< Back to Blog
Finding a Common Language for Continuous Monitoring
Security Best Practices & Advice

Finding a Common Language for Continuous Monitoring

By Demi Ben-Ari Mar 03, 20222 min read

Why we are proud to help create and support Shared Assessments’ Unified Third Party Cybersecurity Taxonomy for Continuous Monitoring

Today’s cybersecurity landscape continues to evolve at a frenetic pace. Whether driven by pandemic-induced remote work and digital transformation, by increasing sophistication and relentlessness of bad actors, or by any of a plethora of causes, yesterday’s practices can quickly become outdated.

The field of third-party security risk management is no different. Where Excel spreadsheets and manual management of annual vendor security questionnaires were once the norm, that approach has become less and less tenable. The number of suppliers and software applications used by companies of all sizes continues to balloon. A lack of automation, combined with an increasing number of significant third-party supply chain failures like Solarwinds and Kaseya are exposing companies and their stakeholders to unprecedented and unacceptable levels of risk.

IT’S FREE, AND JUST TAKES A MINUTE Take Control of Your Third-Party Security

The rise of continuous monitoring in TPSRM and other cyber domains is an implicit acknowledgement that companies are not comfortable with the inherent risk associated with annual assessments of small subsets of their vendors. But with the rapid development of continuous monitoring, there’s been confusion and inconsistency regarding what needs to be monitored and in the terminology used to describe what is measured and how. The use of terminology that differs across solution providers, the end-users and their supply chain, causes delays in procurement, slower response times and reduces the ability to effectively and quickly mitigate cyber risk.

Introducing the Unified Third Party Continuous Monitoring Cybersecurity Taxonomy

The Shared Assessments Continuous Monitoring Working Group identified and articulated the problem and gathered a sub-group to create a common language to address the failings noted above. The resulting Unified Third Party Continuous Monitoring Cybersecurity Taxonomy defined four high-level categories that Panorays supports:

Get the best third-party security content sent right to your inbox

Thanks for subscribing!

  • Business Intelligence
  • Indicators of Compromise
  • Vulnerabilities
  • Monitoring Surface
How Panorays assesses organizations’ attack surface

This collaborative enterprise was a natural fit for Panorays, given that our mission is to eliminate third-party security risk so that companies worldwide can quickly and securely do business together. We make it easier for companies to onboard their third-party providers with automated security risk assessments, foster collaboration between the parties and continuously monitor security posture to alert about any cyber gaps or security breaches.

As a member of the working group, we were proud to help shape the continuous monitoring taxonomy with the goal of making TPSRM faster, easier and more effective.

Author Thumbnail
Demi Ben-Ari

Demi Ben-Ari is CTO and Co-Founder of Panorays. He’s a software engineer, entrepreneur and international tech speaker, and takes #CyberSelfies like nobody else can.

You may also like...
Sales Security Blog
Sep 28, 2022 Verifiable Security Posture Can Help Shorten Sales Cycles Aviva Spotts
Third-Party Security Risk Management
Sep 06, 2022 Third-Party Security Risk Management: A Critical Component of Your Risk… Aviva Spotts
Anatomy of a Healthcare Data Breach
Aug 03, 2022 Anatomy of a Healthcare Data Breach Demi Ben-Ari
Get Started Free
We use cookies to ensure you get the best experience on our website. Visit our Cookie Policy for more information.
Get our latest posts straight to your inbox Subscribe