Defense in Depth

Doing Third Party Risk Management Right

Jan 4, 2024

In this podcast, Erik Decker, CISO of Intermountain Health, joins the hosts to discuss the struggles faced in managing third-party risk. They explore the ineffectiveness of questionnaires and debate the right approach. They also touch on the future of supply chain risk, the benefits of a centralized platform for risk information, and the importance of communication and building relationships with vendors.

30:30

Creator website

Episode guests

Erik Decker

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Questionnaires are inefficient and do not effectively reduce third-party risk.

Focusing on the 20% of activities with the greatest impact can significantly reduce third-party risk.

Deep dives

The struggle of managing third party risk

Managing third party risk is a challenge due to the inefficiency of questionnaires and the lack of impact they have on reducing risk.

The Flaw in the Concept of Shift Left in Cybersecurity

01:14

Introduction

2min

Struggles and Reflections: Improving Third-Party Risk Management

11min

Focusing on Risk, Building Relationships, and the Future of Supply Chain Risk

5min

The Future of Third Party Risk Management

9min

Mitigating Risk and Providing Evidence of Due Diligence

3min

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Erik Decker, CISO, Intermountain Health.

In this episode:

Why are we all struggling trying to manage third-party risk?
Why do the hated questionnaires seem like compliance checkbox efforts?
Does anyone believe it reduces risk?
What's the right approach and how do you strike the right balance?

Thanks to our podcast sponsor, Praetorian

Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Defense in Depth

Doing Third Party Risk Management Right

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The struggle of managing third party risk

The importance of focusing on the 20% that mitigates 80% of risk

The need for a shift in approach

The future of third party risk management

The Flaw in the Concept of Shift Left in Cybersecurity

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Defense in Depth

Doing Third Party Risk Management Right

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The struggle of managing third party risk

The importance of focusing on the 20% that mitigates 80% of risk

The need for a shift in approach

The future of third party risk management

The Flaw in the Concept of Shift Left in Cybersecurity

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights