A Risk-Based Management Approach to Third-Party Data Security, Risk and Compliance

Featuring

Premium Content
PMI Membership
$129 /year
(plus $10 application fee)
Sign up to view this on-demand webinar and get unlimited access to our library of webinars, time-saving templates and more.
PMI Membership perks include job opportunities, local chapters, respected publications, and standards.   Learn more
Already a PMI Member? Log in now.
Premium Content
PMI Membership
$129 /year
(plus $10 application fee)
Sign up to view this on-demand webinar and get unlimited access to our library of webinars, time-saving templates and more.
PMI Membership perks include job opportunities, local chapters, respected publications, and standards.   Learn more
Already a PMI Member? Log in now.
Premium Content
PMI Membership
$129 /year
(plus $10 application fee)
Sign up to view this on-demand webinar and get unlimited access to our library of webinars, time-saving templates and more.
PMI Membership perks include job opportunities, local chapters, respected publications, and standards.   Learn more
Already a PMI Member? Log in now.
61m 15s
Duration
1.00
PDUs
3,842
Views

Overview

This data security and compliance methodology is based on examining third-party vendors against the development of a three dimensional risk based model. The final deliverables of the risk impacts, findings, enterprise requirements, and remediation are presented quantitatively. 

A number of professional surveys indicated that information technology and security managers, directors and executives reported significant data breaches linked directly or indirectly to third-party access. Unfortunately, these security breaches are trending upwards.   In addition, there is an absence of a structured and quantifiable methodology to measure the third-party risks on an enterprise, as well as what are the expected requirements from the third-party to substantiate the evidence that sound risk management practices are in place.

Types of risk a third-party may have on an enterprise when third-parties store, access, transmit or perform business activities. It represents a probable risk exposure for the enterprise. The degree of risk and the material effect are highly correlated with the sensitivity and the transaction volume of data.

Outsourcing certain activities to a third-party poses potential risk to the enterprise. Some of those risk factors could have adverse impacts in the form of, but not limited to, strategic, reputational, financial, legal or information security issues. Other adverse impacts include service disruption and regulatory noncompliance.

Examples of third-parties’ services include, but are not limited to, technology service providers; payroll services; accounting firms; invoicing and collection agencies; benefits management companies; consulting, design and manufacturing companies. Most third-party commercial relationships require sending and receiving information, accessing the enterprise networks and systems, and using the enterprise’s computing resources. The risk posed at different levels and the impacts range from low to very significant.

Program and project managers may adopt this methodology presented in its entirety or adjust it to fit enterprise uniqueness then build their own PMBOK process groups and knowledge areas.

NOTE: You must watch videos in their entirety and all the way through to the end for our system to record your viewing activity accurately. Learn more about PDUs on ProjectManagement.com.

Suggested Webinars




Talent Triangle Alignment

This video qualifies for the following PDUs:
 
PMP/PgMP
PMI-ACP
PMI-SP
PMI-RMP
PfMP
PMI-PBA
1.00
0.00
0.00
1.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
Total
1.00
0.00
0.00
1.00
0.00
0.00

Learn about earning PDUs on ProjectManagement.com


Acknowledgements: Marjorie Anderson and Derrick May

Reviews (160)

Login/join to subscribe
Page:
Page:
ADVERTISEMENTS

"If we knew what it was we were doing, it would not be called research, would it?"

- Albert Einstein