Next Article in Journal
Enhancement of Ship Type Classification from a Combination of CNN and KNN
Next Article in Special Issue
Memory Layout Extraction and Verification Method for Reliable Physical Memory Acquisition
Previous Article in Journal
Fixed-Point Arithmetic Unit with a Scaling Mechanism for FPGA-Based Embedded Systems
Previous Article in Special Issue
A Systematic Mapping Study on Cyber Security Indicator Data
Article

Cyber Third-Party Risk Management: A Comparison of Non-Intrusive Risk Scoring Reports

College of Emergency Preparedness, Homeland Security and Cybersecurity, University at Albany, State University of New York, Albany, NY 12203, USA
*
Author to whom correspondence should be addressed.
Academic Editors: Changhoon Lee, Yu Chen and Jake (Jaeik) Cho
Electronics 2021, 10(10), 1168; https://doi.org/10.3390/electronics10101168
Received: 20 January 2021 / Revised: 3 May 2021 / Accepted: 4 May 2021 / Published: 13 May 2021
(This article belongs to the Special Issue New Challenges on Cyber Threat Intelligence)
Cybersecurity is a concern for organizations in this era. However, strengthening the security of an organization’s internal network may not be sufficient since modern organizations depend on third parties, and these dependencies may open new attack paths to cybercriminals. Cyber Third-Party Risk Management (C-TPRM) is a relatively new concept in the business world. All vendors or partners possess a potential security vulnerability and threat. Even if an organization has the best cybersecurity practice, its data, customers, and reputation may be at risk because of a third party. Organizations seek effective and efficient methods to assess their partners’ cybersecurity risks. In addition to intrusive methods to assess an organization’s cybersecurity risks, such as penetration testing, non-intrusive methods are emerging to conduct C-TPRM more easily by synthesizing the publicly available information without requiring any involvement of the subject organization. In this study, the existing methods for C-TPRM built by different companies are presented and compared to discover the commonly used indicators and criteria for the assessments. Additionally, the results of different methods assessing the cybersecurity risks of a specific organization were compared to examine reliability and consistency. The results showed that even if there is a similarity among the results, the provided security scores do not entirely converge. View Full-Text
Keywords: cyber risk; third-party risk; supply chain risk; vendor risk; risk scoring; cyber insurance cyber risk; third-party risk; supply chain risk; vendor risk; risk scoring; cyber insurance
MDPI and ACS Style

Keskin, O.F.; Caramancion, K.M.; Tatar, I.; Raza, O.; Tatar, U. Cyber Third-Party Risk Management: A Comparison of Non-Intrusive Risk Scoring Reports. Electronics 2021, 10, 1168. https://doi.org/10.3390/electronics10101168

AMA Style

Keskin OF, Caramancion KM, Tatar I, Raza O, Tatar U. Cyber Third-Party Risk Management: A Comparison of Non-Intrusive Risk Scoring Reports. Electronics. 2021; 10(10):1168. https://doi.org/10.3390/electronics10101168

Chicago/Turabian Style

Keskin, Omer F.; Caramancion, Kevin M.; Tatar, Irem; Raza, Owais; Tatar, Unal. 2021. "Cyber Third-Party Risk Management: A Comparison of Non-Intrusive Risk Scoring Reports" Electronics 10, no. 10: 1168. https://doi.org/10.3390/electronics10101168

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop