Why we are proud to help create and support Shared Assessments’ Unified Third Party Cybersecurity Taxonomy for Continuous Monitoring

Today’s cybersecurity landscape continues to evolve at a frenetic pace. Whether driven by pandemic-induced remote work and digital transformation, by increasing sophistication and relentlessness of bad actors, or by any of a plethora of causes, yesterday’s practices can quickly become outdated.

The field of third-party security risk management is no different. Where Excel spreadsheets and manual management of annual vendor security questionnaires were once the norm, that approach has become less and less tenable. The number of suppliers and software applications used by companies of all sizes continues to balloon. A lack of automation, combined with an increasing number of significant third-party supply chain failures like Solarwinds and Kaseya are exposing companies and their stakeholders to unprecedented and unacceptable levels of risk.

The rise of continuous monitoring in TPSRM and other cyber domains is an implicit acknowledgement that companies are not comfortable with the inherent risk associated with annual assessments of small subsets of their vendors. But with the rapid development of continuous monitoring, there’s been confusion and inconsistency regarding what needs to be monitored and in the terminology used to describe what is measured and how. The use of terminology that differs across solution providers, the end-users and their supply chain, causes delays in procurement, slower response times and reduces the ability to effectively and quickly mitigate cyber risk.

Introducing the Unified Third Party Continuous Monitoring Cybersecurity Taxonomy

The Shared Assessments Continuous Monitoring Working Group identified and articulated the problem and gathered a sub-group to create a common language to address the failings noted above. The resulting Unified Third Party Continuous Monitoring Cybersecurity Taxonomy defined four high-level categories that Panorays supports:

  • Business Intelligence
  • Indicators of Compromise
  • Vulnerabilities
  • Monitoring Surface
How Panorays assesses organizations’ attack surface

This collaborative enterprise was a natural fit for Panorays, given that our mission is to eliminate third-party security risk so that companies worldwide can quickly and securely do business together. We make it easier for companies to onboard their third-party providers with automated security risk assessments, foster collaboration between the parties and continuously monitor security posture to alert about any cyber gaps or security breaches.

As a member of the working group, we were proud to help shape the continuous monitoring taxonomy with the goal of making TPSRM faster, easier and more effective.