPRM)

Published by翔 宿 Modified over 5 years ago

Similar presentations

Presentation on theme: "Third-party risk management (TPRM)"— Presentation transcript:

1 Third-party risk management (TPRM)
An ITC managed security service

2 65% 94% 83% Market conditions of breaches linked to third parties
plan to spend more over next 12 months 83% of business leaders lack confidence Organisations are experiencing a growth in third-party associated cyber security risks …meaning a greater focus on third-party related governance and reporting …however, traditional TPRM programmes are resource intensive, complex and error prone.

3 Organisations need a way to translate and distil this cyber activity into meaningful information so they can identify key risks and create effective TPRM programmes.

4 Market conditions Cyber Security ratings provide a quantifiable correlation to third-party risk and data breaches: 5x more likely if your rating is below 400, than one above 700 3x more likely if 50% of your computers are running updated OS 2x Open Port risk vector grade is F But they require considerable effort to administer effectively, at a time when companies often have resource shortages and skills gaps.

5 Our TPRM solution A fully managed service that helps organisations measure, manage and reduce their exposure to third-party cyber risk. Providing continuous monitoring of third parties, using an industry recognised scoring system to identify where risk is highest. Giving clear guidance to enable productive interactions with third parties where risks exist, how they should be mitigated to ensure quick resolution for reduced cyber risk exposure.

6 Why you need it Whether managing a number of third-party vendors, potential new clients, new partner or acquisitions, continuous visibility of their security performance is critical. Poorly rated third parties carry a significantly higher risk (up to 5X) of cyber breach, understanding and mitigating this risk to your own business is a key business imperative.

7 The solution – three components
ITC TPRM managed service 1. Setup and onboarding Monitoring and alerting Regular monthly reporting Expert cyber security knowledge to help you translate and distil all cyber activity and data into a tailored and actionable programme where the customer can identify, measure, and continuously monitor risk. Establish rules of engagement, standardised scoring, service processes (internal and external RACI) and governance policies around monitoring activities and thresholds.

8 The solution – three components
ITC TPRM managed service 1. Setup and onboarding 2. Monitoring and alerting Regular monthly reporting Continuous monitoring of identified critical third parties, by a expert cyber analyst. Daily Event alerts indicating significant third-party profile and risk changes, including recommended remediation actions to enable easy collaboration with affected third party. Updated status for critical third-party remediation actions within the current month to enable vendor follow-up.

9 The solution – three components
ITC TPRM managed service 1. Setup and onboarding 2. Monitoring and alerting 3. Regular monthly reporting Monthly performance reporting and trend analysis highlighting overall third-party and risk posture, industry trends, benchmarking, and threat activity. Deep-dive analysis on any flagged ‘at risk’ third-parties. Monthly de-brief call with a cyber analyst. Annual programme review and refinement workshop.

10 The solution – key features
ITC TPRM managed service Setup and onboarding Initial TP Risk Assessment Report – overview of identified priority risk vendor rating performance, review of current framework, and guidance on how rating and alert data could integrate into these processes and policies Onboarding Workshop informed by report to identify and agree vendor categorisation / risk tolerance, initial remediation guidance, definition of service processes (RACI), and set alerting thresholds and preferences Monitoring and alerting Continuous monitoring Daily alerts based on: Rating, and risk vectors changes Infections, vulnerabilities and breaches Full details and remediation guidance Alert Status Tracker: updated status to track evidence of remediation Triaged and sent via in password protected .pdf On-demand cyber expert support 2hours month Annual programme review and refinement workshop Regular monthly reporting Vendor Performance overview of monitored vendors, by score rating and risk changes Trend analysis / vendor deep-dive Significant rating / grades drops Performance vs benchmarks Summary of infections, vulnerabilities, breaches, by affected vendors Remediation and alerts status summary Benchmark insights (ratings vs industry) ed password protected .pdf De-brief call – Q&A, threshold refinement

11 Benefits of our solution
Expert advice for best practice set up, monitoring, and management of third-party risk Alerts backed by professional analysis for improved risk insight Effective remediation guidance to reduce the risk of breaches and facilitate easy vendor engagement Tracking and trend information to monitor individual companies Peer-based benchmarking

12

Download ppt "Third-party risk management (TPRM)"

Similar presentations

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.
Options appraisal, the business case & procurement

Options appraisal, the business case & procurement
HP Quality Center Overview.

HP Quality Center Overview.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
© 2013 IBM Corporation Information Management Discovering the Value of IBM InfoSphere Information Analyzer IBM Software Group 1Discovering the Value of.

© 2013 IBM Corporation Information Management Discovering the Value of IBM InfoSphere Information Analyzer IBM Software Group 1Discovering the Value of.
Vulnerability Assessments

Vulnerability Assessments
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
CUSTOMER PERFORMANCE MANAGEMENT PROGRAM 1. 1. WHAT IS IT ALL ABOUT? Evalu8r is an Operational Management Tool that enables business to successfully retain,

CUSTOMER PERFORMANCE MANAGEMENT PROGRAM WHAT IS IT ALL ABOUT? Evalu8r is an Operational Management Tool that enables business to successfully retain,
Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.

Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.
Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.

Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Engagement at The Health Trust Presented by Quantum Workplace 2014 Executive Report - The Health Trust.

Engagement at The Health Trust Presented by Quantum Workplace 2014 Executive Report - The Health Trust.
Corporate Social Responsibility LECTURE 25: Corporate Social Responsibility MGT 610 1.

Corporate Social Responsibility LECTURE 25: Corporate Social Responsibility MGT
Project management Topic 5 Risk. What is risk? An uncertain outcome – either from a positive opportunity or negative threat Risk management is about:

Project management Topic 5 Risk. What is risk? An uncertain outcome – either from a positive opportunity or negative threat Risk management is about:
NIH Change Management Program Change Management Program Overview March 8, 2016 1.

NIH Change Management Program Change Management Program Overview March 8,
Info-Tech Research Group1 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine.

Info-Tech Research Group1 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine.
SW Rural Update- Royal Agricultural College, Cirencester (Fri 23 rd Nov 07) Waste Management in the Rural Sector- from Legislation.

SW Rural Update- Royal Agricultural College, Cirencester (Fri 23 rd Nov 07) Waste Management in the Rural Sector- from Legislation.
Procurement Development Programs

Procurement Development Programs

Similar presentations

Ads by Google