In this video, discover an in-depth exploration of the significance and ramifications of third-party relationships within the framework of the Digital Operational Resilience Act (DORA). Our host, Guy Marong, engages in a comprehensive discussion with Pierre Noel covering various aspects of third-party management. Noel is an experienced CISO with deep understanding of the diverse nature of third parties. They unravel to the complexities involved in ensuring organizational resilience.
Navigating Third-Party Management Challenges
The conversation recognizes how crucial third parties are in today’s business landscape. It highlights that even small engagements, like building maintenance or security services, can impact an organization’s security. They highlight the challenge posed by shared third-party arrangements across different teams within an organization.
From a cybersecurity perspective, the speakers underscore the critical role of resilience, not just in preventing incidents. Effectively responding to and recovering from such incidents is equally important. They emphasize on continuous risk assessment and monitoring. And also caution against the tendency to treat risk assessment as a mere box-ticking exercise. Instead the purpose is to gain genuine understanding of the risks involved. Additionally, they advocate for professionals to ensure that the assessment is relevant to the current risks.
Contractual obligations and external monitoring emerge as crucial elements in managing third-party relationships effectively. Noel encourages organization to include proactive external monitoring, such as continuous checks of third-party websites or the dark web.
The discussion also looks into how we assess third parties’ security levels and the need to help them enhance their security, particularly if they don’t meet our organization’s standards. They also emphasize the risk from fourth parties, like the partners of our third parties. Showing why we need to thoroughly assess risks and share information throughout the supply chain.
Embracing a Holistic Approach
In conclusion, organizations should follow a holistic approach to third-party management that extends beyond mere regulatory compliance. They underscore the need for a Chief Resilience Officer within organizations—a dedicated role responsible for overseeing resilience mechanisms across various risk domains and ensuring continuity in the face of disruptions.
Challenges related to termination of third-party relationships are also addressed. There is great emphasis on ongoing planning and resilience in the event of abrupt terminations due to security incidents or contractual breaches. Although contracts can discourage certain behaviors, we learn not to rely solely on contracts for organizational resilience.
Overall, the video offers a comprehensive exploration of the multifaceted challenges and considerations involved in managing third-party relationships under the regulatory framework of DORA.
- DORA and Third Party | A Deep Dive into Third-Party Risk Management
- Top Red Teaming Mistakes to Avoid with Expert Sharath
- Global Risk Expert Reveals Keys to Career Success with Stevan Bernard, CEO of Bernard Global LLC
- DORA and Incident Response with Pierre Noel
- Exploring a Career in Application Security: Insights from a Red Team Expert
- Navigating the DORA Series: Unraveling Third-Party Risks and Resilience in Cybersecurity