FAIRCON24: You Asked, FAIR Answers with a Solution for Third Party Risk Management
Message received from the FAIR community: Third party risk is the loss event category that’s coming on fastest, and generating the most confusion as traditional third party risk management (TPRM) tools and techniques aren’t meeting the challenge.
There is a FAIR answer to the TPRM challenge - and we’ll explore it deeply at the 2024 FAIR Conference in Washington, DC (training sessions September 29-30, main sessions October 1-2). Register now!
Third Party Risk Management at the 2024 FAIR Conference
Our third-party (or supply chain) risk agenda kicks off with a 4-hour training on the FAIR Third Party Assessment Assessment Model (FAIR-TAM).
Monday, Sept. 30, 8:00 AM - 12:00 PM EDT
TPRM for Cyber Risk Professionals: Introducing FAIR-TAM
Workshop
Pankaj Goyal, Director, Research and Standards, FAIR Institute
Vince Dasta, Senior Partner - Risk Strategy, Safe Security
We’ll introduce key FAIR-TAM concepts such as:
-
Risk-based prioritization
With large organizations engaged with hundreds of third and fourth parties, a triaged approach is imperative. Run a FAIR assessment of the risk the vendor poses to your organization as a first party. That risk can be analyzed using the FAIR Materiality Assessment Model (FAIR-MAM) based on data access, server access or revenue access. Tier your supply chain partners accordingly, and prioritize your security focus where it will count the most.
Detail from FAIR-CAM
-
Comprehensive, continuous monitoring
Typical TPRM solutions give a point-in-time risk assessment (questionnaires) or incomplete, outside-in scans of a supplier’s controls (ratings services). FAIR-TAM promotes use of inside-out telemetry from third parties that access your network, reporting on a continuous basis through automation. With the FAIR Controls Analytics Model (FAIR-CAM), you can gauge the breach likelihood for these actors.
-
Actionable Mitigations
A key FAIR-TAM insight is to treat third parties as part of your attack surface, and implement zero trust principles and controls. The goal is to achieve active collaboration for the mutual benefit of first and third parties.
More TPRM Sessions at FAIRCON24
FAIRCON24’s agenda continues to flesh out a TPRM strategy, with a look at the current state of vendor offerings, the word from practitioners on collaboration for resilience between first and third parties, and a case study in quantitative TPRM from the giant pharma firm, GSK
Tuesday, Oct. 1, 1:30 PM
State of the TPRM Market
Alla Vallente, Senior Research Analyst, Forrester
Cody Scott, Senior Analyst, Security & Risk, Forrester
Tuesday, Oct. 1, 1:30 PM
Beyond Boundaries - Orchestrating Cyber Resilience Across First and Third Party Risk
Moderator: Pengfei Wang, Principal, Cybersecurity, EY
Kris Lovejoy, Board Member, Dominion Energy; Global Security
Mike Wilson, CISO, Molina Healthcare
Drew Simonis, CISO, Juniper Networks
Michael Sechrist, Executive Director for Threat and Risk Management, athenahealth
Juanita Bates, Director Cybersecurity Governance Risk & Compliance, Jefferson Health
Tuesday, Oct. 1, 3:35 PM
Embracing a True Risk-Based Approach to TPRM
Meena Martin, VP, Cyber Risk and Assurance, GSK
Pankaj Goyal, Director, Research and Standards, FAIR Institute
A Third Party Risk Management Reader - FAIR Institute Blog Posts to Get Up to Speed on TPRM before the Conference
Makes the case for why TPRM is failing and five action steps to re-think it.
The Big CrowdStrike Fail: Lessons for Third-Party Cyber Risk Management (TPRM)
A trusted third-party delivers a faulty software update and crashes Windows machines around the world. If you are looking for a persuasive example of the need for risk-based vendor risk management, here you are.
The Journey to Third Party Risk Management Maturity
How to make the move from “don’t know” to effective risk management
First- and Third-Party Risk Management: It’s Time to Unite
How to apply FAIR principles across both parties.
Learn more! Attend the 2024 FAIR Conference in Washington, DC (training sessions September 29-30, main sessions October 1-2). Register now!
Get a FAIRCON24 preview in this video: