Sveriges mest populära poddar

Redefining CyberSecurity

From Regulations to Relationships: Navigating the Maze of Third-Party Risk Management | A Conversation with Branan Cooper | Redefining CyberSecurity with Sean Martin

44 min • 5 april 2024

Guest: Branan Cooper, Financial Services exec

On LinkedIn | https://www.linkedin.com/in/brananc/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

View This Show's Sponsors

___________________________

Episode Notes

In this episode of the Redefining Cybersecurity Podcast, hosted by Sean Martin, we dive into the intricate world of third-party risk management with the insightful Branan Cooper, boasting an impressive three-and-a-half decades of experience in financial services. Throughout this discussion, Cooper and Martin explore the evolution and critical aspects of managing third-party risk within businesses, emphasizing the ever-increasing interconnectivity and dependencies in the digital age.

Branan Cooper draws on his vast experience, touching on the regulatory milestones that have shaped third-party risk management practices, from early quality assurance efforts in the '90s to the recent comprehensive interagency guidance. Highlighting the intertwined nature of third-party risk with operational, cybersecurity, and compliance aspects, the episode sheds light on the need for a holistic approach encompassing due diligence, ongoing monitoring, and a lifecycle approach to vendor relationships.

Significantly, the conversation delves into practical strategies for mitigating third-party risk, the importance of fostering a culture of communication and collaboration across departments, and the pivotal role of documentation in managing and mitigating risks effectively.

Cooper also shares invaluable insights into the nuances of vendor relationships, from assessing and prioritizing risks to the crucial aspect of planning for potential exit strategies. This episode not only serves as a primer on the complexities of third-party risk management but also as a guide for navigating these challenges proactively, offering listeners actionable advice and best practices drawn from decades of experience.

Whether you're a business leader, IT professional, or risk management practitioner, this episode provides a wealth of knowledge on safeguarding your organization in a interconnected business ecosystem.

Key Questions Addressed

  • How have regulatory milestones shaped third-party risk management practices over time?
  • What are the key strategies for effectively managing and mitigating third-party risks?
  • How does coordinating across departments contribute to managing third-party risks more effectively?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

___________________________

Resources

Third Party Risk Management 101 : Learning the Fundamentals of Third-Party Risk Management (venminder.com)   

The interagency guidance on third party risk management : Federal Register :: Interagency Guidance on Third-Party Relationships: Risk Management

What is a third party?:  What Is a Third Party? How Their Role Works and Examples (investopedia.com)

Why is third party risk management important?: Why is Third-Party Risk Management Important? | UpGuard

Although no longer in force, these pieces of guidance were so fundamental in defining industry terms and such watershed moments that they are valuable still as reference material, for terms and procedures commonly followed in TPRM:

FDIC financial institution letter   44 - 2008:   FDIC: Inactive FIL-44-2008: Guidance for Managing Third-Party Risk

OCC Bulletin 2019 - 23: OCC+2013-29.pdf (sqspcdn.com)

Understanding UDAAP or UDAP The Differences Between UDAP & UDAAP | McCune Law Group (mccunewright.com)

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: 

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Förekommer på
00:00 -00:00