DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 32, Issue 2

Full Contents Now Available!

Tuesday, 12 March 2019 14:48

How to Enhance Information Security Efforts

Evan Francen, CEO of FRSecure and Security Studio, makes the case for adopting a third-party information security risk management (TPISRM) program. He outlines how to get started and explains why the common excuses for ignoring the risks don’t hold water.

Third-party information security risk management (TPISRM*) is more critical today than it’s ever been. There is little doubt amongst information security experts that TPISRM is essential to the success (or failure) of your information security efforts, but the confusion in the marketplace is making it difficult to tell truth from hype. Ignoring the risks won’t make them go away, so something must be done. We just need to make sure it’s the right “thing.”

The Case for TPISRM

If the case for TPISRM isn’t obvious to you, you’re not alone. Only 16 percent of the 1,000 Chief Information Security Officers (CISOs) surveyed in a recent study claim they can effectively mitigate third-party risks, while 59 percent of these same CISOs claim their organizations have experienced a third-party data breach.

Third parties are implicated in up to 63 percent of all data breaches and regulators are increasingly scrutinizing how organizations handle third-party risks. Your organization can spend millions of dollars on a secure infrastructure, best-in-class training and awareness solutions and the most skilled professionals, but if you neglect to account for third-party risks, some or all of your investment is a waste.

Please let these numbers sink in for a moment. Logically, how do we deny the need for sound and cost-effective TPISRM when we know that it will decrease the likelihood and impact of a data breach? Logic says one thing, yet 57 percent of organizations don’t even have an inventory of the third parties they share sensitive information with.