Upload File

a smarter approach to 3 4th party supplier risk · today brad is the senior director of third-party...

  • Home
  • Documents
  • A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third
14
EnergySec Webinar November 2, 2016 A Smarter Approach to 3 rd and 4 th Party Supplier Risk Presented By: Brad Keller Sr. Director 3 rd Party Strategy - Prevalent Inc.

Upload: others

Post on 15-Oct-2020

4 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

EnergySec Webinar November 2, 2016

A Smarter Approach to 3rd and 4th Party Supplier Risk

PresentedBy:BradKeller

Sr.Director3rdPartyStrategy-PrevalentInc.

Page 2: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

It’s Interactive

2

Please submit your questions through the control panel to get answers LIVE from our panelists.

Page 3: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

It’s Hip to Chat

EnergySec is hosting an online chat to accompany this webinar which is open to all registered EnergySec Community participants.

To join the chat as a guest, visit:

https://hipchat.energysec.org/g0kGNyQRW

If you have a HipChat account already, join us in the room titled, EVENT: EnergySec Webinar Chat. Note: Registered users have access to the chat history, file attachments, and links.

3

Page 4: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

Meet Your Speaker

4

BradKellerhasbeendevelopingandleadingriskmanagementprogramsformorethan25years.DuringthisCmeBradhasdevelopedandimplementedvendorandbusinessriskmanagementprogramsatseveralfinancialinsCtuConsthathavesubstanCallyimprovedriskmanagementwhilealsopassingfederalregulatoryscruCny.Hehasimplementedleadingedgeprogramsforassessing3rdpartyrisk,andtheidenCficaConandmiCgaConofidenCtytheHandonlinefraud.HehastesCfiedonbehalfofthefinancialservicesindustryatCongressionalhearingsoncustomerprivacyissues;and,isafrequentmemberofindustrylediniCaCvesthataddressissuesrelatedtoriskmanagement,anC-phishing,onlinefraud,customerprivacy,andauthenCcaConissues.TodayBradistheSeniorDirectorofThird-PartyStrategyatPrevalent,wherehefocusesonthedeliveryofPrevalent’sthirdpartyriskmanagementandassessmentsoluCons.PriortojoiningPrevalent,hewasaSeniorVicePresidentwithTheSantaFeGroupfocusingonthemanagementoftheSharedAssessmentsProgram.AtSharedAssessmentsheledthedevelopmentofSharedAssessmentstools,training,andtheriskmanagementprofessionalcerCficaConprogram.BradgraduatedwithhonorsfromtheUniversityofMissouriwithaB.S.degreeinFinanceandreceivedhisJ.D.withhonorsfromSt.LouisUniversitySchoolofLaw.HeisadmiWedtopracCcelawinOklahoma.

Page 5: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

2001 2002 2003 2007 2009 2010 2011 2012 2013 2014

PCIDSS3CFPBBulle-n2012-03

NRS603NVDataSecurity

201MACodeReg17

WAHB1149

HF1758MNPlas-cCardSecurityAct

OCCBulle-n2002-16

GLBA

OCCBulle-n2001-47

OmnibusHIPAARule

OCCBulle-n2013-29PCIDSS2HITECHActCSPrivacySB1386

RegulatoryPressureIncreasing

2015

SECRiskAlert

HKMAandMASWarningonCyber

Security

EnergySectorCybersecurityFrameworkImplementa-onGuidance

2016

FERCOrderNo.829,RevisedCri-calInfrastructureProtec-onReliabilityStandards

Page 6: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

56%ofrespondentssaytheydoNOTknowwhatIPandotherhighvalue"crownjewels"areinthehandsofthirdparCes

26%

Only26%ofrespondentssaytheprocesstheyusetoassessthirdpartyriskiseffecCve.

2016PonemanStudy–3rdPartyRiskLandscape

56%

PonemanInsCtute.ToneattheTopandThird-PartyRisk.April2016

75%ofrespondentsconsider3rdPartyRiskserious&increasing,while70%saythat3rdPartyRiskisSIGNIFICANTLYINCREASING

Page 7: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

§  Extending internal risk management cybersecurity guidelines to supply chain –  Prioritizing suppliers and associated risks –  Determining if supplier controls satisfy internal requirements and relevant

standards §  Assessments only provide a static viewpoint

–  Suppliers are not monitored on a real-time and on-going basis –  Supplier assessments quickly become stale

§  Current IT threat intelligence solutions are not relevant and lack business context –  Threat intelligence is not correlated to a supplier relationship

Current Industry Pain Points

Page 8: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

The Solution – A Unified Platform

ASSESSMENT THREATINTELLIGENCE

COLLABORATION

SupplyChainAssessment,ThreatIntelligence,&Collabora-on

Page 9: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

§  Current methods focus on a one-to-one relationship model

§  Synapse approach focuses on scale, automation, and leveraged content to build an assessment ecosystem that continuously grows

The Synapse Approach

Page 10: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

Synapse Architecture

Page 11: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

Synapse Use Cases

EnterpriseNetworks•  Example:PayPal-automateprocesses,reducecosts&scale

toalargenumberofglobalvendorsusingtheSynapseapproach

Ver-calNetworks•  Example:Legal-topgloballawfirmshavestandardized

assessment&conCnuousmonitoringusingtheSynapseapproach

ServiceProviderNetworks•  Example:EllieMae–enablingEllieMaevendorsand

partnerstoprovide3rdand4thpartyvisibilitytoclients

Page 12: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

Vertical Network - Example

12

SUPPLIER A

COMPANY 5

COMPANY 4

COMPANY 3

COMPANY 2

COMPANY

1

SUPPLIER F

SUPPLIER E

SUPPLIER D

SUPPLIER C

SUPPLIER B

•  Companies&Suppliers•  ContribuCng&CollaboraCnginthe

Network

Page 13: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

Questions

Page 14: A Smarter Approach to 3 4th Party Supplier Risk · Today Brad is the Senior Director of Third-Party Strategy at Prevalent, where he focuses on the delivery of Prevalent’s third

Thank You

BradKellerSr.Director,3rdPartyStrategyPrevalentInc.Phone::(704)[email protected]


Third Party Operations

Third party monitoring

Third Party Presentation

Third-party cookies

Third Party Ownership

Third Party Inspection

Third Party Right

Third Party Importance

Third Party Laboratories

Conempt Third Party

Prevalent Third-Party Risk Management Platform Version 3. 18 · 2020-05-20 · Prevalent Third-Party Risk Management Platform Version 3. 18 New and Updated Features The Prevalent

Third Party Submission

Third Party Supplier

Third Party Information Security Principles - magairports.com · Third Party Information Security Principles Document Control Title: Third Party Information Security Principles Owning

APPENDIX 1. THIRD PARTY CERTIFICATION BODIES. The ......APPENDIX 1. THIRD PARTY CERTIFICATION BODIES. The following Third Party Certification Bodies (Third Party Certifiers) have met

Third-party ecosystem: Why rethink third-party risk? · Third-party ecosystem Third-party ecosystem: Why rethink third-party risk? 4 Organization Distribution and sales Facilities

Third-party logistics

Third-Party Interests

Manage Third-Party Gadgets · Upload Third-Party Gadgets Afteryousetthepasswordforthe3rdpartygadgetaccount,youcanuseSFTPtouploadthird-partygadgets …

Third-Party Integrations

Third Party Reimbursement Third Party Reimbursement Survey 2006

3pl Third party

The 2020 Third-Party Risk Management Study - PrevalentThe 2020 Prevalent-Shared ssessments Third-Party Risk Management Study 2 Introduction In February 2020, Prevalent and Shared Assessments

Third Party Complaint

Third party logistics

Third Party Trust

Third Party Performance

Third-Party Custody

Third Party Process

Private Equity Club Simplification presentation · PricewaterhouseCoopers LLP Slide 21 September 2006 Third Party Vendor Third Party Vendor Third Party Vendor Third Party Vendor ABC

Third Party

Third Party License

eGenix.com Third-Party Software Licenses · Licenses of Third-Party Software used in some eGenix.com Products Version 1.0 Third-Party Licenses

Third Party SAP

Third Party Certificates