TPRM Bytes

No business with internet-connected devices can eliminate cyber risk entirely; rather it’s a question of how to manage it. Cyber insurance will enable organizations to lower their overall total cost of ownership (TCO) of cyber risk management while reducing their...

Organizations often find themselves struggling to gain a thorough understanding of the length and breadth of an incident or breach at their third party and the type of impact on their organization. The impact can only be calculated when there is good enough data that...

Organizations that do have a TPRM program are at times unable to accurately determine the maturity level of the program. It is imperative to evaluate the maturity level to understand the deficiencies, short comings, operational risk, strategic risk, and optimal...

Security Ratings by definition, are produced by monitoring the internet space for information relevant to an organization’s internet exposed assets. There are many players in the industry that offer security rating tools (Security Scorecard, BitSight, Fortify Data,...

Risks identified (Inherent & Residual) need to be well articulated so the recipients find the right justification and reason to be called a risk. Lack of proper articulation often results in pushing back. A lack of control opens the door to risks, but what it may lead...

TPRM security assessment is followed by recommending appropriate and necessary clauses to the contract that finalizes the onboarding, once agreed upon by both sides. Contracts may at times reveal more information that was perhaps missed during the assessment scoping....

TPRM operations, when done in the right way by factoring all angles, become an activity involving multiple teams following multiple approaches, processes, SOPs, and SLAs. In my experience, conclusive data and information are crucial for all teams to work in tandem....