Tag Archives: third party

CMMC 101: The Basics of Cybersecurity Maturity Model Certification

WHAT IS CMMC? CMMC which stands for ‘Cybersecurity Maturity Model Certification’ is the upcoming required standard for all contractors and suppliers that work with the Department of Defense (DoD).

4 Reasons Why Third-Party Risk Management (TPRM) Should Be Reviewed

As people “Stay at Home” and work remotely during the COVID-19 pandemic, organizations have an increased reliance on external partners, suppliers, and third party vendors to keep their businesses running. For some companies, this may be the first time their employees worked outside of their office, without the benefit of established cyber security policies for […]

Insufficient Vendor Reviews = Rampant Third-Party Breaches

According to a survey conducted by the Ponemon Institute in 2018, 59 percent of companies have experienced a third-party breach of some type.  Despite the high prevalence of these incidents however, only 16 percent say they effectively mitigate third-party risks.


Author: Glenn A. Stout, Ph.D, PMP Your organization just experienced a data security breach. All of the data that was entrusted to your organization to be kept safe is now “out there” on the Internet.  Your organization doesn’t have an incident response plan (IRP).  Who do you call?  When should you call?  What information needs to […]

PCI and Third Party Security Assurance: The PCI Council’s Guidance Summarized

Author: Viviana Wesley, PCI QSA Some recent breaches of cardholder data have been the direct result of a successful compromise of a trusted third party to the breached entity. For example, a factor in the well-publicized breach at Target may have been compromised credentials of a trusted service provider with access to the Target internal […]

Understanding PCI Service Providers

One of the common misunderstandings we’ve noticed among merchants is in relation to the proper definition of a PCI Service Provider.  Most companies understand that if they share cardholder data with a third party, that entity is a Service Provider and needs to be covered for DSS requirements 12.8.x.  But there’s another class of Service Providers that often gets […]