Key questions to ask to improve your third-party IT risk management

Published: Wednesday, 28 August 2019 09:06

A new resource from ISACA, ‘Managing Third-Party Risk: Cyberrisk Practices for Better Enterprise Risk Management’ provides information and advice to help organizations better manage third-party IT risks.

Vendors can be an overlooked entry point into organizational data and the Managing Third-Party Risk resource provides risk management professionals with a foundational understanding of the full spectrum of third-party risk management—from third-party governance, assessment, analysis, closeout and monitoring. Enterprises will be able to ‘not only start with the basics of defining third-party management roles within their organizations, but also receive guidance for mastering each step of the process’.

Included in the paper are nine specific questions that professionals should ask during the third-party risk assessment process.

The guide also includes six key questions to ask when engaging in threat modeling.

Obtain the document (registration required).