In this discussion, Salil Aroskar, a cyber risk management manager provides a deep dive into third party risk management and associated complexities. Focusing, on supply chains and external staffing, Salil highlights managing third party risk post-COVID-19. Amidst geopolitical tensions like the Ukraine war, Salil emphasizes the necessity of a comprehensive approach to understanding and mitigating risks associated with third parties.
The discussion centers on supply chain risk management, with Salil explaining how effective third party risk management involves identifying and assessing risks from all vendors involved in delivering specific products or services. This includes understanding the entire supply chain, from suppliers to end users, and addressing risks comprehensively. The conversation also touches on the critical aspect of software supply chain risk management. It is particularly relevant as companies increasingly rely on open-source libraries and various software components developed by multiple vendors.
During the conversation, Salil highlights the cybersecurity complexities of external entities accessing sensitive company information and systems. External parties often contracted through other external entities can pose significant third party risks. Salil suggests treating external staff similarly to internal employees, including conducting thorough background checks. Moreover, providing necessary training, especially when they handle sensitive data. This approach mitigates third party risk by ensuring that we adequately vet and train all personnel.
The discussion also covers structural issues within organizations regarding third party risk management. It highlights the potential need for HR departments to manage external staff similarly to internal employees. This ensures consistency and proper handling of third party risks. This could involve creating a dedicated HR function for external staff management.
The conversation then explores the unique challenges of third party risk management in the context of mergers and acquisitions (M&A). Salil stresses the importance of involving information security teams early in the M&A process to assess and manage third party risks. Understanding the timeline for integration and extending security controls to the acquired entity are crucial steps. Additionally, the discussion highlights the cultural and operational risks associated with M&A. These risks extend beyond cybersecurity and require comprehensive risk management strategies.
Salil’s insights underscore the growing cybersecurity complexities in managing third party risks in today’s interconnected and globalized business environment. Addressing third party risks requires a thorough and proactive approach. Including, detailed risk assessments, continuous monitoring, and cross-departmental collaboration within organizations.
- Understanding DORA: A Deep Dive into the Digital Operational Resiliency Act
- Career Growth in Application Security: Tips and Wisdom from a Seasoned Professional
- How To Build a Career in Risk Management: Sachin Nair’s Journey from India to Singapore
- Truly Global Cybersecurity Achievements: Pierre Noel’s Career Path
- Career Guidance in Information Security with Benoit Heynderickx
- Security Standards with Benoit Heyndrickx