risk management

Prevalent-Blog-Logo

In reviewing recent security incidents at several New York City banks, an article in the October 21st New York Times1 focused on an ever recurring theme – the need to closely scrutinize how well a financial institution’s vendors provide IT security to protect access to data and systems.  While the theme itself isn’t new, the article revealed that the Treasury Department is now engaged in a “sweeping effort”1 to require banks to increase their procedures for determining if vendors are adequately protecting their data and access to their systems.

(more…)

Prevalent-Blog-Logo

While there are often significant non-financial benefits to understanding your vendors’ controls, many executives are still “fuzzy” on why they need a third party or vendor risk management program. Generally, an organization outsources a business function to a service provider because it is less expensive than staffing the expertise and building the infrastructure internally. Building oversight (and additional cost) to manage the risks posed by these relationships into the budget seemingly reduces the ROI. However, not fully understanding these risks can cost the organization significantly more during and after a data breach. Once the decision is made to outsource, the sharing of sensitive information is a requirement; and due diligence becomes one of the only mechanisms to understand whether the third party has the necessary controls in place to protect your data.

(more…)