The Risk Register

I recently sat down with Peter Lesser, Director of Global Technology at Skadden, Arps, Slate, Meagher & Flom LLP, to discuss how nth parties, certifications, and Incident Response scenario-based tests are vital to third-party assurance and resiliency.  We also touched on the …

Open-source risk scoring needs to be coupled with multiple risk identifiers

I am always fascinated by the folks who proclaim that it only takes 200, 250, 300 {you fill in the blank} questions to assess a vendor.  I’ve been doing this for several decades now and have yet to find a magic number that satisfies the required risk assessment/analysis. …

A poorly configured Amazon S3 bucket has resulted in the disclosure by Walmart jewelry vendor MBM Company of 1.3 million customer records. The information was disclosed because the bucket was left open and publicly available to anyone who found it. The bucket included personal …

These unlikely coworkers working closely together and understanding each other’s roles are crucial to your organization’s security. I’ve read many research and thought leadership articles discussing the “digital partnership” of the CMO and CIO relationship, especially with the …

LVN members are finding that 30% – 50% of their vendors are already in the Network.  With hundreds of assessed vendors and over 250,000 vendors being continuously monitored, it’s likely that many of your vendors are already in LVN too.

Wouldn’t it be nice if just once someone really helped me deal with GDPR instead of reminding me of all the work I must do? Well folks I’m here to do just that.

This blog isn’t about me. It’s about how third-party risk continues to crawl towards an economic approach across all industries.

We are continuing to learn more about the breach at Larson Studios which resulted in the release of 10 episodes of Orange Is The New Black (OITNB) as well as other titles from Netflix, ABC, CBS, and Disney. …

On June 7th, the OCC issued a welcomed update to the 2013 Guidance on how to manage third party relationships (OCC Bulletin 2017-21). While much of the guidance provides insight into how to address issues related to fintech companies, there are several key areas that have …

Security professionals are a smart, resilient group.  Whether it is dealing with the constant barrage of threats from hackers, software vulnerabilities, privacy concerns, and compliance activities, security professionals are generally in a constant state of learning from on the …

When most of us think of our vendors handling sensitive information, we tend to gravitate toward the obvious: the payroll processing company, our contracts law firm, our accounting firm with our financial data, or the patent law firm with all our intellectual property. Frankly, …