Back to Playbook Visit Our Blog

Capability
Continuous Surface Risk Assessment

Maintain current understanding of third-party exposure by continuously assessing third-party surface risk conditions.

What

Maintain current understanding of third-party exposure by continuously assessing third-party surface risk conditions. 

Why

Attestation-based assessments tell you what investments companies have made in risk management. Continuous surface security assessment data objectively tells you how well they implement and operate their program. 

It enables you to know the internet IT profile of your third parties, provides objective measurement of security risk performance, and enables rapid identification and triage of dangerous conditions. It facilitates smarter engagements that target areas of known weakness, while deemphasizing areas of known strength. 

How

Implement capabilities to continuously discover vendor internet-facing assets and to collect relevant system security measurements and related intelligence such as data-loss events, ip reputation, and threat intelligence activity. Build capability to analyze results to measure third-party performance and identify dangerous conditions and events. Implement event-based risk alerting to efficiently identify third party conditions that require attention. 

Practice Status Adoption
Maintain current knowledge of third-party Internet surface IT profile, including domains, networks, systems, system hosting providers, and system geolocations. Emerging 27%
Maintain current knowledge of third-party Internet surface software and system security configurations. Emerging 27%
Systematically monitor threat intelligence feeds and data breach alert channels and correlate the data with your third-party surface IT profile. Emerging 27%
Maintain a continuous risk performance profile of each third-party by continuously analyzing the data from the Internet IT profile, surface security configuration, and the threat intelligence feeds. Emerging 27%