Episode 36 of the podcast covers the attributes of a robust third-party risk management program including how to use threat intelligence to inform actionable outcomes with third parties.
Q1 (01:25) Within your threats and safeguards matrix, you identify vendor and partner data as a major threat. How do you rank order each vendor and what are risk factors of vendors you assess? Q2 (05:33) How does cyber threat intelligence play a factor? Q3 (06:44) What are the critical, actionable outcomes you are looking for with threat intelligence as it pertains to TPRM? Q4 (11:15) Are you using threat intelligence to inform other threats to the business such as compliance, financial, HR, or legal? Q5 (14:00) What’s the best advice you would give to people coming out of the IC and want to be CISOs?