Go Back

(ISC)2: Long-Distance Risk: Evaluating Third Parties

Wednesday, September 14, 2016 3:30 PM - 4:30 PM
Location: W103A / W103B Cloud Secur
Education Level: Intermediate

Organizations need to understand the techniques used to evaluate third-party service providers, during the evaluation phase as well as ongoing review. Available methods include external audits, questionnaires, site visits and vulnerability scanning/penetration testing. We'll also describe methods used to classify third-party service providers to determine the correct level of due diligence.

Learning Objectives
Establish levels of risk for third parties.

Understand the third-party management life cycle.

Understand how to evaluate risk related to third parties.


Peter Gregory CISSP®
Director, Office of the CISO