Third Party Information Security Assessment

Why Should You Attend:

Companies recognize that information protection requires close cooperation between them and its suppliers, vendors and partners.

This presentation outlines the most important and relevant steps needed to safeguard a company’s information from unauthorized or accidental modification, damage, destruction, or disclosure in an environment that we don’t have total control over it. It covers the main benefits and constraints that we can face while evaluating the information security controls in a third party. Also, we will discuss about the use of ISO 27002 as a best practice for evaluating the existence of information security controls in an external organization. We also will see how this methodology can assist organizations in understanding the security risks and threats that may exist within their environment. We will review the three phases that must be conducted in order to understand and evaluate the information security environment of the third party.

We will discuss the practicality of these methodology and the implementation factors. We will examine an example and how this methodology was tested.

Areas covered in this webinar:

• Importance of Third party Information security Assessment.
• Phases of Methodology.
• Pre assessment
• During assessment
• Post assessment
• Benefits and constraints
• Roles and responsibilities
• Checklist
• Example

Who Will Benefit:

• IT Auditors
• Chief Information Security Officers
• Chief security officers
• ISO 27001 Lead auditors
• Security professionals
• IT Risk managers and professionals
• Staff with roles and responsibilities in vendor management.

Instructor Profile:

Alexandro , has more than 14 years of working experience in IT and more than 10 fully dedicated to information security. With bachelor degree in computer science, a diploma in telecommunications and other one in management skills. With nine professional and International certifications in areas related to Information Security, Information systems Audit and Information technology. Experience working with multicultural teams across the world in countries like Poland, Hungary, Holland, India, Spain, Argentina, Chile, Colombia, Venezuela and the USA. Knowledge of different platforms and technologies, professional career development in banking, consumer and telecom industry. ISO 27001 Lead Auditor, public speaker and International instructor for Information Security and IT Governance certifications.

Topic Background:

When companies decide to share information with suppliers, vendors or partners to keep the business running, in that moment we are about to open the “Pandora Box” because of the risks that can emerge from sharing our information with external parties.

Because of this, companies have to make sure that their information is protected at all time, during transport, consult and at rest. It has to be handled properly in the most secure way.

One of the most critical success factors for performing an information security assessment is the identification of possible gaps between the security of the third party and the company security posture. We must identify those gaps and demand the third party to close them as soon as possible, because these risks can damage the company’s information assets and also, it can damage its reputation.

Follow us :