I had the great pleasure to participate in an international roundtable in Singapore last week with Shared Assessments. The event was hosted by Deutsche Bank and was well attended with banking, service providers, and local regulatory members in attendance. Prevalent and Protiviti, both members of the Shared Assessments Steering Committee, made the trip to support the Santa Fe team. Local Shared Assessments members included JPMC and Deutsche Bank. The conversation was extremely robust with a few key discussion areas that I would like to highlight.
I am excited to announce an initiative we have been working on with many of the leading global law firms for some time. About 25 law firms approached Prevalent in an effort to determine the viability of creating a purpose-built network that could help standardize the process of third- party assessment, reduce risk, reduce cost, enhance client relationships, and improve industry cybersecurity maturity. After months of working closely with this team, Prevalent developed a model to help support the initiative specifically for the legal community, with the legal community. The model leverages Prevalent’s leading technologies and enables a standardized model for evidence collection, review, risk management, and continuous monitoring.
Today, the Shared Assessments Program released a briefing paper titled “Building Best Practices for Effective Monitoring of a Third Party’s Incident Event Management Program”. The paper was developed out of great necessity, as it became clear that Program members needed additional guidance when managing incidents at the service provider level.
I am very excited to announce the launch of our Prevalent User Group (PUG). PUG will provide our users with a forum to learn about the best practices, tips & tricks, and updated capabilities of Prevalent software solutions as well as provide the ability for our customers to learn from the field experiences and successes of other Prevalent users.
PUG was designed for anyone who is:
I struggle with the need for public references. Clearly our prospective clients want to know that their peers are using our products and services; however, by publicly providing proof that customers are using our solutions, we also knowingly bring more scrutiny by the very criminals that our solutions are supposed to protect our clients from. Additionally, while often clients would like to see public references, they often refuse to be one (with good reason). As a security professional, I would also generally not recommend my clients provide public references, but our marketing and PR teams are always asking because ALL of our competitors do this. I think we need a better way (and a referendum) that does not harm Prevalent for not trying to compete publicly with firms that would potentially do harm to their clients through the use of public acknowledgement. Maybe a private reference and credentialing model to be shared with other potential clients would help here??