A possible holistic framework to manage ICT third-party risk in the age of cyber risk
| Autor: | Andrea Giacchero, Jacopo Moretti |
|---|---|
| Jazyk: | English<br />Italian |
| Rok vydání: | 2021 |
| Předmět: | |
| Zdroj: | Risk Management Magazine, Vol 16, Iss 1, Pp 30-42 (2021) |
| Druh dokumentu: | article |
| ISSN: | 2612-3665 2724-2153 |
| DOI: | 10.47473/2020rmm0082 |
| Popis: | Third-party risk for external ICT services, which concerns both the outsourced services and the third-party products, is a crucial issue for a financial institution, because a cyber attack on a vendor can be a threat for the data of its customers. For this reason, financial institutions should adopt a holistic risk management framework to stress the effectiveness of the mitigating actions even when they engage a third-party provider. Risk analysis of external ICT services is necessary to prepare proper mitigation plans that provide enough resources allocation. This paper proposes a possible management framework whose aim is providing indications on security measures and controls to implement against the possible sources of ICT third-party risk, and defining a proper internal process that a financial institution should adopt. In this context, the framework also embodies a model to pick the best vendor among those that a financial institution could choose for an ICT service, which is based on a risk assessment technique focused on the three information security dimensions (confidentiality, integrity, and availability) and on the Borda method. |
| Databáze: | Directory of Open Access Journals |
| Externí odkaz: |
|