FAIRCON24: You Asked, FAIR Answers with a Solution for Third Party Risk Management

Audit Meeting - Applying FAIR Methodology to Third-Party Risk Management - Featured

Message received from the FAIR community: Third party risk is the loss event category that’s coming on fastest, and generating the most confusion as traditional third party risk management (TPRM) tools and techniques aren’t meeting the challenge. 

There is a FAIR answer to the TPRM challenge - and we’ll explore it deeply at the 2024 FAIR Conference in Washington, DC (training sessions September 29-30, main sessions October 1-2). Register now!

Third Party Risk Management at the 2024 FAIR Conference

Our third-party (or supply chain) risk agenda kicks off with a 4-hour training on the FAIR Third Party Assessment Assessment Model (FAIR-TAM).


Monday, Sept. 30, 8:00 AM - 12:00 PM EDT 

TPRM for Cyber Risk Professionals: Introducing FAIR-TAM

Workshop

Pankaj Goyal, Director, Research and Standards, FAIR Institute
Vince Dasta, Senior Partner - Risk Strategy, Safe Security


 

We’ll introduce key FAIR-TAM concepts such as:

  1. Risk-based prioritization

With large organizations engaged with hundreds of third and fourth parties, a triaged approach is imperative. Run a FAIR assessment of the risk the vendor poses to your organization as a first party. That risk can be analyzed using the FAIR Materiality Assessment Model (FAIR-MAM) based on data access, server access or revenue access. Tier your supply chain partners accordingly, and prioritize your security focus where it will count the most. 

FAIR-CAM Domains - FeaturedDetail from FAIR-CAM

  1. Comprehensive, continuous monitoring

Typical TPRM solutions give a point-in-time risk assessment (questionnaires) or incomplete, outside-in scans of a supplier’s controls (ratings services). FAIR-TAM promotes use of inside-out telemetry from third parties that access your network, reporting on a continuous basis through automation. With the FAIR Controls Analytics Model (FAIR-CAM), you can gauge the breach likelihood for these actors.

  1. Actionable Mitigations

A key FAIR-TAM insight is to treat third parties as part of your attack surface, and implement zero trust principles and controls. The goal is to achieve active collaboration for the mutual benefit of first and third parties.  

More TPRM Sessions at FAIRCON24

FAIRCON24’s agenda continues to flesh out a TPRM strategy, with a look at the current state of vendor offerings, the word from practitioners on collaboration for resilience between first and third parties, and a case study in quantitative TPRM from the giant pharma firm, GSK 

Tuesday, Oct. 1, 1:30 PM

State of the TPRM Market

Alla Vallente, Senior Research Analyst, Forrester

Cody Scott, Senior Analyst, Security & Risk, Forrester

Tuesday, Oct. 1, 1:30 PM

Beyond Boundaries - Orchestrating Cyber Resilience Across First and Third Party Risk

Moderator: Pengfei Wang, Principal, Cybersecurity, EY

Kris Lovejoy, Board Member, Dominion Energy; Global Security

Mike Wilson, CISO, Molina Healthcare

Drew Simonis, CISO, Juniper Networks 

Michael Sechrist, Executive Director for Threat and Risk Management, athenahealth

Juanita Bates, Director Cybersecurity Governance Risk & Compliance, Jefferson Health

Tuesday, Oct. 1, 3:35 PM

Embracing a True Risk-Based Approach to TPRM

Meena Martin, VP, Cyber Risk and Assurance, GSK

Pankaj Goyal, Director, Research and Standards, FAIR Institute


A Third Party Risk Management Reader - FAIR Institute Blog Posts to Get Up to Speed on TPRM before the Conference 

Let’s Kill TPRM

Makes the case for why TPRM is failing and five action steps to re-think it. 

The Big CrowdStrike Fail: Lessons for Third-Party Cyber Risk Management (TPRM)

A trusted third-party delivers a faulty software update and crashes Windows machines around the world. If you are looking for a persuasive example of the need for risk-based vendor risk management, here you are. 

The Journey to Third Party Risk Management Maturity

How to make the move from “don’t know” to effective risk management 

First- and Third-Party Risk Management: It’s Time to Unite

How to apply FAIR principles across both parties.


Learn more! Attend the 2024 FAIR Conference in Washington, DC (training sessions September 29-30, main sessions October 1-2). Register now!

Get a FAIRCON24 preview in this video:






Learn How FAIR Can Help You Make Better Business Decisions

Order today
image 37