The event is over. See you in the next one.
About this event
This is an invitation only activity. If you received this invitation from a CISO Tribe member, kindly refer to that member in the registration form. Please do consider that this session is not a lecture; it's a collaborative exploration of innovative ideas, approaches and solutions in a trusted environment where every participant brings valuable insights and experiences to the table. This session will not be recorded, chatham rules apply.
CISO Tribe kindly invites you to join an open discussion format CISO Roundtable to reimagine the way we manage third party cyber risk.
Masters of Ceremonies today are Tom Gilis, Group CISO at UCB and Ivan Milenkovic, Group CISO at Webhelp.
Third Party Risk, beyond the Check Boxes
Among the many challenges we face today, third party risk management may very well be one of the most complex and pressing issues. We’re relying on hundreds of vendors, suppliers, partners, contractors, service providers to run our business, ranging from HR, Device Suppliers, SaaS vendors, Cloud Service Providers, BPO’s.
While we acknowledge growing reliance on third parties and increase of risk coming from outside our company walls, the third party risk problem is yet to be solved.
Regulations like NIS2 and DORA do not offer actionable guidance on how to address security failures in the ecosystem. We should be careful that they don't result in third party risk management becoming a compliance burden, with organizations swapping 'snap shot' questionnaires / due diligence assessments and badges of honor, each of them inventing the wheel, and relying on risk scores that may be misleading.
Some existing tools and approaches may help, but our members are divided on delivery of their promises and are not considered silver bullets to say the very least. Business ownership, shadow IT, fourth parties and changes (within and outside of our own organizations) affecting third party risk adds further complexity and makes it a tough nut to crack.
Today we'll evaluate how our different organizations are operationalizing third party risk management, the challenges they face, what works and what not. And what actions could be taken to understand and mitigate the real risk inherited from our vendors, including how we’re using their products and services, considering that our third parties also have third parties and that - just like in our own organization - risks evolve after onboarding.
Topics covered:
The session will not be recorded, a high level conclusion document will be produced.
Agenda:
11h00: Welcome -- Wim Stoffelen, CISO Tribe (NL)
11h02: Introductions -- Ivan Milenkovic (UK) and Tom Gilis (BE)
11h05: Interactive group discussions, 10 minutes per each topic
11h55: Closing remarks
Hosted by
Community of cyber leaders that shares the values of belonging, achieving, and giving back.