Here are six minutes of the best moments from “Hacking Third Party Risk: An hour of critical thinking on how to consider and measure all risks into your overall risk posture”.
in this discussion:
- Gerard Scheitlin, Reciprocity GRC expert and founder, RISQ Management
- Nina Wyatt, CISO, Sunflower Bank
Got feedback? Join the conversation on LinkedIn.
HUGE thanks to our sponsor, Reciprocity
Winner of “Best Bad Idea”
The CISO Series community knocked it out of the park last week with a whopping 59 bad ideas, but Shawn Bowen, CISO, RBI brought home the prize for a truly awful idea. We do have a few honorable mentions.
“Accept a bribe from a vendor and sign off on their risk.” – Mitchell DeMazza, account executive, ThreatModeler
“Use the Rocks Paper Scissors game to determine if the vendor meets your risk requirements.” – Scott Campbell, account executive, Expel
Best quotes from the chat room
“Inherent risk is the bedrock of any TPRM program….if you dont know what data your vendor has or what volume of…you cant assess them properly.” – Jon Ehret, vp, strategy and risk, RiskRecon
“That’s EXACTLY where small / new vendors shine, they can move and adjust much quicker and hungry for business, i have seen small vendors do magic in one week that huge companies can’t do in a year.” – Eli Migdal, CEO, Boardish
“Assessments, mappings, frameworks mean nothing unless you actually build a qualitative process that pulls in the right data from the above, associate monetary value and the associated impact to the business.” – Mathew Biby, CISO, Satcom Direct