Information Security Silos Caused by Third Parties is the Main Organizations Flaw

Information Security Silos Caused by Third Parties is the Main Organizations
Flaw

 

One of The former Shared Assessments Program Technical Development Committee
chairs, Andrew Hout from Modulo, says that Vendor Risk Management is today
increasingly at the forefront of organizations risk management priorities

MONTCLAIR, N.J., June 10 /PRNewswire/ --

News Facts:

    --  In the past few years companies like Apple reported information
breaches
        caused by partners and vendors. In fact, other large organizations
such
        as Microsoft and Cisco Systems have also been victims of loss of
        sensitive data from outsourced partners.
    --  Vendor Risk Management has become a priority for companies to
        effectively manage the information provided to third parties since
many
        vendors and partners have access to the same information as internal
        employees. The problems arise when the outsourcing company does not
        monitor their vendors or partners.
    --  This lack of monitoring can cause major problems such as leaks
involving
        customers' and workers' personal data, confidential business
        information and other issues.


    --  Modulo (www.modulo.com), leading provider of IT Governance, Risk and
        Compliance solutions (IT GRC), has developed a specific knowledge base
        for Vendor Risk Assessment - as an integrated part of Modulo Risk
        Manager(TM) software.




Supporting quotes:

    --  "Vendor Risk Management is increasingly at the forefront of
        organizations risk management priorities. By focusing on their core
        business, organizations rely on hundreds, if not thousands of
partners,
        vendors and outsourced service providers. The reality is that these
        vendors and partners have access to much of the same data as regular
        employees do. Commercially sensitive and proprietary data is often
        transmitted, stored and processed among a wide range of partner and
        vendor networks, outside the influence of the organization's
        internal controls and security policies," says Andrew Hout.
    --  "The challenge of managing this scenario has been recognized.
        Regulators acknowledge the role that partner and vendor networks play
        and explicitly require and have mandated through regulations such as
        SOX, GLBA, HIPAA, PCI DSS and others that corporate control activities
        extend to vendors, outsourcers, contractors and consultants. This
means
        that third-party vendors handle critical information and directly
        influence a company's risk and compliance management process,"
        explains Modulo's Senior Project Manager.


    --  "To meet these challenges, Modulo Risk Manager(TM) solution enables
        organizations to maximize the efficiency of managing the risk
associated
        with vendor relationships while assessing their compliance with their
        policies and controls. Specifically, Modulo Risk Manager enables them
to
        manage the key activities that form part of an effective vendor
        management process: risk-based vendor selection, relationship
        management, ongoing compliance monitoring and flexible effective
        management reporting," the executive points out.




Background:

    --  With over 25 years of experience in Information Technology, Andrew
Hout
        was responsible for the integration of the Shared Assessments program
        into the Citi Service Provider assessment process and was the 2007 -
        2008 co-chair of the Shared Assessments program TDC (Technical
        Development Committee) along with Niall Brown of LiveOps and a
        representative from one of the big four accounting firms. He also
        managed a team of assessors who conducted due diligence reviews of
        vendors who render complex technical services for various Citi
        businesses.


    --  Modulo's award winning software Modulo Risk Manager(TM) automates
        vendor risks management through checklists, graphs, and maps in an
        optimized way to prevent loss to business and its clients.




Additional resources:

    --  Modulo Risk Manager(TM) overview
    --  Vendor Risk Management
    --  BITS


    --  Shared Assessments Program Technical Development Committee




About Modulo:
Modulo (www.modulo.com) is a market leader for IT Governance, Risk and
Compliance management. Modulo Risk Manager(TM) provides organizations with the
tools they need to automate the processes required for assessing security
vulnerabilities and attaining regulatory compliance. Recent honours received
by Modulo include: Hot Company 2009 and Global Excellence Customer Trust Award
2009 (Global Product Excellence in Auditing for Modulo Risk Manager).

    Press Contact: Stephanie de Mattos stephanie@theinformationcompany.net
                   Paula Cohn paula@theinformationcompany.net




SOURCE  Modulo

Stephanie Mattos, stephanie@theinformationcompany.net, or Paula Cohn,
paula@theinformationcompany.net, both of The Information Company,
+011-55-11-3071-3494