Removing the B.S. from Third-Party Risk Assessments – Merike Kaeo – CFH #21
Risk assessment questionnaires are a standard practice when evaluating current or prospective third-party partners. And yet some folks may justifiably ask: How valuable are these questionnaires if there are no consequences for fudging your answers, or even outright lying? This session will examine common weaknesses and oversights in the third-party assessment process, while recommending how to improve vendor transparency by obtaining key documentation, asking the right questions, and enforcing regulations.
Guest
Merike Kaeo is a vCISO at Double Shot Security, which provides corporate governance and executive strategies to secure global organizations. In prior roles, Merike held positions as CISO at Uniphore, CTO of Farsight Security and CISO for Internet Identity (IID). Her foray into security started when she instigated and led the first security initiative for Cisco Systems in the mid 1990s and authored the first Cisco book on security, Designing Network Security, which was translated into multiple languages and leveraged for prominent security accreditation programs such as CISSP. She is a passionate advocate for practical security measures and driving industry change to create a culture of integrity, responsibility and accountability.
Merike has served on the FCC’s Communications Security, Reliability, and Interoperability Council (CSRIC) and since 2010 has been a member of ICANN’s Security and Stability Advisory Committee (SSAC). She served a one year term on the ARIN Board of Trustee and a 3-year term as the SSAC Liaison to the ICANN Board. Merike earned a MSEE from George Washington University and a BSEE from Rutgers University.