Virtual Cyber & Technology Risk Management Forum

First page Table of contents Previous page 34 Next page Last page

• No real guidance on HOW to risk-assess vendors • No guidance on how to CATEGORIZE vendors • Most documentation is just gathered, not truly analyzed • Vendors are reviewed inconsistently throughout organizations • Vendor risk is not MEASURED • If you’re not measuring risk, there’s no way to tell when a vendor is not living up to your standards • Typically no process for handling risk exceptions Downsides to Compliance-Based VM

© 2020 SBS CyberSecurity, LLC www.sbscyber.com

12

Made with FlippingBook Publishing Software