We delve into the necessity of automating third-party risk management processes to handle the complexity and scale of today's cyber threats effectively. Craig shares insights on the challenges organizations face, the evolution of risk management strategies over the past decade, and the crucial role of cutting-edge technologies in enhancing security frameworks.
Craig Callé talks about third party risk management (TPRM), with an emphasis on cybersecurity. TPRM is a subset of Governance Risk and Compliance (GRC), which aims to help organizations achieve their objectives, address uncertainties, and act with integrity. TPRM is crucial as over half of all data breaches occur through insecure third parties. Companies need to understand their third party relationships and monitor them more carefully, which requires a variety of tools and processes. Craig explains that TPRM can cover a variety of risks, including cybersecurity, but also financial viability, compliance with privacy, sanctions and other regulations, reputation management, supply chain issues, and alignment of ESG and sustainability objectives.
Are weak third parties affecting the safety of your organization? In today’s podcast, Host Craig Jeffery talks with Craig Callé, CEO of Source Callé, about navigating third-party risk with real-world examples. The dialogue covers requirements and inefficiency, as well as the vision for the next ten years.
Full article published in GRC Outlook
Vendor risk management (VRM) is getting increasing attention at almost every company because the dependencies on third parties need to be better scrutinized. Not surprisingly, VRM programs typically focus, often exclusively, on data security. However, VRM is integral to other aspects of supply chain resilience, including privacy compliance, financial viability, ESG and sustainability practices, sanctions compliance, brand threats (e.g., labor practices), vendor concentration, geopolitical risk, shipping delays owing to extreme weather and inaccessible routes and ports, and dislocations attributable to n-tier dependencies.
Full article published in CFO Magazine
We live in insecure times, and it’s not for lack of trying to develop effective cyber defenses. Naturally, C-level executives want to know what good looks like and how to measure it. Penetration tests, internal vulnerability scans, and IT control checklists remain go-to tactics, but a new generation of tools is taking things to the next level.
Full article published in CFO Magazine
Other than in the heavily regulated banking and health care industries, vendor risk management remains cybersecurity’s second-class citizen, getting far less attention than it deserves.
Discrete actions to protect the organization against cyber security threats are necessary. In order to be most effective an organization must take an appropriate posture that is directed to their entire operation. The entire operation includes the perimeter, interior and off-premises data and system. The IoT (internet of things) can’t be ignored as it sits within this domain.
Craig Jeffery, Strategic Treasurer’s managing partner, continues the conversation with Craig Calle a former banker and CFO now founder of the security firm SourceCalle. This session builds upon their first podcast called: Understanding the 2nd chapter of the cloud. This podcast title is: Security: Standing Up Straight – Achieving a Proper Cyber Security Posture.
The movement of functionality and services to the cloud has been underway for over a decade. It began with sales management and has extended to every area of the corporate world. This has created an opportunity for better services to become available to more companies. At the same time, the challenges that are raised need to be addressed. These include issues of data protection in all domains and understanding that security must extend beyond the internal data center.
Development of new services and functions create change which must be managed. As we are deep into the second chapter of the cloud, how do we adapt properly?
If PII and other secure data is outside the organization, how do IT and treasury ensure this asset is protected at all times and in all locations?
If the promise of the cloud is the democratization of technology, what is the danger of shadow-IT (nearly everyone adding applications or services to the company platform without any vetting)? What needs to be done?
Craig Jeffery, the Managing Partner of Strategic Treasurer discusses these topics with Craig Callé, founder of the security firm SourceCallé and a former CFO of Amazon Digital Services and other companies.
Full article published in CFO Magazine
Investment bankers and their clients have a blind spot when it comes to information technology (IT) issues. Deal teams can be intimidated by technical concepts, leaving them to IT specialists who get involved late in the process, often after a deal closes. They also can understate the significance of IT as a valuation driver, despite news headlines about company-crippling hacks.
Full article published in CFO Magazine
We learn about data breaches almost every day, and the first-line victims range from large, seemingly sophisticated companies to the local dentist’s office. Our ability to assess and understand a company’s cyber hygiene has been fairly limited, so knowing who’s safe has been a guessing game — until now.