A Third-Party Risk Management Implementation Guide and Toolkit
Third parties, whether they provide software or services to an organization, can introduce significant security risks, including ransomware, software vulnerabilities, loss of services, and breaches of confidential information. For this reason, companies have established third party risk management (TPRM) processes and dedicated staff to evaluating the security postures of existing and potential third parties.
In this CISO Stories webinar, panelists share their experiences dealing with managing security risks in third party software and services. They will also discuss best practices and tools developed by a cross sector task force of CISOs, highlighting:
• A six-phase third party risk management program lifecycle whose steps are critical to a successful third-party risk management program, including (supplier identification, classification, assessment, management, monitoring, and relationship termination)
• A TPRM Standard
• A TPRM Program Workbook (supplier inventory and automated security questionnaire)
• Strategies for addressing new supplier threats and regulations
Join us for key insights and tools to help your organization improve the effectiveness of your Third-Party Risk Management Program.
For over 20 years, Tom has practiced as a cyber security professional as an executive director of information security for Verizon, a founder of two cyber security consulting firms, and Vice President of Content and Programs for the Cybersecurity Collaborative.
Tom is CEO of MyDataOnly, Inc., which offers privacy and security consultation and security (penetration) testing services. Tom began his career in IT in programming and strategic planning and later founded a customer satisfaction measurement firm.
Tom holds four security certifications (CISSP, CISM, PCIP) and one privacy certification (CIPP/US). He has a master’s degree from MIT’s Sloan School of Management and is a Marine Corps veteran.
Andy Fiumefreddo is a seasoned cybersecurity visionary with over two decades of expertise in fortifying IT operations and third-party cyber risk management. At American Family Insurance, Andy has been instrumental in protecting assets exceeding $10 billion by spearheading the creation of a comprehensive Enterprise Third-Party Cyber Risk program, harmonizing efforts across five Operating Companies. His leadership philosophy is built upon the bedrock of humility, transparency, integrity, and accountability—fundamental tenets he believes are crucial for robust risk management and effective communication.