Vendor Risk Management for Beginners

Presented at Diana Initiative 2022, Aug. 11, 2022, 3 p.m. (30 minutes)

Companies of every size and industry must evaluate the security risks introduced by third-party apps and services. Getting compromised by an outsider is bad, but getting compromised through a vendor can be much worse due to their access to company data and use within closed networks. This talk will provide a primer for getting started on third-party vendor review and risk management, including tips to improve your organization's data and security posture. Attendees will learn how to classify the sensitivity of data, how to do this work within a team, what risk acceptance is and how it works, and what resources may be available to you within your company.

Presenters:

• Christina Liu - Cisco Meraki
  Christina Liu is a ex-circus performer turned web developer turned Enterprise Security Engineer. She’s worked in highly regulated tech industries such as healthcare and finance. In her current role, she is the vendor review SME performing reviews and security integration liaison for a company of 3,000 people. Her favorite outdoors activities include rock climbing and hiking extremely slowly to look at wildflowers, mushrooms, and shiny smaller rocks.

Links:

• https://thedianainitiative2022.sched.com/event/15ckp/vendor-risk-management-for-beginners

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / Getting Control of Your Vendors Before They Take You Down
• AppSec USA 2015 / Training (1 day): Risk Management Like a Boss: Making Your Risks Work for You
• SOURCE Seattle 2016 / Out of Control: Managing Third Parties to Reduce Risk