The Power of a 'True' Third-Party Risk ExchangeDave Stapleton, CISO of CyberGRX, Discusses Vendor Risk Management Challenges
Effective cyber risk management of vendors is critical to the success of organizations that are increasingly relying on these third parties, says Dave Stapleton, CISO of CyberGRX, who describes the importance of using a "true" third-party risk exchange.
A true third-party risk exchange is based on a standardized set of data - the same information collected across a wide portfolio of third parties, he says. "It doesn't matter if you're evaluating 50 or 3,000 vendors. It will be a standardized set of data, and that empowers the ability to do a lot of proprietary analytics that can expose actionable insights," he says.
In a video interview with Information Security Media Group at RSA Conference 2022, Stapleton also discusses:
- Vendor risk management challenges;
- Developing a portfolio of third-party visibility;
- The road map to build a true third-party risk exchange.
Stapleton is a cybersecurity risk professional with over a decade of experience in both the public and private sectors. He began his career at the U.S. Department of Health and Human Services, where he developed and managed risk and compliance functions for the Food and Drug Administration and Indian Health Service.