TRENDING:

3rd Party Risk Management , Governance & Risk Management , IT Risk Management

A CISO Offers Third-Party Risk Management Tips

InstaRem's Jagdeep Singh on Essential Steps to Take Suparna Goswami (gsuparna) • June 14, 2019     10 Minutes   
A CISO Offers Third-Party Risk Management Tips
Jagdeep Singh, CISO at InstaRem

An essential component of a vendor risk management program is to understand how an organization's risk posture changes when a new vendor is added - especially if they have subcontractors, says Jagdeep Singh, CISO at InstaRem, a Singapore-based fintech company.

"When we talk about service-level agreements ... it is important to avoid subcontracting to the extent possible," Singh says in an interview with Information Security Media Group.

"Also, it is important to [spell out] the responsibility we share with third-party vendors. It is high time we have NDAs [non-disclosure agreements] with them."

In this interview (see audio link below photo), Singh also discusses:

  • Making sure vendors are held accountable for security;
  • How to manage fourth- and fifth-party risks;
  • Critical aspects of a vendor governance program.

Singh, CISO at InstaRem, which offers money transfers, previously served in the same role at Rakuten India. He has experience in security operations center design and implementation; security roadmap/strategy; incident management; security governance; risk and compliance; security maturity assessments; CISO advisory services; security processes advisory services; business continuity and insider threat programs.

Previous
Analysis: The Cybersecurity Risks Major Corporations Face
Next
Identity as a Game-Changing Breach Defense



Around the Network

Israel-Hamas War: 'We All Know Someone That Lost Someone'
Israel-Hamas War: 'We All Know Someone That Lost Someone'
Good Governance: 'It's All Hygiene'
Good Governance: 'It's All Hygiene'
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
How a CEO Runs a Company in Wartime
How a CEO Runs a Company in Wartime
Stopping Cloud Workload Attacks
Stopping Cloud Workload Attacks
Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory
Mapping the Unseen Vulnerabilities of Zombie APIs
Mapping the Unseen Vulnerabilities of Zombie APIs
How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare
Why Hospitals Should Beware of Malicious AI Use
Why Hospitals Should Beware of Malicious AI Use

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.