How to Master Third Party Cybersecurity Reviews: Practical Steps for Financial Institutions скачать в хорошем качестве

How to Master Third Party Cybersecurity Reviews: Practical Steps for Financial Institutions

In this comprehensive webinar, Lucas Hathaway, CRO @ Rivial Security walks you through the entire lifecycle of third party risk management for financial institutions—from onboarding new vendors to performing deep dive cybersecurity reviews and meeting examiner requirements (NCUA, FDIC). Learn practical tips on vendor classification, control review best practices, complementary user entity controls (CUECs), incident response, and more. Lucas Hathaway, CRO @ Rivial Security shares real-world breach examples, actionable resources, and demonstrates how to streamline vendor security assessments using AI. Perfect for security leaders, vendor managers, and anyone looking to uplift their vendor risk management game! Timestamps: 00:00 – Introduction and Webinar Overview 02:00 – The Challenges of Proper Vendor Due Diligence 03:30 – Why Vendor Security Matters: Breaches & Regulatory Landscape 06:30 – Third Party Proliferation, Cloud, and AI Risks 08:15 – Real Breach Examples: MoveIt, Trellis, CUSO 09:10 – Vendor Security Reviews: The 8 Key Elements 11:27 – Vendor Onboarding: Challenges & Best Practices 14:54 – Shadow IT and Training Business Users 15:38 – Simple Vendor Classification: Tiers Explained 19:30 – Vendor Questionnaires: Dos and Don’ts 21:41 – How to Perform In-Depth Control Reviews 25:02 – Framework Alignment: Apply NIST/CIS to Vendor Assessments 27:13 – Gathering Evidence: SOC Reports, Policies, Audits 29:58 – Real Example: Mapping Controls in SOC Reports 32:16 – Risk Treatment: Decision, Documentation, and Follow-Up 34:36 – CUECs: Complementary User Entity Controls Explained 39:46 – Tracking Fourth Party Vendors 46:44 – Ongoing Testing, Monitoring, and Recertification 48:50 – Incident Response: Breach Notification and Playbooks 51:39 – Resources, Templates, and AI Tools 53:23 – Live Demo: Automating Vendor Reviews with AI 56:41 – Getting Buy-In and Building Security Culture 59:33 – Final Q&A and Wrap-Up YouTube Tags: third party risk management, vendor security, cybersecurity, financial institutions, NCUA, FDIC, examiner requirements, vendor due diligence, SOC reports, AI in cybersecurity, security reviews, vendor risk assessment, CUEC, fourth party risk, incident response, Rivial Security, Lucas Hathaway, financial security webinar, credit union security, bank compliance, cloud vendor risk, third party breaches, how to review SOC reports, security frameworks, NIST, CIS controls