In your opinion, what is the biggest challenge faced by organizations when it comes to third-party risk management?

Third Party Risk Management (TPRM)Security & GRC

Limited visibility into third-party activities30%

Lack of resources for managing third-party risks46%

Insufficient contractual protections54%

Resistance from third parties to comply with security requirements51%

All of the above16%

None of the above4%

196 PARTICIPANTS

2.3k views29 Upvotes1 Comment

Lead Cloud Transformation Architect, 10,001+ employees

The biggest challenge faced by organisations when it comes to third-party risk management:

- Vendor Lock-in
- Lack of visibility and control
- Complexity of the third-party ecosystem
- Regulatory and compliance requirements
- Lack of resources and expertise to manage 3rd party risk
- Cultural and language differences
- Changing political landscape (eg. Russia based 3rd party vendors)

To address these challenges, organisations need to establish robust 3rd party risk management programs that include policies, risk assessments, contractual obligations, monitoring mechanisms, exit strategy, and ongoing communication with third parties

Content you might like

How confident are you in your organization's security awareness training program?

Security & GRC

Very confident, it is comprehensive and effective35%

Somewhat confident, it covers the basics but could be improved44%

Not very confident, it needs significant improvements18%

My organization does not have a security awareness training program.2%

211 PARTICIPANTS

3.7k views1 Upvote

For those looking to switch over to hardware keys for MFA, what are your biggest blockers and challenges?

Security Strategy & Roadmap Security & GRC

CTO for Digital & IT in Healthcare and Biotech, 10,001+ employees

We just did a fairly big roll out of Yubikeys for truck
. It was way easier than it used to be with RSA tokens (the ones with the little screens that show a rotating code) which were a logistical nightmare. However, we ...read more

How are companies planning to change manage the roll-out of Data Loss Prevention (DLP)? We have programme of work to roll this out and would be interested in getting feedback on how other companies have successfully rolled it out, and any lessons learnt that they are happy to share.

Security & GRC

IT Manager in Transportation, 10,001+ employees

Always remember about Risk Assessment. Conduct a thorough risk assessment to identify potential data loss risks and vulnerabilities. Use this assessment to prioritize DLP efforts.

I'm looking to build out my organization's documentation efforts within our internal SOC into a one-size-fits-all type of document that covers the typical aspects of IR and can be read across technical and non-technical stakeholders. Does anyone have any leads or has anyone themselves put together a general template for incident response reporting?

Security & GRC Security Operations Center (SOC)Threat Intelligence & Incident Response +2 more

Senior IT Analyst - data engineering in Real Estate, 1,001 - 5,000 employees

Creating a comprehensive incident response documentation template is crucial for efficient communication across technical and non-technical stakeholders. The template should include an executive summary, incident details, ...read more

2.1k views1 Comment

What factors are most important to you when choosing a Mobile Device Management (MDM) solution?

Security & GRC Strategy & Architecture Engineering +4 more

Security features and compliance with industry standards24%

User-friendly interface and ease of use32%

Scalability and ability to manage multiple devices and platforms34%

Integration with existing systems and applications6%

Cost-effectiveness and value for money2%

129 PARTICIPANTS

1.3k views4 Upvotes