16th January 2020
In a mature risk management program, risk is usually defined in business terms (financial impact) and then measured against factors such as risk appetite (the defined dollar figure of risk that a company is willing to accept) and risk tolerance (the percent beyond the defined dollar amount that a company is willing to tolerate). However,…
LEARN MORE16th December 2019
We all know the drill. It’s time for some annual festivity, frivolity and fake fir trees. But without wanting to sound like the Grinch, there is one thing that doesn’t take a holiday. RISK! Over the last few years, growing media attention from third party data breaches, backed up by the growing regulations and…
LEARN MORE12th December 2019
New NormShield Managed Services and Consultancy helps customers to develop more robust and resilient Third Party assurance programs with scalable integration of NormShield Cyber Risk Ratings. DVV Solutions has announced the launch of its NormShield Managed Services – a range of managed and consultancy services to aid companies looking to implement, develop and optimise…
LEARN MORE21st November 2019
Using the European Banking Authority (EBA) guidelines to streamline your supplier risk management program Simply stated, financial services faces enormous risk in an age when attack surfaces are expanding exponentially. All too often do these risks, and the regulations introduced to mitigate them, become barriers to innovation. To help pave the way towards better risk…
LEARN MORE10th October 2019
Sean O’Brien, Director DVV Solutions looks at why Law firms are so attractive and often the first port of call in a cyber supply chain attack. In simple terms, because Law firms typically hold valuable information, though there is a little more to it than that…… When a Hacker or a Nation State Threat Actor…
LEARN MORE12th September 2019
Companies are cutting corners on Third-Party due diligence It is no secret that inherent risk assessments are crucial to Third-Party risk management (TPRM) success, but are they being conducted? During a recent IT GRC webinar delegates were surveyed on the breadth and depth of their current Third-Party risk assessment program, especially the identification of inherent…
LEARN MORE20th August 2019
New York State Department of Financial Services (DFS) 23 NY CRR 500 is designed to protect the confidentiality, integrity and availability of financial services customer information. Here’s what you can do to comply. In early 2017, the New York State Department of Financial Services (DFS) instituted a regulation to establish cybersecurity requirements for financial services…
LEARN MORE15th August 2019
Third Party Risk Programs Make A Good Start… But Have A Long Way To Go A recent poll of over 500 risk management professionals hosted by DVV Solutions technology partner ProcessUnity and other leading IT GRC and Vendor Risk Management (VRM) experts suggests that while many organisations are on the right path to a successful…
LEARN MORE30th July 2019
You’re only as strong as your weakest link A malicious code injected to a third-party Javascript of an advertising agency targets credit card information of online shoppers at European-based e-commerce sites. Many websites leverage Javascripts to track their visitors, collect analytics, etc. so, use of a Javascript library of an advertising agency is not uncommon. External…
LEARN MORE24th July 2019
Most third party risk managers eventually deal with bad vendor contracts. In most cases, these contracts – which lack important provisions or no longer conform to regulatory requirements or organisational guidelines – pose significant risks to the organisation. Many of these risks can be mitigated, doing so requires a well-defined process, a robust third party…
LEARN MORE