A third party vendor is a person or company that provides services for another company (or that company’s customers).  While vendors are considered “third parties,” some industries differentiate a “third-party vendor” specifically as a vendor under written contract, but not all vendors work under a contract. For clarity’s sake, the term “third-party vendor” in this article refers to any individual...

MAS-TRM stands for the Monetary Authority of Singapore-Technology Risk Management guidelines. It addresses technology risk management, including raising cybersecurity standards and strengthening cyber resilience in the financial sector.  In response to the growing cyber threat landscape, the Monetary Authority of Singapore (MA) recently updated its MAS-TRM guidelines to help financial organizations keep up with emerging technologies and cybersecurity best practices,...

CRISC stands for Certified in Information Systems and Risk Controls, and is a specific qualification for IT professionals, awarded by ISACA. That’s the short version. But what is CRISC exactly, and how can it improve your third-party security? The CRISC Certification CRISC certification is a risk management qualification that many people have used to build and progress their careers. With...

Most people have an abstract idea of what “cybersecurity risk” is, but they may have trouble defining it or have an understanding of the cybersecurity risks within their organization—especially third-party cybersecurity risk. If you want to protect your organization effectively and design the best strategies to overcome your biggest threats, you’ll need to be able to define and understand those...

Cybersecurity and information security may sound like two different terms for the same idea. But while they’re related, they’re actually different concepts. What is cybersecurity? What is information security? And what’s the actual difference between them? What is cybersecurity? Let’s start with a definition of cybersecurity. You’ll get a different definition for this depending on which organization you’re consulting. For...

A third-party security risk assessment template could be useful in helping your organization plan for and coordinate efforts to reduce cyber risk. But what is a third-party security risk assessment template, exactly? What makes a third-party security risk assessment template effective? And how can you design one from scratch? What Is a Cyber Risk Assessment? Let’s start with the basics....

The Center for Internet Security (CIS) is a nonprofit organization that seeks to “identify, develop, validate, promote and sustain best practice solutions for cyber defense.” But what exactly is this organization? How does it work? And how does it relate to third-party security? The CIS Model CIS uses a closed crowdsourcing model to suggest ingenious new security measures and perfect...

Cybersecurity risk management identifies an organization’s potential vulnerabilities and implements a system to detect, deflect, isolate and analyze threats. It’s like setting up a high-security door that prevents unauthorized access to company networks, accounts, servers and web-based assets. Third-party vendor cybersecurity risk management specifically focuses on the management of risks involved in doing business with other companies and contractors. Third-party...

What Are MSSPs? MSSPs are managed security service providers that offer monitoring and management services related to cybersecurity.  Many IT experts have partnered with MSSPs in the past, or plan to work with them in the future. As organizations understand more and more about the importance of risk mitigation, MSSPs are adding third-party security risk management services to their portfolios....

Technological advancements in the financial sector have made life easier for everyone, but convenience often comes at a price. Cybercriminals are constantly looking for opportunities for exploitation. Businesses in the financial sector are prime targets for data breaches and other damaging cyberattacks. Cybercriminals that target financial businesses are usually looking to steal financial information they can use for identity theft....