Third-party security risk assessment and rating
Organizations utilizing the applications and programs that were developed by a third-party supplier is on the rise. The combination of low-cost solution with the speed of implementation entices organizations to ditch the old model of hiring an entire team of individuals to internally develop applica...
Saved in:
| Summary: | Organizations utilizing the applications and programs that were developed by a third-party supplier is on the rise. The combination of low-cost solution with the speed of implementation entices organizations to ditch the old model of hiring an entire team of individuals to internally develop applications that will fill-in their business needs. In trying to keep up with the digitization of competitors, organizations often overlook the cybersecurity risks a third-party supplier can potentially introduce to the existing information systems. There is a gap on a standard process that will serve as a security checkpoint for all third-party developed programs and applications before they get onboarded to the organizations internal systems. For the target organization in this project, third-party applications sometimes do not go through the proper information security checks and implemented into the production environment without clearance from the information security team. This initiative aims to fill this gap with a standard process to properly assess the vendor’s information security capabilities, guide them with the proper security configuration of the application in compliance to the organization’s minimum-security standards and to rate the vendor with a granular security matrix so that future engagements with a vendor can be properly assessed in the context of cybersecurity. |
|---|