A possible holistic framework to manage ICT third-party risk in the age of cyber risk

Blog Article

Third-party risk for external ICT services, which concerns both the outsourced services and the third-party products, is a crucial issue for a financial institution, because a cyber attack on a vendor can be a threat for the data of its customers.For this reason, financial institutions should adopt a holistic risk management framework to stress the effectiveness of the mitigating actions even when they engage a third-party provider.Risk analysis of external ICT services is necessary to prepare proper mitigation plans that provide enough resources allocation.This Muffin Tins paper proposes a possible management framework whose Manicure Kit aim is providing indications on security measures and controls to implement against the possible sources of ICT third-party risk, and defining a proper internal process that a financial institution should adopt.In this context, the framework also embodies a model to pick the best vendor among those that a financial institution could choose for an ICT service, which is based on a risk assessment technique focused on the three information security dimensions (confidentiality, integrity, and availability) and on the Borda method.

Report this page

A POSSIBLE HOLISTIC FRAMEWORK TO MANAGE ICT THIRD-PARTY RISK IN THE AGE OF CYBER RISK

A possible holistic framework to manage ICT third-party risk in the age of cyber risk

A possible holistic framework to manage ICT third-party risk in the age of cyber risk

Blog Article

Comments

Unique visitors

Report page

Contact Us