The Risk Management Blind Spot, Third-Party Identities Often Create Unrecognised Risk

Download Now

To download this white paper you’ll need an Infosecurity Magazine account. Log in or sign up below.

Log in
Sign up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in our online comments.

Your password should:

  • be at least eight characters long
  • be no more than 25 characters long
  • contain at least one uppercase, lowercase and special character
  • contain at least one digit
  • only contain alphanumeric characters or ~!@#$%^&*()_-+=?.

For more information explaining how we use your information please see our privacy policy.

By registering you agree with our terms and conditions.

An ever-growing area of concentration in risk management is identifying and mitigating the risks that third parties introduce to an organisation – and perhaps equally important, ensuring that third parties don’t introduce unmeasured risk.

One might think that third-party governance systems, sometimes used for vendor assessments, could be used to manage the identity and access management aspects of the vendor relationship. However, most security vendors do not consider identity to be part of third-party management.

Today, it’s common practice for risk management teams to assess a third party’s risk controls by evaluating responses to a Standardised Information Gathering (SIG) questionnaire. Unfortunately, these vendor security assessments based on SIG answers may give the organisation false confidence in a vendor’s actual security posture.

In addition, onboarding processes are usually automated for employees but are highly manual for third-party users.

This white paper explores and outlines why, to effectively manage third-party risk, organizations require a purpose-built, scalable solution that improves the granularity, transparency, consistency and agility of their third-party risk management program.

Brought to you by

Should you download this content your information may be shared with the sponsors indicated above. Please see Infosecurity Magazine’s privacy policy for more information.