Every major cyber security framework and law requires that an organization must manage the cyber risk of third party vendors. In fact, vendor cyber risk management must now be considered “best practice” for having a defensible cyber program. Over the last several years, many vendor cyber risk management tools have entered the market. In general, […]
Category Archives: Vendor Risk Management
In February, the National Institute of Standards (NIST) released the updated version of agency guidance for implementing the HIPAA Security and Privacy Rule. NIST SP 800-66r2, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, is the second version and contains updated guidance on how Covered Entities can comply with HIPAA. HIPAA enforcement […]
If you are handling sensitive data in your business, sooner or later you will be asked to “validate” your cyber security program. This can happen for several reasons. A large customer or prospect may need to assess the cyber risk of your organization. You may try to purchase Cyber Breach Insurance. Or maybe you are […]
We often speak to businesses struggling to pass a cyber security assessment from one of their key clients. The business has received a huge spreadsheet with 100+ cyber security questions, many of which they have no idea how to answer. If they don’t “pass” the assessment, they may lose the client entirely. Sometimes it is […]
Attorneys Create New Control Framework The Association of Corporate Counsel (ACC), which represents over 42,000 in-house counsel across 85 countries, recently released a new control model to help organizations interact with outside parties when dealing with sensitive information. This is among the many new business domains areas where vendor risk management has become a key issue. […]
Third Party Vendors and Data Breaches So the bad news is sinking in. Data breach reports are showing that significant information security risk can lie with third party vendors. Starting with the now-famous Home Depot breach, a steady stream of breaches have been reported that involve third party vendors. In some studies, as many as […]