Security News > 2021 > June > Third-party identity risk management, compliance, or both?
Despite the 49% of organizations in the report who said they are completing an initial risk assessment before granting access to third parties, these assessments are typically focused on the security controls the organization has in place or the organizational risk score.
A third-party organization may pass a risk assessment and be in compliance one day, but an unexpected threat to business operations may push it out of compliance the next.
A key tenet of identity risk management is knowing the 6 Ws:. Who is this third party?
Organizations who rely on an authoritative source of data for identity lifecycle management and therefore, adopt a holistic security mindset, are in a far better position to manage third-party identity and access risk.
Organizations must take a granular and actionable approach to risk, recognizing the most effective approach is one that focuses on improving operational efficiency through increased visibility into third-party relationships, ongoing risk monitoring and assessments, and proper identity lifecycle management.
Organizations that take a holistic approach to risk management supported by a purpose-built, scalable, and automated solution will find that they are no longer just checking a compliance box, but enabling a more consistent and agile risk management program to protect themselves from cyber risk.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/FP7MTFP44HM/