3rd Party Risk Management , Governance & Risk Management , IT Risk Management

Third-Party Risk Management: How to Grow a Mature Program

Dave Stapleton of CyberGRX on Building a Secure Vendor Risk Foundation
Third-Party Risk Management: How to Grow a Mature Program

Enterprises globally recognize the challenge of third-party cyber risk, but they still struggle with the risk management. Dave Stapleton of CyberGRX discusses the elements of a mature program, including the role of risk ratings.

There are many reasons why enterprises struggle with third-party risk, says Stapleton, CISO at CyberGRX. And a big part of it is funding.

"A lot of people recognize that it's a must, but it's just not as sexy as some other cybersecurity issues," he says. "And I think it can be difficult to convince the executives or the boards to provide the funding that's needed to implement a truly mature program."

In an interview about growing a mature third-party cyber risk program, Stapleton discusses:

  • Where enterprises commonly struggle;
  • The role of risk-ratings services vs. validated inside out assessments;
  • The key elements for building a mature program.



Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.