Rethinking Risk Assessments – The Bane and Currency of TPCRM

by Justin Luebke

Business partners, third parties and vendors play vital roles in the day-to-day operations that help organizations achieve their goals. Prior to the Target breach in 2013, bringing on new business partners was a fairly straightforward process.

Today, however, that process requires IT security oversight referred to as third-party cyber risk management (TPCRM). While this additional step is often viewed as a business blocker, it is critical to ensuring your organization and customers remain secure because with every new third party you bring on, you increase your attack surface and, as the headlines illustrate, third parties are the cyberattack method du jour.

The only way to truly understand the risk posed by a third party is by assessing and validating the security controls and processes it has in place. The result of this process allows you to make informed decisions about how much risk you’re willing to accept and what you require the third party to mitigate in order to keep doing business with it.

Read more on Forbes here.