In the cyber sphere, NIST, ISO, AICPA, and DHS are among the multiple organizations that have offered a definition of cyber risk management. While the multiple definitions of cyber risk all differ to a greater or lesser extent, a few key elements remain the same.
The universal theme of these definitions is the use of risk measurement to discern the likelihood and damage of events that could negatively impact the confidentiality, integrity, availability, and ownership of cyber assets (including systems and the information they store, process, or transmit) and treating them. Managing third-party cyber risk is an attempt to measure the likelihood and negative impacts of a cyber event that could happen due to the third parties in your ecosystem, and working with those third parties to treat the risk they expose you to.
IN THIS GUIDE, YOU WILL LEARN:
Why having an effective and efficient Third-Party Cyber Risk Management (TPCRM) program matters
What you need to know to create an effective program