Maintain current understanding of third-party exposure by continuously assessing third-party surface risk conditions.
Attestation-based assessments tell you what investments companies have made in risk management. Continuous surface security assessment data objectively tells you how well they implement and operate their program.
It enables you to know the internet IT profile of your third parties, provides objective measurement of security risk performance, and enables rapid identification and triage of dangerous conditions. It facilitates smarter engagements that target areas of known weakness, while deemphasizing areas of known strength.
Implement capabilities to continuously discover vendor internet-facing assets and to collect relevant system security measurements and related intelligence such as data-loss events, ip reputation, and threat intelligence activity. Build capability to analyze results to measure third-party performance and identify dangerous conditions and events. Implement event-based risk alerting to efficiently identify third party conditions that require attention.
|Maintain current knowledge of third-party Internet surface IT profile, including domains, networks, systems, system hosting providers, and system geolocations.||Emerging||27%|
|Maintain current knowledge of third-party Internet surface software and system security configurations.||Emerging||27%|
|Systematically monitor threat intelligence feeds and data breach alert channels and correlate the data with your third-party surface IT profile.||Emerging||27%|
|Maintain a continuous risk performance profile of each third-party by continuously analyzing the data from the Internet IT profile, surface security configuration, and the threat intelligence feeds.||Emerging||27%|