Personnel & Third-Party Security

Education, Training, & Awareness

Welcome to the first module of Personnel & Third Party Security! Education, training, and awareness of security threats are important for many actors within an organization. It’s not only your users who make bad decisions, it’s also administrators, IT staff, security staff, and risk assessors. In this module we will dive into the process of implementing effective education, training, and awareness programs.

Personnel Security

Welcome to Module 2! Personnel security plays a critical role in protecting an organization’s assets, for example intellectual property, such as customer data or physical assets. Organizations define their security requirements around personnel’s use of organizational assets and then use technical and physical controls to implement them. Through personnel security controls, we work towards a reduction in the misuse, theft, or fraud related to our assets.

Vendor Risk Management

Welcome to Module 3! In this module we will introduce the steps required for effective Vendor Risk Management (VRM), including: due diligence, contracting, monitoring and accessing, as well as termination. When it comes to VRM, we cannot completely eliminate all risk, however, we may be able to reduce risk. The key is to ensure there is no "unacceptable" risk.

Acquisition Strategy

Welcome to the fourth and final module of Personnel & Third-Party Security! Imagine you just bought new hardware, software, or merged with another company. How do you ensure that these actions do not reduce your cyber security posture and increase your risk to external and internal threats? Introducing cyber security risk considerations into acquisition strategy can help deal with these concerns.