Peer-Driven Insights

Third Party Risk Management (TPRM)

About this topic

Third Party Risk Management (TPRM) refers to the assessment and mitigation of risks associated with vendors and external partners. Effective TPRM protects organizations from external threats and ensures compliance.

Featured One-Minute Insights

Sept 2024

How are U.S. CISOs Addressing Liability Risk?

New regulations taking effect in the U.S. mean that cybersecurity leaders could face legal liability in the event of an incident. What strategies are they using to protect themselves?

Community Posts

We are about to select Dow Jones RiskCenter Third Party API for screening of our business partners. Has anyone already experienced it? Any advice?

Read More Comments

What processes do you rely on to address risks from rogue cloud tenants that the security team doesn’t have visibility of?

Read More Comments

When it comes to pros/cons of shadow IT, does your POV on this change for GenAI apps? Are there more pros outweighing the cons in those cases, or is it just too risky to be beneficial?

Read More Comments

What are the main 10 features requested in a GRC platform?

Read More Comments

My agency is looking for a system and operations center to prevent exfiltration of data. We have looked at Varonis and Blackfog. Any thoughts on these products or are there any suggestions of other products?

What tool did you adopt to support your third-party risk management practice?

My vendor experienced a major breach — should I continue with them?

Read More Comments

Are you confident in your software supply chain security strategy?

Very confident16%

Somewhat confident66%

Somewhat unconfident14%

Not at all confident2%

Other (explain in the comments)

View Results

Which Vendor Risk Ratings platform do you use? BitSight Security Scorecard Venminder Other/Comments?

What is the top cybersecurity issue your organization is facing?

Data breaches due to remote work8%

Ransomware attacks50%

Lack of a corporate security plan23%

Missing security patches9%

Failure to inform employees of threats5%

Other (please specify)2%

View Results

What should be included in a high-level policy for third-party cybersecurity risks?

Read More Comments

How do you foresee the data security and privacy landscape changing over the course of 2023?

Read More Comments

Does the concept of Attack Surface Management vs. Attack Surface Analysis make sense to you?

Read More Comments

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Read More Comments

Are people still looking at Log4j code, or has everyone moved on from it?

Read More Comments

Have you experienced any significant security breaches or data incidents involving your software vendors?

Yes, multiple times44%

Once40%

No16%

View Results

About this topic

Featured One-Minute Insights

How are U.S. CISOs Addressing Liability Risk?

Community Posts

We are about to select Dow Jones RiskCenter Third Party API for screening of our business partners. Has anyone already experienced it? Any advice?

What processes do you rely on to address risks from rogue cloud tenants that the security team doesn’t have visibility of?

When it comes to pros/cons of shadow IT, does your POV on this change for GenAI apps? Are there more pros outweighing the cons in those cases, or is it just too risky to be beneficial?

What are the main 10 features requested in a GRC platform?

My agency is looking for a system and operations center to prevent exfiltration of data. We have looked at Varonis and Blackfog. Any thoughts on these products or are there any suggestions of other products?

What tool did you adopt to support your third-party risk management practice?

My vendor experienced a major breach — should I continue with them?

Are you confident in your software supply chain security strategy?

Which Vendor Risk Ratings platform do you use? BitSight Security Scorecard Venminder Other/Comments?

What is the top cybersecurity issue your organization is facing?

What should be included in a high-level policy for third-party cybersecurity risks?

How do you foresee the data security and privacy landscape changing over the course of 2023?

Does the concept of Attack Surface Management vs. Attack Surface Analysis make sense to you?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Are people still looking at Log4j code, or has everyone moved on from it?

Have you experienced any significant security breaches or data incidents involving your software vendors?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?