Peer-Driven Insights

Third Party Risk Management (TPRM)

Community Posts

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Read More Comments

Apart from applying the patches just released, what other mitigation tactics are you using to address the zero-day SharePoint vulnerabilities impacting on-premises servers?

Thoughts on the recent alleged breach of Oracle Cloud’s login servers? What are your initial reactions to Oracle’s denial of the breach now that some customers have validated the leaked data?

Read More Comments

What processes do you rely on to address risks from rogue cloud tenants that the security team doesn’t have visibility of?

Read More Comments

What are the main hurdles you face when verifying a CSP’s compliance and security measures after an update? How are you addressing these issues so far?

How often does procurement include cyber risk assessment requirements in their engagement requests?

Always18%

Often39%

Sometimes26%

Rarely13%

Never1%

Not sure

View Results

Has anyone moved to a third party support for Hyperion (like Rimini Street)? If so, what pitfalls should we look out for and would you recommend it if we are 2-3 years from moving to a new solution?

What are the main 10 features requested in a GRC platform?

Read More Comments

Will you continue to use Oracle now that it's being sued for violating users privacy?

Yes37%

Maybe44%

No15%

Unsure3%

View Results

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Read More Comments

What is the top cybersecurity issue your organization is facing?

Data breaches due to remote work6%

Ransomware attacks51%

Lack of a corporate security plan25%

Missing security patches8%

Failure to inform employees of threats4%

Other (please specify)2%

View Results

What metrics are most useful for measuring 3rd party risk?

Read More Comments

How do you ask your third parties to notify you if they have had a cyber incident? Does your process work efficiently?

Read More Comments

How are you assessing the security posture of third-party APIs the business relies on? What criteria do you use currently?

Read More Comments

When it comes to pros/cons of shadow IT, does your POV on this change for GenAI apps? Are there more pros outweighing the cons in those cases, or is it just too risky to be beneficial?

Read More Comments

Community Posts

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Apart from applying the patches just released, what other mitigation tactics are you using to address the zero-day SharePoint vulnerabilities impacting on-premises servers?

Thoughts on the recent alleged breach of Oracle Cloud’s login servers? What are your initial reactions to Oracle’s denial of the breach now that some customers have validated the leaked data?

What processes do you rely on to address risks from rogue cloud tenants that the security team doesn’t have visibility of?

What are the main hurdles you face when verifying a CSP’s compliance and security measures after an update? How are you addressing these issues so far?

How often does procurement include cyber risk assessment requirements in their engagement requests?

Has anyone moved to a third party support for Hyperion (like Rimini Street)? If so, what pitfalls should we look out for and would you recommend it if we are 2-3 years from moving to a new solution?

What are the main 10 features requested in a GRC platform?

Will you continue to use Oracle now that it's being sued for violating users privacy?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

What is the top cybersecurity issue your organization is facing?

What metrics are most useful for measuring 3rd party risk?

How do you ask your third parties to notify you if they have had a cyber incident? Does your process work efficiently?

How are you assessing the security posture of third-party APIs the business relies on? What criteria do you use currently?

When it comes to pros/cons of shadow IT, does your POV on this change for GenAI apps? Are there more pros outweighing the cons in those cases, or is it just too risky to be beneficial?

What tool did you adopt to support your third-party risk management practice?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?