Access your Pro+ Content below.
CISOs face third-party risk management challenges
This article is part of the Information Security issue of October 2018, Vol. 20, No. 5
The Options Clearing Corp. in Chicago runs one of the largest equity and derivatives clearinghouses in the world. Major trades don't get finalized until they have been cleared by the OCC. So the company's fundamental purpose depends on creating secure relationships between all the parties in a trade. With so much riding on the security of the OCC's IT systems, maintaining third-party risk management and strong relationships to prevent bad actors from sneaking in and stealing important financial data has become more important than ever. Mark Morrison, senior vice president and CSO at OCC, said the equity derivatives exchange has tightened up its access management policies with third parties in the past several months. "Moving forward, companies can't just come into our system remotely," Morrison said. "We set up a system so the third party has to authenticate itself every time it comes onto our network." Mark Morrison Morrison added that CISOs should request their critical third-party partners conduct an independent assessment of...
Features in this issue
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.
Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties.
News in this issue
Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.
Columns in this issue
A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.
Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.