NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the...
Transcript of NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the...
![Page 1: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/1.jpg)
The SIG Webinar will begin shortly.
Once the webinar begins, the sound will come from your computer
speakers.
In the meantime, please take a look at the upcoming SIG networking events listed on the right side of your screen
and plan to join us if you are in one of these cities this fall.
NETWORKING EVENTS
GLOBAL SUMMITSApril 19-21 – Orlando, FL
SYMPOSIUMSSept 15 – SF Bay Area, CA
Sept 22 – Toronto, CANREGIONAL ROUNDTABLES
May 5 – Chicago, ILMay 12 – Sydney, AUSMay 24 – Atlanta, GA
Sept 27 – Cincinnati, OH
For more information and to register for all SIG events:
www.sig.org
![Page 2: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/2.jpg)
RECENT POSTINGS
The SIG Career Network is
bursting with opportunities.
New jobs are posted daily by some
of the best known global companies in the world for those
seeking careers in sourcing, outsourcing, procurement and
related functions.
For more information go to: www.sig.org/career-center.php
NEW to the Career Network!
• Guidewell/Florida Blue – posted April 11:
• Sourcing Manager – IT
• Sourcing Manager – Delivery
• Sourcing Manager – Professional Services
• Adobe – posted April 11:
• Sr. Sourcing Specialist – Contingent Labor
• PennyMac – posted April 7:
• Sr. Assoc., Commodities Mgt & Procurement
• J.Crew – posted April 1:
• Mgr – Central Procurement and Profit
• Hudson’s Bay Company – posted March 22:
• Vice President, Procurement
• FedEx – posted March 14:
• Associate Sourcing Specialist
• Chubb– posted March 7:
• Global Procurement Category Mgr
• Westfield Group – posted March 7:
• Procurement Operations Leader
• LINAK U.S., Inc. – posted March 1:
• Bi-Lingual Sourcing Specialist
• Unum Group – posted Feb 26:
• Category Manager
![Page 3: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/3.jpg)
special member
benefits
• 6 months of free buy-side
access to the Vendor
Evaluation & Assessment Tool (NEAT)
• 2 free Market Intelligence
Reports
• 15% discount on direct
hire placement fees
For more information, go to: http://sig.org/member-discounts
• $20,000 discount on Enlighta
Govern or Risk pilot
• 5 relationship assessment
surveys
• 20% discount on assessment
or implementation services
• 20% discount on research
reports on Chinese cities,
technology parks, providers
and advisory services
• 50% discount off fees
associated with GSOS
Health Check
• Receive current market
labor rates for your top 5
job openings
• Join SkillsVillage, learn
more
![Page 4: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/4.jpg)
bit.ly/SIGLinkedIn @SIGinsights bit.ly/SIGfacebookbit.ly/SIGYouTube
Join the discussion in SIG’s Peer2Peer Resource program too!
Stay connected with other SIG members through various social media channels
SOCIAL MEDIA
bit.ly/SIGBlog
![Page 5: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/5.jpg)
New Topic Each Week
NEW TIME!!8:00 am PST
11:00 am EST
4:00 pm GMT
5:00 pm CET
Upcoming Free SIG Webinars:
April 26, 2016 The CPO’s Agenda for 2016: Tackling Procurement’s Key IssuesPresented by Zycus
April 28, 2016 Solution Deep Dive: Procurement & Sourcing Usability for AllPresented by Coupa Software
May 12, 2016 Solution Deep Dive: Avoid a Risk Knowledge Gap with Better Due DiligencePresented by LexisNexis
Register at www.sig.org
For more information and to register for all SIG events:
www.sig.org
![Page 6: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/6.jpg)
Upcoming Town Hall Teleconference:
May 11th
From the Trenches to the Treetops: Supplier
Market Intelligence in the Real World
Presented by:
Kelly Barner
Buyers Meeting Point
SIG Town Hall Teleconferences
bring a small group of buy-side ONLY attendees together for a facilitated
discussion on top-of-mind issues in an open-mic, private conversation. Town Hall Teleconferences are NOT recorded.
Calendar of Town Hall Teleconferences
Taking place at 1:00 pm Eastern on the following dates:
February 10 August 10 March 9 September 14 May 11 October 12
June 8 November 9July 13 December 14
For more information and to register for all SIG events:
www.sig.org
![Page 7: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/7.jpg)
SIG Symposiums and Regional Roundtables provide education and local networking for members and invited non-member corporate users
Symposiums 2016:
Silicon Valley, CA – Jan 14
Minneapolis, MN – Mar 24
Columbus, OH – Apr 7
San Francisco Bay Area – Sep 15Toronto, CAN – Sep 22
New York, NY – Sep 29
Regional Roundtables 2016:
Chicago, IL – May 5
Sydney, AUS – May 12
Atlanta, GA – May 24
Cincinnati, OH – Sep 27Pittsburgh, PA – Nov 3
London, UK – Nov 9
For more information and to register for all SIG events:
www.sig.org
![Page 8: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/8.jpg)
SIG Global Summits are semi-
annual events with 350-450
decision-makers in attendance
• Non-commercialized
• Hundreds of industry thought
leaders
• 70% buy-side
• 4-5 keynote sessions
• Global brands
• 3 days of networking
• Executive Roundtables
• Over 50 breakout sessions
69% of delegates are director level or above, of which 43% are VP/C-level
Recent speakers include:
![Page 9: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/9.jpg)
For more information go to: www.siguniversity.org
Online learning environment
Sourcing and Governance certifications with Professional and Executive level courses
Modules with lessons, formative assessments, summative testing and final proctored exam
Certification good for 5 years
Certified Sourcing Professional course starts June 27, 2016!
Certified Governance Professional course starts May 2, 2016!
![Page 10: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/10.jpg)
For more information go to: sig.org/student-outreach.php
Partnering with Universities
Introducing students to seasoned supply chain executives
Sharing thought leadership with students in class, SIG University courses and at SIG events
Giving access to internship and job postings on the SIG Career Network
Allowing students to get real world insight into supply chain careers
Finding tomorrow's supply chain professionals today
![Page 11: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/11.jpg)
Confidential
The Quality of Your Vendors’
Security Programs is no Secret
Control your third party risk
![Page 12: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/12.jpg)
Today’s Speaker
Kelly White
RiskRecon Founder and CEO
Career Summary
- 8 years security consulting Fortune 500
- 10 years top-30 US Bank- CISO / Director of Information Security
- Manager of Security Architecture and Threat Intelligence
- Manager of Customer Fraud Protection
![Page 13: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/13.jpg)
RiskRecon Fast Facts
RiskRecon enables dramatically better enterprise
vendor risk management through frequent, accurate,
actionable measurements of vendor information
security performance.
- Founded 2015
- $3 Million seed round led by General Catalyst
- Providing risk assessments at scale to Fortune 500
- Services accessible through customer online
portal
![Page 14: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/14.jpg)
The New Security Team
Confidential
Vendor Management is the new
Information Security Team
![Page 15: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/15.jpg)
Why?
Confidential
Why?
![Page 16: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/16.jpg)
New Corporate IT World
Confidential
The IT Landscape
Changed
![Page 17: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/17.jpg)
SaaS has exploded
![Page 18: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/18.jpg)
….and it isn’t over
![Page 19: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/19.jpg)
Corporation Circa 2000
Confidential
![Page 20: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/20.jpg)
Corporation Circa 2015
Confidential
![Page 21: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/21.jpg)
• Top 30 U.S. financial services company app portfolio – 10% SaaS in 2005, now 60% in 2015
• Top 30 U.S. financial company has > 300 SaaS providers
• Top 3 U.S. financial company has > 3500 SaaS providers
• SaaS = $67.3 Billion market by 2016 (IDC)
• SaaS spending in 2016 = 20% of all software spend (IDC)
![Page 22: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/22.jpg)
Information Security Impact
Confidential
Info Security Landscape 2000 Info Security Landscape 2016
![Page 23: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/23.jpg)
Information Security Risk
Confidential
Vendor Risk
Internal Risk
![Page 24: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/24.jpg)
Information Security Objective
Confidential
Rapidly enable the business to safely pursue its
objectives.
![Page 25: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/25.jpg)
The Big Vendor Question
Confidential
Will this vendor protect my assets with the same or
better care?
• How to I quickly select the right vendor?
• How do I ensure the vendor continues to
perform to security standards?
![Page 26: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/26.jpg)
Information Security Objective
Confidential
Rapidly enable the business to safely pursue its
objectives.
Vendor Management
Select good
partners
Hold partners
accountable to
performance
Act on
performance
gaps
Standards
![Page 27: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/27.jpg)
How?
Confidential
• Hundreds of vendors
• New vendors weekly
• Rapidly changing technology
• Rapidly changing threats
• Regulatory requirements
• Executive management
reporting
• The stakes are
REALLY HIGH!!!
![Page 28: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/28.jpg)
Data
Confidential
![Page 29: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/29.jpg)
Common Vendor Risk Mgmt Data
Confidential
Surveys, Document Review,
and Vendor Attestations
3rd Party Auditors
Interviews and on-sites
![Page 30: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/30.jpg)
Common Vendor Risk Mgmt Data
Confidential
Surveys, Document Review,
and Vendor Attestations
3rd Party Auditors
Interviews and on-sites
• Infrequent
• Time consuming
• Attestation may not
match reality
![Page 31: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/31.jpg)
Common Vendor Risk Mgmt Data
Confidential
Surveys, Document Review,
and Vendor Attestations
3rd Party Auditors
Interviews and on-sites
• Infrequent
• Time consuming
• Attestation may not
match reality
Did the vendor patch against the
DROWN vulnerability?
![Page 32: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/32.jpg)
Common Vendor Risk Mgmt Data
Confidential
Surveys, Document Review,
and Vendor Attestations
3rd Party Auditors
Interviews and on-sites
• Infrequent
• Time consuming
• Attestation may not
match reality
Did the vendor patch against the
DROWN vulnerability?
Are they really hosting my data in
authorized countries?
![Page 33: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/33.jpg)
Common Vendor Risk Mgmt Data
Confidential
Surveys, Document Review,
and Vendor Attestations
3rd Party Auditors
Interviews and on-sites
• Infrequent
• Time consuming
• Attestation may not
match reality
Did the vendor patch against the
DROWN vulnerability?
Are they really hosting my data in
authorized countries?
Are they really handling malware
threats well?
![Page 34: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/34.jpg)
Common Vendor Risk Mgmt Data
Confidential
Surveys, Document Review,
and Vendor Attestations
3rd Party Auditors
Interviews and on-sites
• Infrequent
• Time consuming
• Attestation may not
match reality
Did the vendor patch against the
DROWN vulnerability?
Are they really hosting my data in
authorized countries?
Are they really handling malware
threats well?
Are they really hardening the
security of their systems?
![Page 35: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/35.jpg)
Data
Confidential
Surveys, Document Review,
and Vendor Attestations
3rd Party Auditors
Interviews and on-sites
• Infrequent
• Time consuming
• Attestation may not
match reality
Did the vendor patch against the
DROWN vulnerability?
Are they really hosting my data in
authorized countries?
Are they really handling malware
threats well?
Are they really hardening the
security of their systems?
Are they properly encrypting my
sensitive informaiton?
![Page 36: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/36.jpg)
Uncommon Vendor Risk Mgmt Data
Confidential
Surveys, Document
Review, and Vendor
Attestations
3rd Party Auditors
Interviews and on-sites
Continuously measure the vendors security
posture and security program quality
![Page 37: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/37.jpg)
Yeah…
Confidential
Call it “Vendor Voyerism”
• Observe their IT practices – hosting providers,
locations, systems, software
• Measure their security effectiveness
• Get actionable information
All helpful in better managing vendor security risk
![Page 38: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/38.jpg)
When companies do things on the internet….
Confidential
![Page 39: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/39.jpg)
…they reveal a lot of stuff
Confidential
![Page 40: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/40.jpg)
What can harvest from one web server?
Confidential
![Page 41: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/41.jpg)
Alot!
Confidential
![Page 42: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/42.jpg)
Some of the data out there…
![Page 43: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/43.jpg)
Software patching?
![Page 44: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/44.jpg)
Web application security?
![Page 45: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/45.jpg)
Encryption practices?
![Page 46: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/46.jpg)
DNS security practices?
![Page 47: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/47.jpg)
Email security practices?
![Page 48: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/48.jpg)
Malware defense?
![Page 49: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/49.jpg)
A view in to one company
Confidential
Big Vendor (name changed to protect the guilty)
What you can learn starting with just the company
name
- No inside information
- No hacking
- JUST LOOKING
![Page 50: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/50.jpg)
Big Vendor Systems – Internet View
Confidential
![Page 51: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/51.jpg)
Big Vendor Hosting Providers
Confidential
![Page 52: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/52.jpg)
Big Vendor Hosting Countries
Confidential
![Page 53: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/53.jpg)
Big Vendor Hosting Cities
Confidential
![Page 54: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/54.jpg)
Big Vendor Software
Confidential
![Page 55: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/55.jpg)
Big Vendor Email Providers
Confidential
![Page 56: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/56.jpg)
Big Vendor Corporation IT Summary
Confidential
![Page 57: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/57.jpg)
Big Vendor Overall Performance
Confidential
![Page 58: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/58.jpg)
Big Vendor Software Patching
Confidential
![Page 59: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/59.jpg)
Big Company Software Patching
Confidential
![Page 60: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/60.jpg)
Big Company Encryption
Confidential
![Page 61: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/61.jpg)
A View of 21 Financial Services Vendors
Confidential
![Page 62: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/62.jpg)
What is the point again?
1. You can rapidly measure the security program quality of any vendor based on how they operate on the Internet
2. You can do this without breaking any laws, without obtaining any information from the vendor
3. You can enrich your current vendor risk management processes with accurate, actionable data
Confidential
![Page 63: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/63.jpg)
Benefit
1. Faster procurement decisions for new vendors
2. Continuous vendor security performance monitoring
3. Hold vendors to high standard of accountability
4. Better allocation of vendor risk analyst time / resources to vendors that require attention most
Confidential
![Page 64: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/64.jpg)
Keys to watching your vendors well
1. Automate – enable frequent, rapid measurement
2. Be accurate – false positive can destroy the operation
3. Be legal – no hacking, no scanning, no grey areas
Given these conditions…
4. Be really good at finding all assets
5. Harvest all information
6. Read the tea leaves – extract security measurements from everything you collect
7. Make it actionable....or it isn’t worth much
Confidential
![Page 65: NETWORKING EVENTS - SIG RiskRecon 4122016 Webinar.pdfThe SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime,](https://reader030.fdocuments.us/reader030/viewer/2022041016/5ec9068aa105b02e13239727/html5/thumbnails/65.jpg)
Thank you
Every enterprise reveals the quality of its security program through what it does on the internet.
All you have to do is know where to look and how to read what you find.
(and don’t break any laws.. and automate it…and be accurate…and be actionable…)
Confidential