6 hours 30 minutes
having just talked about emerging risks, while third Party risks are very relevant as well. And Maura and Maur, we're outsourcing. What used to be internal service is
we're outsourcing out the service providers. You know, specifically, if you think about the cloud and how much of our software, our infrastructure, our business continuity, disaster recovery Service's are being turned over to somewhere else. So, of course, in that case, we gotta focus. We have to think about
third party management, third party governance.
if I was going to sum up this section in a sentence, you have tohave a service level agreement,
Hey, so the point I want to make with that is you were only guaranteed what you're guaranteed. And with a cloud service provider, what you're guaranteed is documented in a service level agreement. In other elements, it may be managed by contract or, you know, maybe also a service level agreement. But the idea is
we can't take for granted.
What are service providers were gonna guarantee us?
Well, it just stands to reason that they would
Nope, it doesn't.
Well, of course they're going to do, you know,
not necessarily always go back to the S L a two year contracts, and that's really where you have the assurance of what the providers gonna provide. Now, when I say assurance, there's nothing that's 100% right, so I can have a service. Awful provider promised me the moon,
and many providers will do that. It's all about sales. It's all about the dollars.
So in addition to having a good service level agreement, I often also have to make sure that that service level agreement is monitored, Um, by an external third party. I also have to make sure that our internal third party governance division has evaluated the contract
versus the needs of our organization.
And then we'd look ATT audit to say yes. This service provider meets their service level agreements, and they're considered and were considered to have a high degree of assurance. Now, again, we think about this with cloud service is particularly,
but we also know that's relevant to any third party surfaces that we would be using
IoT Product Security
This course will focus on the fundamentals of how to set up a functioning IoT ...
8 CEU/CPE Hours Available
Certificate of Completion Offered
50 CISO Security Controls
Dr. Edward G. Amoroso, CEO of TAG Cyber and former CISO of AT&T, covers six ...