a smarter approach to 3 4th party supplier risk · today brad is the senior director of third-party...
TRANSCRIPT
EnergySec Webinar November 2, 2016
A Smarter Approach to 3rd and 4th Party Supplier Risk
PresentedBy:BradKeller
Sr.Director3rdPartyStrategy-PrevalentInc.
It’s Interactive
2
Please submit your questions through the control panel to get answers LIVE from our panelists.
It’s Hip to Chat
EnergySec is hosting an online chat to accompany this webinar which is open to all registered EnergySec Community participants.
To join the chat as a guest, visit:
https://hipchat.energysec.org/g0kGNyQRW
If you have a HipChat account already, join us in the room titled, EVENT: EnergySec Webinar Chat. Note: Registered users have access to the chat history, file attachments, and links.
3
Meet Your Speaker
4
BradKellerhasbeendevelopingandleadingriskmanagementprogramsformorethan25years.DuringthisCmeBradhasdevelopedandimplementedvendorandbusinessriskmanagementprogramsatseveralfinancialinsCtuConsthathavesubstanCallyimprovedriskmanagementwhilealsopassingfederalregulatoryscruCny.Hehasimplementedleadingedgeprogramsforassessing3rdpartyrisk,andtheidenCficaConandmiCgaConofidenCtytheHandonlinefraud.HehastesCfiedonbehalfofthefinancialservicesindustryatCongressionalhearingsoncustomerprivacyissues;and,isafrequentmemberofindustrylediniCaCvesthataddressissuesrelatedtoriskmanagement,anC-phishing,onlinefraud,customerprivacy,andauthenCcaConissues.TodayBradistheSeniorDirectorofThird-PartyStrategyatPrevalent,wherehefocusesonthedeliveryofPrevalent’sthirdpartyriskmanagementandassessmentsoluCons.PriortojoiningPrevalent,hewasaSeniorVicePresidentwithTheSantaFeGroupfocusingonthemanagementoftheSharedAssessmentsProgram.AtSharedAssessmentsheledthedevelopmentofSharedAssessmentstools,training,andtheriskmanagementprofessionalcerCficaConprogram.BradgraduatedwithhonorsfromtheUniversityofMissouriwithaB.S.degreeinFinanceandreceivedhisJ.D.withhonorsfromSt.LouisUniversitySchoolofLaw.HeisadmiWedtopracCcelawinOklahoma.
2001 2002 2003 2007 2009 2010 2011 2012 2013 2014
PCIDSS3CFPBBulle-n2012-03
NRS603NVDataSecurity
201MACodeReg17
WAHB1149
HF1758MNPlas-cCardSecurityAct
OCCBulle-n2002-16
GLBA
OCCBulle-n2001-47
OmnibusHIPAARule
OCCBulle-n2013-29PCIDSS2HITECHActCSPrivacySB1386
RegulatoryPressureIncreasing
2015
SECRiskAlert
HKMAandMASWarningonCyber
Security
EnergySectorCybersecurityFrameworkImplementa-onGuidance
2016
FERCOrderNo.829,RevisedCri-calInfrastructureProtec-onReliabilityStandards
56%ofrespondentssaytheydoNOTknowwhatIPandotherhighvalue"crownjewels"areinthehandsofthirdparCes
26%
Only26%ofrespondentssaytheprocesstheyusetoassessthirdpartyriskiseffecCve.
2016PonemanStudy–3rdPartyRiskLandscape
56%
PonemanInsCtute.ToneattheTopandThird-PartyRisk.April2016
75%ofrespondentsconsider3rdPartyRiskserious&increasing,while70%saythat3rdPartyRiskisSIGNIFICANTLYINCREASING
§ Extending internal risk management cybersecurity guidelines to supply chain – Prioritizing suppliers and associated risks – Determining if supplier controls satisfy internal requirements and relevant
standards § Assessments only provide a static viewpoint
– Suppliers are not monitored on a real-time and on-going basis – Supplier assessments quickly become stale
§ Current IT threat intelligence solutions are not relevant and lack business context – Threat intelligence is not correlated to a supplier relationship
Current Industry Pain Points
The Solution – A Unified Platform
ASSESSMENT THREATINTELLIGENCE
COLLABORATION
SupplyChainAssessment,ThreatIntelligence,&Collabora-on
§ Current methods focus on a one-to-one relationship model
§ Synapse approach focuses on scale, automation, and leveraged content to build an assessment ecosystem that continuously grows
The Synapse Approach
Synapse Architecture
Synapse Use Cases
EnterpriseNetworks• Example:PayPal-automateprocesses,reducecosts&scale
toalargenumberofglobalvendorsusingtheSynapseapproach
Ver-calNetworks• Example:Legal-topgloballawfirmshavestandardized
assessment&conCnuousmonitoringusingtheSynapseapproach
ServiceProviderNetworks• Example:EllieMae–enablingEllieMaevendorsand
partnerstoprovide3rdand4thpartyvisibilitytoclients
Vertical Network - Example
12
SUPPLIER A
COMPANY 5
COMPANY 4
COMPANY 3
COMPANY 2
COMPANY
1
SUPPLIER F
SUPPLIER E
SUPPLIER D
SUPPLIER C
SUPPLIER B
• Companies&Suppliers• ContribuCng&CollaboraCnginthe
Network
Questions
Thank You
BradKellerSr.Director,3rdPartyStrategyPrevalentInc.Phone::(704)[email protected]