The purpose of the GRF Summit on Third-Party Risk is to increase awareness of security best practices, offer an opportunity for collaboration among third-party vendors and
organizations’ risk management teams, and provide a platform for security leaders to share expertise and learn from each
other to improve holistic security.
The Summit will provide training, education and networking on the critical cyber and physical security issues facing organizations, their vendors, and the areas where the two groups intersect. Space is limited for this complimentary event, and registration will be capped and by-approval only.
This includes CIOs/CISOs, Cyber and Physical Security Risk Management, Network Security and Compliance Teams within ISAC/ISAO Member Organizations, and third-party vendors/suppliers serving those organizations that need to ensure confidentiality, integrity, and availablity of client systems.
Ongoing education and greater awareness are key to mitigating risk, as executives are starting to view security expenses as “pay now or pay more later.” Therefore, it is important that security leaders share their collective best practices and experience to help enhance critical security programs.
In its first iteration, this event was held by Aetna to educate its vendors on the threat landscape, Aetna’s policies and needs, and actionable recommendations for security improvements. Last year, the National Health ISAC (NH-ISAC) held the event, expanding Aetna’s work to include many healthcare companies and vendors. Realizing the needs for increased security and stronger relationships are not industry specific, NH-ISAC and its member organizations suggested that the Global Resilience Federation (GRF) take ownership of this event. GRF staff discussed this with its Board of Directors and decided to move forward with a cross-sector summit to include the members and vendors of eight different information sharing communities. NH-ISAC, Financial Services ISAC, Legal Services ISAO, Oil and Natural Gas ISAC, Energy Analytic Security Exchange, Retail Cyber Intelligence Sharing Center, National Retail Federation’s Retail ISAO, and Multi-State ISAC all agreed to encourage their member organizations to encourage security, risk management, compliance staff and third-party vendors to attend this important event.
The relationship between organizations and their third-party vendors is a critical one but also one of increasing complexity from a cybersecurity, management and compliance perspective. The growth of cybercrime and expansion of regulation coming from entities like the New York State Department of Financial Services and the European Union make it even more critical for companies’ risk management and compliance staff to work closely with vendors.