The FFIEC Cybersecurity Assessment guidance has introduced a new term for our risk management practice: External Dependency Management. We will explore this new term in our guidance and better understand the requirements provided. This new term is a broader description of vendor management, service provider oversight, third party management and new requirements around customer risk management.
This session will discuss the following topics:
- Current regulatory Vendor Management landscape
- Integrating vendor management into the Information Security Program
- Risk assessing vendors
- New vendor or product Selection
- Ongoing vendor management
- Creating a DYNAMIC vendor management program
- Leveraging SOC reports for control understanding
- Integration of customer relationships into risk management process
Target Audience: Information security officer, IT manager, risk officer, internal auditor, and executives looking to understand the risk vendor relationships