3rd Party Risk Management , Cyber Insurance , Governance & Risk Management
CyberEdBoard Insights: Erik Hart and Erik Decker
Security Experts Discuss Effective Strategies for Managing Third-Party RisksManaging third-party risks remains a critical challenge for organizations. Effective third-party risk management requires prioritizing critical suppliers over peripheral ones to ensure that robust resilience planning aligns with the potential consequences of disruptions, according to Erik Hart, CISO, Cushman & Wakefield and a member of the CyberEdBoard.
See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries
Overlooking seemingly low-risk entities can lead to significant repercussions, Hart said. Erik Decker, CISO, Intermountain Health, advised integrating materiality into risk management frameworks and aligning strategic, financial and reputational impacts to prioritize critical supplier relationships effectively.
"People are inducing risk as much as they're consuming it. People rely on me and my organization as much as I'm relying on others," Decker said. "Our resilience and our partnership has to be forethoughtful to that degree: How are we working with the partners who leverage services from us to help them contemplate their outages?"
In this video interview with Information Security Media Group at ISMG's North America Midwest Summit, Hart and Decker also discussed:
- How to integrate business impact analysis and threat intelligence;
- Why proactive continuity planning is needed for business resilience;
- Why cyber insurance is part of a comprehensive risk management strategy.
Decker has more than 23 years of experience in IT, with 17 years focused on information security. His areas of expertise include risk management, incident response and network security. At Intermountain Health, he is responsible for implementing robust security measures to protect the organization's critical systems and sensitive data.
Hart has more than 20 years of experience leading the development, delivery and support of robust security and technology solutions for various organizations and clients. He is a CyberEdBoard member.
CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.