Governance, Regulation & Compliance

 

Education Level: Intermediate

4417 - Intrusive Monitoring: The Nuclear Option for Monitoring Third Parties

Monday, September 25
4:30 PM - 5:30 PM

The structure of most organizations’ information processing involves large numbers of third-party organizations that have access to organizations’ most critical and sensitive data. Even modest-sized organizations have hundreds of third parties. Without mature structure for effective management of third parties, organizations fail to uncover and manage risks they would find unacceptable had they been known.

This session discusses program structure for managing third-party risk, including the concept of risk tiering, based on various criteria, with corresponding levels and types of due diligence activities: including short and long questionnaires, requests for evidence, on-site visit, and assessments by expert security firms. The discussion will highlight case studies for intrusive monitoring, where an organization will be monitoring one or more of their third parties’ networks, as a part of its overall event visibility.

Learning Objectives:

Peter Gregory

Executive Director - CISO Services
Optiv Security

Peter H Gregory (CISSP, CISA, CRISC, CISO, QSA, CCSK) is a career security professional with experience in several IT disciplines, including network engineering, software engineering, security engineering, IT management and security management. He serves as virtual CISO for clients of Optiv Security. He is the author of several books including Solaris Security, CISA All-In-One Study Guide and CISSP Guide to Security Essentials. He is the lead instructor and advisory board member at the University of Washington certificate program in information systems security.

Presentation(s):

Send Email for Peter Gregory


Assets

4417 - Intrusive Monitoring: The Nuclear Option for Monitoring Third Parties

MP3 Audio Slides Video

Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for Intrusive Monitoring: The Nuclear Option for Monitoring Third Parties