Cyber Third-Party Risk Management: A Comparison of Non-Intrusive Risk Scoring Reports
Autor: | Unal Tatar, Irem Tatar, Kevin Matthe Caramancion, Owais Raza, Omer F. Keskin |
---|---|
Rok vydání: | 2021 |
Předmět: |
Supply chain risk management
TK7800-8360 Computer Networks and Communications media_common.quotation_subject 02 engineering and technology Consistency (database systems) supply chain risk 020204 information systems 0502 economics and business cyber insurance 0202 electrical engineering electronic engineering information engineering Cyber-Insurance Electrical and Electronic Engineering Reliability (statistics) Risk management media_common risk scoring Third party business.industry 05 social sciences third-party risk vendor risk Risk analysis (engineering) Hardware and Architecture Control and Systems Engineering Signal Processing Electronics cyber risk business 050203 business & management Reputation |
Zdroj: | Electronics Volume 10 Issue 10 Electronics, Vol 10, Iss 1168, p 1168 (2021) |
ISSN: | 2079-9292 |
DOI: | 10.3390/electronics10101168 |
Popis: | Cybersecurity is a concern for organizations in this era. However, strengthening the security of an organization’s internal network may not be sufficient since modern organizations depend on third parties, and these dependencies may open new attack paths to cybercriminals. Cyber Third-Party Risk Management (C-TPRM) is a relatively new concept in the business world. All vendors or partners possess a potential security vulnerability and threat. Even if an organization has the best cybersecurity practice, its data, customers, and reputation may be at risk because of a third party. Organizations seek effective and efficient methods to assess their partners’ cybersecurity risks. In addition to intrusive methods to assess an organization’s cybersecurity risks, such as penetration testing, non-intrusive methods are emerging to conduct C-TPRM more easily by synthesizing the publicly available information without requiring any involvement of the subject organization. In this study, the existing methods for C-TPRM built by different companies are presented and compared to discover the commonly used indicators and criteria for the assessments. Additionally, the results of different methods assessing the cybersecurity risks of a specific organization were compared to examine reliability and consistency. The results showed that even if there is a similarity among the results, the provided security scores do not entirely converge. |
Databáze: | OpenAIRE |
Externí odkaz: |