A Risk-Based Management Approach
To Third-Party Data Security, Risk & Compliance
Posted by
EdmontonPM
Feb 22
Online Webinar – Recorded February 1st 2018
Activity Type: Education – Online or Digital Media Up to 1 PDU – Free
Provider: ProjectManagement.com / Gantthead (REP #2488)
Once viewed your PDU Will automatically Be recorded with PMI®
ProjectManagement.com / Gantthead premium content
Is available to PMI® members.
This data security and compliance methodology is based on examining third-party vendors against the development of a three dimensional risk based model.
The final deliverables of the risk impacts, findings, enterprise requirements, and remediation are presented quantitatively.
A number of professional surveys indicated that information technology and security managers, directors and executives reported significant data breaches linked directly or indirectly to third-party access.
Unfortunately, these security breaches are trending upwards. In addition, there is an absence of a structured and quantifiable methodology to measure the third-party risks on an enterprise, as well as what are the expected requirements from the third-party to substantiate the evidence that sound risk management practices are in place.
Types of risk a third-party may have on an enterprise when third-parties store, access, transmit or perform business activities.
It represents a probable risk exposure for the enterprise. The degree of risk and the material effect are highly correlated with the sensitivity and the transaction volume of data.
Outsourcing certain activities to a third-party poses potential risk to the enterprise.
Some of those risk factors could have adverse impacts in the form of, but not limited to, strategic, reputational, financial, legal or information security issues. Other adverse impacts include service disruption and regulatory noncompliance.
Examples of third-parties’ services include, but are not limited to, technology service providers; payroll services; accounting firms; invoicing and collection agencies; benefits management companies; consulting, design and manufacturing companies.
Most third-party commercial relationships require sending and receiving information, accessing the enterprise networks and systems, and using the enterprise’s computing resources. The risk posed at different levels and the impacts range from low to very significant.
Join Robert Putrus (LinkedIn profile) and learn how you as a program or project manager can adopt this methodology in its entirety or adjust it to fit your enterprise’s uniqueness then build your own PMBOK process groups and knowledge areas.
Note: You have to sign in to ProjectManagement.com with your PMI® credentials to register for this opportunity. If you are not signed in with your PMI® credentials you will not see the “Register for this webinar” link
Click to register for:
A Risk-Based Management Approach
To Third-Party Data Security, Risk & Compliance
1.0 | 0 | 0 |
Technical Project Management | Leadership | Strategic & Business Management |
NOTE: For PMI® Audit Purposes – Print Out This Post! Take notes on this page during the presentation and also indicate the Date & Time you attended. Note any information from the presentation you found useful to your professional development and place it in your audit folder.
Leave a Reply