The presentation describes process guidelines and framework for the enterprises’ board of directors and senior management teams to consider when providing oversight, examination and risk management of third-party business relationships in the areas of information technology, systems and cyber security.
The methodology is based on examining third-party vendors against the development of a three-dimensional risk based model. The final deliverables of the risk impacts, findings, enterprise requirements, and remediation are presented quantitatively.
A number of professional surveys reported that significant data breaches are linked directly or indirectly to third-party access. Outsourcing certain activities to a third-party poses potential risk to the enterprise.
Robert Putrus, CISM, PMP, PE, CMC, CFEPrincipal
The Roberts Company, LLC
Robert is a principal with The Roberts Company, LLC. He has 25 years of experience in program management, compliance services, information systems and management of professional service organizations. Experienced in the deployment of various cyber security frameworks/standards, Putrus has written numerous articles and white papers in professional journals, some of which have been translated into several languages. He has been quoted in publications, articles, and books, including those used in master of business administration (MBA) programs in the United States.