Preview Mode Links will not work in preview mode

The CyberPHIx: Meditology Services Podcast

  1. All Episodes
  2. Re-Engineering Vendor Security Risk Management

Re-Engineering Vendor Security Risk Management

Oct 2, 2018

You can outsource your systems and services, but you cannot outsource your risk.

In 2008, the FDIC set a benchmark for vendor data risk by stating that a financial institution’s BOD and officers are responsible for third-party actions as it affects data security. In healthcare, these same standards are starting to be applied, leading to increased oversight of vendor relationships.

In this CyberPHIx podcast, Kelly White, Founder and CEO of RiskRecon, outlines some key concepts for effective vendor risk management drawing on experience in healthcare as well as other industries very vulnerable to third-party data security breaches.

Kelly’s position in the security automation market, provides us with insight into emerging trends of innovation and technology to better assess risk and potential impact of vendor data sharing. Our discussion with Kelly touches on some of the following trends:

  • Understanding vendor risk management in peer industries, such as financial services, reveals opportunities for innovation and more effective oversight over vendor relationships in the healthcare sector.
  • The Value of Risk is a key risk management concept that supersedes the rating of risk by the size of vendors. In risk management activities with small or medium-sized vendors, focusing the lens on the Value of the Risk will help set priorities that are most effective in leading to remediation.
  • Healthcare is an industry primed to adopt and lead innovation and automation in risk management. The next wave of rapid security automation/innovation is likely to come out of the healthcare industry.

Show Notes

  • 0:27 Introduction
  • 1:25 About RiskRecon
  • 1:55 Practices and solutions in cyber risk management that can be applied to healthcare
  • 3:18 Motives for implementing a third-party cyber risk management program
  • 4:56 Specific regulations or standards outside of healthcare that are applicable to the industry
  • 8:07 HIPAA Compliance | What would you change?
  • 10:20 Small to mid-size vendors
  • 14:22 Vendors who may pose the most risk
  • 17:41 Vendor resources | Does size matter?
  • 21:42 The evolution of vendor security risk management
  • 28:53 The future of Artificial Intelligence Applications
  • 33:35 Key Takeaways
  • 36:32 Closing