https://r1.ieee.org/njcoast/CSCSP-genzanoabstract/

Risk Assessment of 3rd Party Service Providers

Dominic Genzano, STIGroup

Most organizations, both private and public sector, rely on 3rd party service providers.  The nature of the services involved can range from high-exposure scenarios, like the management and support of networks and systems, to ostensibly benign business arrangements like the maintenance of air conditioning systems.  Regardless of the nature of the service provided, and almost without exception, engagement with a 3rd party service provider requires allowing that provider some level of trusted access to your environment that circumvents one or more security controls.  Such arrangements have contributed to significant security breaches, such as Target credit card breach that occurred earlier this year.  The engagement of 3rd party service providers requires a due diligence process from the outset in order to protect sensitive systems and information.  Dominic Genzano, CEO of STIGroup, will provide an overview of the risks of engaging with 3rd party service providers and present a methodology for mitigating that risk through a structured risk assessment process.