3rd Party Risk Management , Governance & Risk Management , Video

Moving Beyond Compliance for Third-Party Security

CyberGRX CEO on Why Supply Chain Has Evolved Into a Risk Management Function Mathew J. Schwartz (euroinfosec) • May 10, 2023    
Fred Kneip, CEO, CyberGRX

Over the past decade and more, people have focused on securing their own environments, and rightly so. But a majority of data breaches now involve compromise in a third-party service provider's systems.

See Also: OnDemand : Learn the ABCs to the 3 V's of Asset Management

Attacks such as Kaseya and SolarWinds have highlighted supply chain risks. They've also put the spotlight on how securing the supply chain can no longer just be considered a compliance function. It has evolved into a risk management function - simply because compliance does not equal security, said Fred Kneip, chief executive officer at CyberGRX.

"Compliance is not a means to actually secure your environment," Kneip said. "As people start to realize from a risk perspective, compliance is just a step along the way. And as they're now focusing more on their third party, they're coming with a lens of how can I manage risk down, and not just meet some compliance standard and move along?"

In this video interview with Information Security Media Group at RSA Conference 2023, Kneip discussed:

  • Security changes and challenges relate to third-party service providers;
  • The advantages of AI and ML in third-party security;
  • The need to build structured and consistent data using predictive models.

At CyberGRX, Kneip led the creation of the world's first global third-party cyber risk management exchange. Prior to joining CyberGRX, he was the chief security officer at Bridgewater Associates, responsible for leading the security and compliance departments.

Previous
Ex-Uber CSO Joe Sullivan Avoids Federal Prison
Next
APIs Are a Massive Problem - We Just Don’t Know How Massive

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.



Around the Network

Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare
What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act
CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users
Why Legacy Medical Systems Are a Growing Concern
Why Legacy Medical Systems Are a Growing Concern
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
HIPAA Considerations for AI Tool Use in Healthcare Research
HIPAA Considerations for AI Tool Use in Healthcare Research
Why Health Entities Need to Implement NIST Cyber Framework
Why Health Entities Need to Implement NIST Cyber Framework
Efficient Management of Enterprisewide Data Protection
Efficient Management of Enterprisewide Data Protection
Top Privacy Considerations for Website Tracking Tools
Top Privacy Considerations for Website Tracking Tools
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
HHS OCR Leader: Agency Is Cracking Down on Website Trackers

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.