CISO Tribe invites you to their event

CISO Round Table - Third Party Risk

Tuesday, November 7th 2023 - 10:00 AM (GMT)

The event is over. See you in the next one.

Tuesday, November 7th 2023 - 10:00 AM (GMT)
About 1 hour

About this event

This is an invitation only activity. If you received this invitation from a CISO Tribe member, kindly refer to that member in the registration form. Please do consider that this session is not a lecture; it's a collaborative exploration of innovative ideas, approaches and solutions in a trusted environment where every participant brings valuable insights and experiences to the table. This session will not be recorded, chatham rules apply.

CISO Tribe kindly invites you to join an open discussion format CISO Roundtable to reimagine the way we manage third party cyber risk.

Masters of Ceremonies today are Tom Gilis, Group CISO at UCB and Ivan Milenkovic, Group CISO at Webhelp.

Third Party Risk, beyond the Check Boxes

Among the many challenges we face today, third party risk management may very well be one of the most complex and pressing issues. We’re relying on hundreds of vendors, suppliers, partners, contractors, service providers to run our business, ranging from HR, Device Suppliers, SaaS vendors, Cloud Service Providers, BPO’s.

While we acknowledge growing reliance on third parties and increase of risk coming from outside our company walls, the third party risk problem is yet to be solved.

Regulations like NIS2 and DORA do not offer actionable guidance on how to address security failures in the ecosystem. We should be careful that they don't result in third party risk management becoming a compliance burden, with organizations swapping 'snap shot' questionnaires / due diligence assessments and badges of honor, each of them inventing the wheel, and relying on risk scores that may be misleading.

Some existing tools and approaches may help, but our members are divided on delivery of their promises and are not considered silver bullets to say the very least. Business ownership, shadow IT, fourth parties and changes (within and outside of our own organizations) affecting third party risk adds further complexity and makes it a tough nut to crack.

Today we'll evaluate how our different organizations are operationalizing third party risk management, the challenges they face, what works and what not. And what actions could be taken to understand and mitigate the real risk inherited from our vendors, including how we’re using their products and services, considering that our third parties also have third parties and that - just like in our own organization - risks evolve after onboarding.

Topics covered:

  • Activity versus progress? Current approaches, solutions and tools. What works, what does not?
  • How do you operationalize 3rd party risk management? Risk in context
  • Distribution of key vendors, business ownership of the relationship
  • Third parties of third parties
  • Third Party Security Rating Solutions, useful or not?

The session will not be recorded, a high level conclusion document will be produced.

Agenda:

11h00: Welcome -- Wim Stoffelen, CISO Tribe (NL)

11h02: Introductions -- Ivan Milenkovic (UK) and Tom Gilis (BE)

11h05: Interactive group discussions, 10 minutes per each topic

11h55: Closing remarks

Hosted by

  • Guest speaker
    G
    Ivan Milenkovic Group CISO @ Webhelp

  • Guest speaker
    G
    Tom Gilis CISO @ UCB

CISO Tribe

Community of cyber leaders that shares the values of belonging, achieving, and giving back.

View all events
Host webinars on Host webinars on Livestorm
Virtual Meetings Webinars Virtual Events On-Demand Webinars Automated Webinars Product Demos Company communication Customer training Live Q&As Employee onboarding Live events