In the realm of IT risk management, tagging applications in a consistent and standardized manner serves as a crucial foundation for effective asset classification. However, this process poses challenges, especially in terms of understanding the various perspectives from which tagging can occur. Additionally, managing internal and external vendor risks within the broader IT risk management strategy presents complex challenges that require meticulous attention. Let's delve into these topics further.
Here is the verbatim discussion:
I don't either way be cash I don't mind okay so um I can go for the um first take huh T after that please go ahead so tagging our applications in a consistent standardized manner so uh one thing which i' would like to understand like what what you mean as tagging so is the tagging more from the perspective of um like tagging it based on the organization it belongs to or the business unit the criticality of that the ownership so you can do tagging based on multiple perspectives so let me just consider that you want to tag it from all the perspectives and try to answer so this is a very very um um challenging problem from the perspective of like knowing all the assets and then classifying those if you mean tagging as the classification tags then probably what I'm going to answer yeah that that's a great point Thank You bash our our next question is from Ernest how are you managing the internal and external vendor risks as part of the overall it risk management strategy would you like to take that Dave sure that's a that's also a pretty big question there so obviously there is if I was to simplified it's all about the onboarding offboarding of to receivables and This Server had like a lot of data related to um the signature of their corporate customers so um then it turned out like this particular um AI kind of organization Al Lage company they were working with this bank but when the bank went and looked into their inventory of all the or or rather list of all the vendors the name of the vendor was not part of it then they went deeper and tried to figure out why is the vendor name missing and it turned out like business one of the business unit did a proof of concept with these guys and uh they gave certain data to them which was exposed now knowing certain exposures like this is a very hard problem so you got to kind of know your vendors from the process and all those things classify those vendors but also have a process of going and uh scouting the internet figure what do you mean as tagging so is the tagging more from the perspective of um like tagging it based on the organization it belongs to or the business unit the criticality of that the ownership so you can do tagging based on multiple perspectives so let me just consider that you want to tag it from all the perspectives and try to answer so this is a very very um um challenging problem from the perspective of like knowing all the assets and then classifying those if you mean tagging as the classification tags then probably what I'm going to answer will make sense if not I would like to understand your question better so one is like the discovery part becomes very very critical uh because if we don't have the discovery we can't do the rest of it so asset Discovery you can do it based on two perspectives one is from outside in perspective which tools like esm.
Highlights:
Tagging Applications for Classification: Tagging applications involves assigning labels based on multiple perspectives such as organizational hierarchy, business unit affiliation, criticality, and ownership. This standardized approach aids in asset classification, providing clarity and structure to IT risk management processes.
Understanding Asset Discovery: Asset discovery forms the cornerstone of effective risk management. It involves identifying all assets within the organization, both internal and external, to comprehensively assess potential risks and vulnerabilities. Leveraging tools like ESM enables organizations to conduct asset discovery from both internal and external perspectives, facilitating a holistic view of their IT landscape.
Challenges in Vendor Risk Management: Managing internal and external vendor risks presents significant challenges, particularly in ensuring compliance and mitigating potential exposures. A case study exemplifies the importance of thorough vendor assessment, as evidenced by a situation where a vendor's name was missing from the bank's inventory, leading to data exposure risks. This underscores the critical need for robust vendor management processes and continuous monitoring to mitigate risks effectively.
Process of Vendor Classification: Classifying vendors based on various criteria, including the nature of their services, data access privileges, and risk exposure, is essential for effective risk management. By categorizing vendors and understanding their role within the organization, businesses can prioritize risk mitigation efforts and implement appropriate controls to safeguard sensitive data.
Embracing Proactive Risk Mitigation: Proactivity is key in mitigating IT risks associated with vendor relationships. Organizations should focus on establishing robust discovery processes, implementing comprehensive vendor assessment frameworks, and fostering a culture of continuous monitoring and improvement to stay ahead of emerging threats.
As organizations navigate the complexities of IT risk management, tagging applications for classification and effectively managing vendor risks emerge as critical imperatives. By adopting standardized tagging practices, leveraging asset discovery tools, and implementing robust vendor management processes, businesses can enhance their resilience against potential threats and vulnerabilities. Proactive risk mitigation strategies, coupled with a thorough understanding of internal and external risk factors, empower organizations to safeguard their digital assets and sustain long-term success in today's dynamic landscape.
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.
https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/
Ms. Nasheen Liu strong reputation in the Technology community is built upon her proven track record as a leader who practices what she preaches. Results driven, focused, determined and creative, Ms. Liu approaches business management with integrity, sound common-sense principles and unconventional strategy. Ms. Liu’s expertise in technology marketing, C-suite conversations and executive branding in the digital age makes her a well-rounded knowledge expert, a skilled listener and an excellent communicator.
https://ca.linkedin.com/in/nasheenliu
https://twitter.com/CsuiteDialogue
Dave Lawy, based in Toronto, ON, CA, is currently a Managing Director at Quantum Smart Technologies, bringing experience from previous roles at Harvard Business Review and Gartner Research Board. Dave Lawy holds a McGill University. Dave Lawy has 6 emails and 1 mobile phone number on RocketReach.
https://ca.linkedin.com/in/davidlawy
Pritha Aash, managing parts of content strategy and marketing in a startup called FireCompass. The team has built things first time in the world and i'm overexcited to be part of it. I decided to share some of it and more. I'm an Information Technology Engineer. Prior to that I did my schooling from Sri Aurobindo, Loreto House, Loreto Convent Entally, Kolkata. I like to volunteer in interest groups, communities to help the world we live in be a better place. Currently volunteer at WWF, Khan Academy, SaveTrees.
Comments