
Oct 21, 2021
5 min read
What is a Third-Party Vendor and Why is Third-Party Security Important?
A third party vendor is a person or company that provides services for another company (or that company’s customers). While vendors are considered “third parties,” some industries differentiate a “third-party vendor” specifically as a vendor under written contract, but not all vendors work under a contract. For clarity’s sake, the term “third-party vendor” in this article refers to any individual...

Oct 07, 2021
1 min read
Third Party, First Priority: Why Greenfield Invested in Panorays
Panorays is thrilled to be partnering with Greenfield to bring third-party security risk management to the next level. Here's a great blog post they wrote about why they invested in Panorays. Third-Party Security Risk is an Inevitable Pressing Frontier in Cybersecurity The rise in attack surface area vulnerable to third-party breaches is a natural outcome of the direction that digital...

Jun 28, 2021
4 min read
What is MAS-TRM?
MAS-TRM stands for the Monetary Authority of Singapore-Technology Risk Management guidelines. It addresses technology risk management, including raising cybersecurity standards and strengthening cyber resilience in the financial sector. In response to the growing cyber threat landscape, the Monetary Authority of Singapore (MA) recently updated its MAS-TRM guidelines to help financial organizations keep up with emerging technologies and cybersecurity best practices,...

Jun 09, 2021
3 min read
What Is CRISC Certification and How Can It Improve Third-Party Security?
CRISC stands for Certified in Information Systems and Risk Controls, and is a specific qualification for IT professionals, awarded by ISACA. That’s the short version. But what is CRISC exactly, and how can it improve your third-party security? The CRISC Certification CRISC certification is a risk management qualification that many people have used to build and progress their careers. With...

May 20, 2021
4 min read
What Is Cybersecurity Risk?
Most people have an abstract idea of what “cybersecurity risk” is, but they may have trouble defining it or have an understanding of the cybersecurity risks within their organization—especially third-party cybersecurity risk. If you want to protect your organization effectively and design the best strategies to overcome your biggest threats, you’ll need to be able to define and understand those...

May 03, 2021
6 min read
What Is Cybersecurity vs Information Security?
Cybersecurity and information security may sound like two different terms for the same idea. But while they’re related, they’re actually different concepts. What is cybersecurity? What is information security? And what’s the actual difference between them? What is cybersecurity? Let’s start with a definition of cybersecurity. You’ll get a different definition for this depending on which organization you’re consulting. For...

Apr 18, 2021
4 min read
What Is a Third-Party Security Risk Assessment Template?
A third-party security risk assessment template could be useful in helping your organization plan for and coordinate efforts to reduce cyber risk. But what is a third-party security risk assessment template, exactly? What makes a third-party security risk assessment template effective? And how can you design one from scratch? What Is a Cyber Risk Assessment? Let’s start with the basics....

Apr 05, 2021
4 min read
What Is the Center for Internet Security (CIS) and How Does It…
The Center for Internet Security (CIS) is a nonprofit organization that seeks to “identify, develop, validate, promote and sustain best practice solutions for cyber defense.” But what exactly is this organization? How does it work? And how does it relate to third-party security? The CIS Model CIS uses a closed crowdsourcing model to suggest ingenious new security measures and perfect...

Mar 25, 2021
5 min read
What is Third-Party Vendor Cybersecurity Risk Management?
Cybersecurity risk management identifies an organization’s potential vulnerabilities and implements a system to detect, deflect, isolate and analyze threats. It’s like setting up a high-security door that prevents unauthorized access to company networks, accounts, servers and web-based assets. Third-party vendor cybersecurity risk management specifically focuses on the management of risks involved in doing business with other companies and contractors. Third-party...

Mar 07, 2021
3 min read
What Are MSSPs and Why They Are Important to Third-Party Security
What Are MSSPs? MSSPs are managed security service providers that offer monitoring and management services related to cybersecurity. Many IT experts have partnered with MSSPs in the past, or plan to work with them in the future. As organizations understand more and more about the importance of risk mitigation, MSSPs are adding third-party security risk management services to their portfolios....
Popular Posts

Feb 10, 2022
1 min read
The Most Common Third-Party Cyber Gaps Revealed
Wouldn’t it be great if you could get a sneak peek at all the upcoming 2022 cyberattacks? Yes, it would be. But, since that’s not going to happen, we’ve done the next best thing. Panorays used data from our cyber posture evaluations of tens of thousands of third parties from various industries over an extensive period of time to find...

Aug 26, 2021
3 min read
4 Ways to See if You Are at Risk of a Vendor…
Recent supply chain attacks such as Kaseya, Accellion and SolarWinds have illustrated that when it comes to vendor breaches, it’s not if, but when. While it’s impossible to predict cyberattacks, there are key steps that you can take with your vendors to determine if you might be at risk. Here are 4 key strategies: 1. Monitor security posture It’s important...

Jan 03, 2022
3 min read
5 Resolutions for Reducing Third-Party Cyber Risk in 2022
If there’s one thing we’ve all learned, it’s that supply chain attacks are not going away anytime soon. Last year, we saw major cyber incidents involving Accellion, Kaseya, Codecov and others; next year, there will certainly be more. To help prevent and respond to similar cyber incidents, it’s essential to consider how best to reduce third-party risk. How can this...