In this video, discover an in-depth exploration of the significance and ramifications of third-party relationships within the framework of the Digital Operational Resilience Act (DORA). Our host, Guy Marong, engages in a comprehensive discussion with Pierre Noel covering various aspects of third-party management. Noel is an experienced CISO with deep understanding of the diverse nature of third parties. They unravel to the complexities involved in ensuring organizational resilience.
Navigating Third-Party Management Challenges
The conversation recognizes how crucial third parties are in today’s business landscape. It highlights that even small engagements, like building maintenance or security services, can impact an organization’s security. They highlight the challenge posed by shared third-party arrangements across different teams within an organization.
From a cybersecurity perspective, the speakers underscore the critical role of resilience, not just in preventing incidents. Effectively responding to and recovering from such incidents is equally important. They emphasize on continuous risk assessment and monitoring. And also caution against the tendency to treat risk assessment as a mere box-ticking exercise. Instead the purpose is to gain genuine understanding of the risks involved. Additionally, they advocate for professionals to ensure that the assessment is relevant to the current risks.
Contractual obligations and external monitoring emerge as crucial elements in managing third-party relationships effectively. Noel encourages organization to include proactive external monitoring, such as continuous checks of third-party websites or the dark web.
The discussion also looks into how we assess third parties’ security levels and the need to help them enhance their security, particularly if they don’t meet our organization’s standards. They also emphasize the risk from fourth parties, like the partners of our third parties. Showing why we need to thoroughly assess risks and share information throughout the supply chain.
Embracing a Holistic Approach
In conclusion, organizations should follow a holistic approach to third-party management that extends beyond mere regulatory compliance. They underscore the need for a Chief Resilience Officer within organizations—a dedicated role responsible for overseeing resilience mechanisms across various risk domains and ensuring continuity in the face of disruptions.
Challenges related to termination of third-party relationships are also addressed. There is great emphasis on ongoing planning and resilience in the event of abrupt terminations due to security incidents or contractual breaches. Although contracts can discourage certain behaviors, we learn not to rely solely on contracts for organizational resilience.
Overall, the video offers a comprehensive exploration of the multifaceted challenges and considerations involved in managing third-party relationships under the regulatory framework of DORA.
- From Bytes to Breaches: Career Insights with Forensic Cybersecurity Expert Jared Greenhill
- Launching a New Era of Cybersecurity: Insights from Cubic Consulting and Payatu’s Penetration Testing Experts
- Essential Considerations for Cybersecurity Candidates with Juliet Kasko
- AI in Cybersecurity: Defending Against Emerging Threats
- Fortifying FinTech: Careers in Financial Cybersecurity
- Chaos to Triumph: Inside Sony Pictures’ Epic Battle Against a Destructive Nation-state Cyberattack with Stevan Bernard