Episode 36 of the podcast covers the attributes of a robust third-party risk management program including how to use threat intelligence to inform actionable outcomes with third parties with CISO of Caterpillar Financial Ross Young.
Outline:
- Question 1 (01:25) Within your threats and safeguards matrix, you identify vendor and partner data as a major threat. How do you rank order each vendor and what are risk factors of vendors you assess?
- Question 2 (05:33) How does cyber threat intelligence play a factor?
- Question 3 (06:44) What are the critical, actionable outcomes you are looking for with threat intelligence as it pertains to TPRM?
- Question 4 (11:15) Are you using threat intelligence to inform other threats to the business such as compliance, financial, HR, or legal?
- Question 5 (14:00) What’s the best advice you would give to people coming out of the IC and want to be CISOs?