Risk-Based Vendor Management Fundamentals
1 hour 30 minutes
Examine the cutting-edge issues in designing and executing privacy and security risk assessments.
This topic will focus on the fundamentals of creating and implementing a risk-based vendor management program designed to address the increasing threat of cybersecurity incidents. The risk to the privacy and security of an organization’s sensitive, personally identifiable, proprietary, and financial information continues to grow as cybersecurity attacks become more sophisticated. A growing number of these attacks occur through third parties, vendors, service providers, or the supply chain. Traditional vendor management programs may not be adequate for identifying and minimizing these risks. We will take a look at the threat landscape, review basic elements of a cybersecurity-focused vendor management program, identify best practices, and discuss program ownership and available resources. Whether your organization purchases software products, connected devices, or SaaS; outsources services; or engages managed service providers, this information will help you create or update your vendor management program to address cybersecurity risks posed by third parties, vendors, services providers, or the supply chain.
• You will be able to define risk-based vendor management.
• You will be able to discuss how to assemble an interdisciplinary vendor management team.
• You will be able to explain how to develop an appropriate risk-based vendor management program.
• You will be able to review how to execute vendor contracts.