"I love Home | RiskRecon"

2022-06-08 04:26:29

Blog Academy Login Solutions Industries Finance Insurance Healthcare Energy Defense Use Cases Third-Party Risk Management Supply Chain Risk Management Enterprise Risk Management Mergers & Acquisitions Third-Party AWS Assessments Why RiskRecon The RiskRecon Difference Deep Assessment Risk Prioritized Efficient Accurate Company Team News & Events News Releases Media Coverage Events Our Story Careers Contact Us Partners Alliance Partners Channel Partners Resources RiskRecon Insights RiskRecon Academy Ransomware TPRM Resources RiskRecon Ratings Model Blog Reports & White Papers Videos & Webinars Solutions Industries Finance Insurance Healthcare Energy Defense Use Cases Third-Party Risk Management Supply Chain Risk Management Enterprise Risk Management Mergers & Acquisitions Third-Party AWS Assessments Why RiskRecon The RiskRecon Difference Deep Assessment Risk Prioritized Efficient Accurate Company Team News & Events News Releases Media Coverage Events Our Story Careers Contact Us Partners Alliance Partners Channel Partners Resources RiskRecon Insights RiskRecon Academy Ransomware TPRM Resources RiskRecon Ratings Model Blog Reports & White Papers Videos & Webinars Phone801.758.0560Emailsales(@)riskrecon(.)com Checklist: Creating a Business Case for Cybersecurity Risk Ratings This checklist is designed to help readers develop a custom ROIassessment for athird-party risk management solutionin seven steps. Read More New Paper: Five Lessons Learned from Over 600 Ransomware Attacks The new white paper provides insights from RiskRecon based on an analysis of over 600 ransomware events. Read More Free 3PTY Ratings Get a free 30-day trial of the RiskRecon portal and see the ratings of up to 50 vendors. Read More The Evolving Nature of a CISO’s Role in Third-Party Risk Management Has the role of a CISO evolved when it comes to third-party risk? See what experts from GartnerandH-ISAChave to say in this new blog. Read More Cybersecurity ratings and insights that make it easy to understand and act on your risks.Automated risk assessments tuned to match your risk appetite. Checklist: Creating a Business Case for Cybersecurity Risk RatingsThis checklist is designed to help readers develop a custom ROIassessment for athird-party risk management solutionin seven steps. Leading RiskRecon use cases Third-Party Risk Management Get the intimate risk performance assessments you need to efficiently manage your third-party risk. RiskRecon’s deep transparency and risk contextualized insights enable you to understand the risk performance of each vendor. RiskRecon’s workflow enables you to easily engage your vendors to realize good risk outcomes. Supply Chain Risk The interconnectivity of different third- and fourth-party relationships is often difficult to visualize and address. However, with RiskRecon, you’ll gain a streamlined understanding of your organization’s supply chain environment including 4th-party softwaredimensions, hosting providers, and otherrelationships, enabling you to address critical issues faster. Enterprise Risk Management RiskRecon knows a lot about your systems. Know what RiskRecon knows. Get continuous objective visibility of your entire internet risk surface, spanning managed, shadow and forgotten IT. See the intimate details of every system – the detailed IT profile and security configuration. We’ll even show you the data types at risk in every system. Leading organizations around the world use RiskRecon to minimize their risk Our customers love us.We have an industry-leading 4.6 star average on Gartner Peer Insights. 5.0/5.0 - Director, InfoSec Enterprise And Third-Party Risk Management in the Manufacturing Industry "What I love about the product is the customer service that comes along with it for free. Our representatives have been fantastic to help with not only installation but best practices in the industry. They have gone above and beyond without further sales pitches." 5.0/5.0 - Info Security Program Manager in the Healthcare Industry "The Riskrecon tool was very easy to implement and the customer success manager was extremely helpful with getting the platform setup. While bringing up the tool I recommended some enhancements which were implemented immediately. The tool continues to be enhanced and now with the new compliance mapping it makes it very straight forward to report risk to my leadership team." 4.0/5.0 - Cyber Crimes Advisor in the Finance Industry "Much better than competition. Excellent customer support - outstanding team." 4.0/5.0 - Information Security Manager in the Healthcare Industry "RiskRecon is a valuable tool in the vendor risk management space, providing actionable data and analytics that have helped to manage and secure our supply chain. Their customer support staff is knowledgeable and quick to respond and their continued investment into the solution is encouraging." 5.0/5.0 - Vendor Management Supervisor in the Finance Industry “The product has a great deal of useful information, and understandable dashboard and can be easily integrated into existing processes. The service has been great any time we have need assistance the team has been very responsive.” 5.0/5.0 - Third-Party Information Security Lead in the Energy/Utilities Industry "Delivery of roadmap always fantastic. User feedback clearly incorporated into releases. Fast customer support and very few false positives." 4.0/5.0 - Security Specialist in the Manufacturing Industry "RiskRecon has given us valuable insights to help manage our vendor portfolio. We are now far more proactive with vendor management through the use of this tool." Core Differentiators Data AccuracyRiskRecon’s asset attribution is independently certified to 99.1% accuracy. And we don’t hide any of the assessment details. It’s all visible to you and your vendors at no additional fee. Action requires accuracy and transparency. RiskRecon provides you both. Custom-Tuned for Your NeedsEvery RiskRecon assessment is custom-fitted to match your risk appetite, enabling you to focus on the issues that matter to you. This is built on our capability to automatically determine the value at risk for every system based on the data types the system collects and the system functionality. Automated WorkflowsRiskRecon has advanced workflow capabilities that enable you to easily understand risk. RiskRecon automatically produces vendor risk action plans that contain only the issues you care about. Our collaboration workflow makes it easy for you to share action plans with your vendors. RiskRecon even automatically tracks and reports each vendor’s progress in addressing their action plan issues. Explore Our Product Comprehensive Dashboard Assessment Tuning Board Level Reporting Prioritized Issues Portfolio Management Compliance Indicators Information Technology Data Shareable Action Plans How to Fix Critical Issues Breach Events Summary & Detailed Level Downloads Advanced Filtering FAQs Expand All | Collapse All Can I review all vendors in the same fashion? Different vendors may represent different levels of risk to the organization. Higher risk relationships require more in-depth review while applying that same level of assurance to low-risk vendors would largely be a waste of time. Have a sound methodology in place that applies the appropriate amount of assurance to the inherent risk of the relationship. Why do I need to do more than send my annual security questionnaire? As practitioners, if we rely solely on security questionnaires to assess our vendors we are forced to try to determine if our vendor really has good security controls, or if they are simply good at answering questionnaires. That is a tall order. Relying on information from various tools, including questionnaires, provides the most insight into the true operating effectiveness of controls. How do I assess vendors in an RFP when I do not have enough staff to assess all of the vendors I am already using? One approach to help combat this challenge is to send each firm in the RFP a short questionnaire based on must-have controls (no more than 15 or so questions). Things like “Do you have a team dedicated to security?” Those will highlight the critical controls. To further help differentiate vendors, using a one-time report from a tool like RiskRecon can provide you with a quick assessment of the external cyber hygiene of an organization. When a vendor is ultimately selected, you can do the full assessment as part of the onboarding process. If I was going to take my TPRM program to the next level beyond questionnaires, what should I look to add? Once you have decided that a questionnaire alone is not doing what you need and you want to bring more to your program, the first place many organizations look is to add a continuous monitoring tool, such as RiskRecon. These tools address many of the challenges and limitations of the security questionnaire. Questionnaires are static and point in time, while a continuous monitoring tool can keep an eye on your vendor when you are not doing the reviews. Continuous monitoring tools are also useful to help validate the effectiveness of security controls addressed in the questionnaire. Products like RiskRecon are outside looking in, can they inform me about the security of my vendor? While it is true that RiskRecon is limited to seeing only externally visible things, you can learn an awful lot about an organization by seeing the posture they present to the world. In many ways, it is sort of like a house. You will be hard-pressed to find many houses that look like a shack on the outside, but a mansion on the inside. By looking at the externally facing posture, we can learn about how that organization treats security. Do they take patching seriously? Have they bothered to harden systems, or do they have unsafe network services exposed to the internet? So, going back to the house analogy, we can make the fair assumption that in most cases, organizations that look bad on the outside and probably challenged on the inside as well. Large hosting organizations may buck this trend, but for the most part, it holds. Latest Insights from cybersecurity experts Stay up to date on the leading edge of business form the world of cybersecurity. April 20, 2022 New Report: The State of Cybersecurity in US Cities This new report measures the cybersecurity hygiene of US Cities and compares their standing against other industries and geographies. Read More April 27, 2021 Free 3PTY Ratings Get a free 30-day trial of the RiskRecon portal and see the ratings of up to 50 vendors. Read More May 3, 2022 The Evolving Nature of a CISO’s Role in Third-Party Risk Management Has the role of a CISO evolved when it comes to third-party risk? See what experts from GartnerandH-ISAChave to say in this new blog. Read More Locations:Salt Lake City, UTBoston, MAE: [email protected] Finance Insurance Healthcare Energy Defense Why RiskRecon Deep Assessment Risk Prioritized Efficient Accurate Company Our Story Partners Leadership Careers Privacy Policy Terms of Use Resources Blog Videos & Webinars White Papers News Releases Media Coverage Events Follow us: © Copyright 2022. | Privacy Policy | Terms of Use