Appropriate Software Security Control Types for Third Party Service and Product Providers

Third party software is the new perimeter for every financial institution.According to Gartner, “since enterprises are getting better at defending perimeters, attackers are targeting IT supply chains.”3 Further, recent breach reports such as Verizon’s Data Breach Investigations Report underscore the vulnerability of the application layer, including third party software. This new perimeter of third party software must be addressed. Fortunately, the majority of financial services firms and many technology vendors are investing in improving software security control practices within the lifecycle of software development to provide products and capabilities that are more resilient to attack. Pushing innovation in the marketplace while protecting information assets exposed in emerging technologies (like mobile computing or cloud services) is a continual challenge and dilemma for financial services firms. The financial services industry has historically provided leadership in the development of effective vendor management practices to reduce the risk of exposure of customer and employee information. Financial institutions have led the implementation of effective governance models for third parties providing IT products and services for over a decade. Many IT vendors have incorporated prudent risk management controls into their product development processes as a result.

Spotlight

CDW

In every organization, there are people who get technology. And people who don't. This is where CDW comes in. CDW is a leading provider of technology solutions for business, government, education and healthcare in the US and Canada. We're a 6,000-plus-member team.

OTHER WHITEPAPERS
news image

INDUSTRIAL CYBER RISK MANAGEMENT

whitePaper | May 21, 2021

Critical infrastructure owners and operators have managed industrial risk for hundreds of years. This risk is usually measured in impact to health, safety, and reliability. As these industrial systems become increasingly digitized, so does the risk. What were once seen as isolated, manual processes have become reliant on communication networks and digital devices.

Read More
news image

Google Cloud security foundations guide

whitePaper | April 19, 2021

This guide presents an opinionated view of Google Cloud security best practices, organized to allow users to adopt or adapt them and then automatically deploy them for their estates on Google Cloud. This document can be useful to you if you are a CISO, security practitioner, risk or compliance officer.

Read More
news image

Cybersecurity: Experience and best practices during COVID-19 pandemic

whitePaper | July 6, 2020

With this white paper focused on the emerging cyber threat that we world is facing during the COVID-19 crisis, NETIA wish to share his experience, his initiatives and his knowledge on those topics.

Read More
news image

Avoiding the Security Pitfalls of Digital Transformation

whitePaper | April 1, 2020

Avoiding the Security Pitfalls of Digital Transformation is a webinar that will explore how organizations can cut through the noise and make a success of cloud transformation, leveraging the benefits of cloud technologies including efficiency, agility and scalability while avoiding the pitfalls.

Read More
news image

Understanding Ransomware and Strategies to Defeat it

whitePaper | March 5, 2020

Held Hostage in Hollywood: In February 2016 the Hollywood Presbyterian Medical Center, in Los Angeles, paid a ransom of about US$17,000 to hackers who infiltrated and disabled its computer network with ransomware. The hospital paid the ransom of 40 Bitcoins (currently worth about $16,664) after a “network infiltration” began on February 5, when employees reported being unable to access the hospital’s network and electronic medical records system. “The malware locked access to certain computer systems and prevented us from sharing communications electronically,” said hospital CEO Allen Stefanek.

Read More
news image

Network Traffic Analysis (NTA): A Cybersecurity ‘Quick Win’

whitePaper | February 27, 2020

According to research from ESG and the Information Systems Security Association (ISSA), 91% of cybersecurity professionals believe that most organizations are either extremely or somewhat vulnerable to a significant cyber-attack or data breach.1 This level of cyber-risk demands immediate attention and action from CISOs, CIOs, and business executives. As a result, 62% of organizations plan to increase cybersecurity spending in 2020.2 Here’s the problem: Increasing security budgets alone isn’t enough. CISOs need quick and easy wins that can greatly bolster security efficacy and streamline operations without demanding massive projects and vast resources. There is a lot of work ahead. This white paper concludes.

Read More

Spotlight

CDW

In every organization, there are people who get technology. And people who don't. This is where CDW comes in. CDW is a leading provider of technology solutions for business, government, education and healthcare in the US and Canada. We're a 6,000-plus-member team.

Events