PRO+ Premium Content/Information Security

Thank you for joining!

Access your Pro+ Content below.

October 2018, Vol. 20, No. 5

Industries seek to improve third-party security risk controls

This article is part of the Information Security issue of October 2018, Vol. 20, No. 5

CISOs are making strides in some industries to drive support for a common set of information security requirements to help manage third-party security risk. Taylor Lehmann, CISO of Wellforce, the parent organization of Tufts Medical Center, and Omar Khawaja, CISO of Alleghany Health Network and Highmark Health, joined forces with security leaders from the healthcare industry to create the Provider Third-Party Risk Management Council. Announced in August, the council is working with the Health Information Trust Alliance (HITRUST) to develop industrywide best practices for managing third-party security risk associated with supply chain vendors and their information security-related systems. The goal is to create and adopt a common third-party assessment and certification process for healthcare industry providers and their vendors -- companies that have to spend considerable time and money attempting to meet the information security requirements of different hospitals and health plans. The founding members of the healthcare ...

Access this PRO+ Content for Free!

You forgot to provide an Email Address.
This email address doesn’t appear to be valid.
This email address is already registered. Please login above.
Please provide a Corporate Email Address.
You forgot to provide your first name.
You forgot to provide your last name.
You forgot to provide a job title.
You forgot to provide a company name.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Features in this issue

Cloud-first? User and entity behavior analytics takes flight
by Kathleen Richards
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.
Beware of the gray hat hacker, survey warns
by Kathleen Richards
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.
CISOs face third-party risk management challenges
by Steve Zurier
Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties.

News in this issue

Industries seek to improve third-party security risk controls
by Kathleen Richards
Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.

Columns in this issue

Kurt Huhn discusses the role of CISO in the Ocean State
by Alan R. Earls
A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.
White hat Dave Kennedy on purple teaming, penetration testing
by Marcus J. Ranum
Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.

View Information Security Archives

Access your Pro+ Content below.

Industries seek to improve third-party security risk controls

Features in this issue

Cloud-first? User and entity behavior analytics takes flight

Beware of the gray hat hacker, survey warns

CISOs face third-party risk management challenges

News in this issue

Industries seek to improve third-party security risk controls

Columns in this issue

Kurt Huhn discusses the role of CISO in the Ocean State

White hat Dave Kennedy on purple teaming, penetration testing