A very big
concern today – in almost all industries - is third-party cyber risk. Of
course, this often manifests itself in the form of vendor risk, which is why
NERC is now finishing development on CIP-013 and related changes in two other
CIP standards. Vendor cyber security can pose a risk both to the Bulk Electric
System (which is of course why we will have CIP-013) and to your organization
itself (a great example of that is the Target breach, which started because one
of their suppliers had unneeded access to the actual production network).
On Tuesday,
May 23 from 12:30 – 1:30 EDT, Deloitte and the law firm Morgan Lewis will
present a webinar on Third Party Risk Management. This webinar will address:
• The third-party risk landscape
• How third parties exacerbate an
organization’s cyber risk
• The growing regulatory and legal
importance of managing third-party cyber risk
• The complexity and impacts of
responding to a third-party cyber risk incident
• Solutions for managing third-party
cyber risk
To register,
please go here.
I have said
before that Deloitte’s Cyber Risk Services group is one of the largest, if not the
largest cyber security consulting organization in the world, with over 3,000
US-based cyber consultants. However, we are part of a much larger organization,
Deloitte Advisory, which advises organizations on dealing with many kinds of
risk, including Financial, Regulatory, Legal, and Third-Party.
This webinar
is a joint effort of the Third-Party and Cyber Risk groups. I hope you will
find it gives you a perspective on the larger problem that CIP-013 is trying to
address. Feel free to forward this post to anyone in your legal, risk
management, supply chain or other departments who you think would be interested
in attending.
The views and opinions expressed here are my own and don’t
necessarily represent the views or opinions of Deloitte.
No comments:
Post a Comment